def _build_new_entry(self, ldap, dn, entry_from, entry_to): config = ldap.get_ipa_config() if 'uidnumber' not in entry_from: entry_to['uidnumber'] = baseldap.DNA_MAGIC if 'gidnumber' not in entry_from: entry_to['gidnumber'] = baseldap.DNA_MAGIC if 'homedirectory' not in entry_from: # get home's root directory from config homes_root = config.get('ipahomesrootdir', [paths.HOME_DIR])[0] # build user's home directory based on his uid entry_to['homedirectory'] = posixpath.join(homes_root, dn[0].value) if 'ipamaxusernamelength' in config: if len(dn[0].value) > int(config.get('ipamaxusernamelength')[0]): raise errors.ValidationError( name=self.obj.primary_key.cli_name, error=_('can be at most %(len)d characters') % dict(len=int(config.get('ipamaxusernamelength')[0]))) if 'loginshell' not in entry_from: default_shell = config.get('ipadefaultloginshell', [platformconstants.DEFAULT_SHELL])[0] if default_shell: entry_to.setdefault('loginshell', default_shell) if 'givenname' not in entry_from: entry_to['givenname'] = entry_from['cn'][0].split()[0] if 'krbprincipalname' not in entry_from: entry_to['krbprincipalname'] = '%s@%s' % (entry_from['uid'][0], api.env.realm) set_krbcanonicalname(entry_to)
def _build_new_entry(self, ldap, dn, entry_from, entry_to): config = ldap.get_ipa_config() if 'uidnumber' not in entry_from: entry_to['uidnumber'] = baseldap.DNA_MAGIC if 'gidnumber' not in entry_from: entry_to['gidnumber'] = baseldap.DNA_MAGIC if 'homedirectory' not in entry_from: # get home's root directory from config homes_root = config.get('ipahomesrootdir', [paths.HOME_DIR])[0] # build user's home directory based on his uid entry_to['homedirectory'] = posixpath.join(homes_root, dn[0].value) if 'ipamaxusernamelength' in config: if len(dn[0].value) > int(config.get('ipamaxusernamelength')[0]): raise errors.ValidationError( name=self.obj.primary_key.cli_name, error=_('can be at most %(len)d characters') % dict( len = int(config.get('ipamaxusernamelength')[0]) ) ) if 'loginshell' not in entry_from: default_shell = config.get('ipadefaultloginshell', [paths.SH])[0] if default_shell: entry_to.setdefault('loginshell', default_shell) if 'givenname' not in entry_from: entry_to['givenname'] = entry_from['cn'][0].split()[0] if 'krbprincipalname' not in entry_from: entry_to['krbprincipalname'] = '%s@%s' % (entry_from['uid'][0], api.env.realm) set_krbcanonicalname(entry_to)
def pre_common_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) set_krbcanonicalname(entry_attrs) self.obj.convert_usercertificate_pre(entry_attrs) if entry_attrs.get('ipatokenradiususername', None): add_missing_object_class(ldap, u'ipatokenradiusproxyuser', dn, entry_attrs, update=False)
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) principal = keys[-1] hostname = principal.hostname if principal.is_host and not options['force']: raise errors.HostService() try: hostresult = self.api.Command['host_show'](hostname)['result'] except errors.NotFound: raise errors.NotFound( reason=_("The host '%s' does not exist to add a service to.") % hostname) self.obj.validate_ipakrbauthzdata(entry_attrs) certs = options.get('usercertificate', []) certs_der = [x509.normalize_certificate(c) for c in certs] entry_attrs['usercertificate'] = certs_der if not options.get('force', False): # We know the host exists if we've gotten this far but we # really want to discourage creating services for hosts that # don't exist in DNS. util.verify_host_resolvable(hostname) if not 'managedby' in entry_attrs: entry_attrs['managedby'] = hostresult['dn'] # Enforce ipaKrbPrincipalAlias to aid case-insensitive searches # as krbPrincipalName/krbCanonicalName are case-sensitive in Kerberos # schema entry_attrs['ipakrbprincipalalias'] = keys[-1] # Objectclass ipakrbprincipal providing ipakrbprincipalalias is not in # in a list of default objectclasses, add it manually entry_attrs['objectclass'].append('ipakrbprincipal') # set krbcanonicalname attribute to enable principal canonicalization util.set_krbcanonicalname(entry_attrs) update_krbticketflags(ldap, entry_attrs, attrs_list, options, False) return dn
def pre_common_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) set_krbcanonicalname(entry_attrs) self.obj.convert_usercertificate_pre(entry_attrs)
def pre_common_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) set_krbcanonicalname(entry_attrs) check_fips_auth_opts(fips_mode=self.api.env.fips_mode, **options) self.obj.convert_usercertificate_pre(entry_attrs)