Re: [Freeipa-devel] [PATCH 0331, 0337] User plugin: allow multiple managers per user - CLI part

Martin Basti Tue, 27 Oct 2015 07:01:08 -0700


On 20.10.2015 18:46, Martin Basti wrote:

On 20.10.2015 16:07, Martin Basti wrote:
On 20.10.2015 15:57, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5344

Patch attached.
Test are failing, a fix in UserTracker has to be done (partially inmy patch 329)
SelfNACK, I forgot to add stageuser tests
Updated patch attached.
I extracted tests to the separate patch, tests do not work, I hadissues with user and stageuser trackers.

Patch to fix issues with --addattr and managers added and attached.

From 7e301a11f7ea46cff25cb0d6fa13058c69ae530c Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Tue, 27 Oct 2015 13:42:49 +0100
Subject: [PATCH] Fix --add-attr with multiple managers

Framework expects managers as unicode, but if there was a manager in
LDAP specified, it was returned as DN, which caused parameter conversion
error.

Normalize method was added to manager parameter which convert DN to
manager login.

https://fedorahosted.org/freeipa/ticket/5344
---
 ipalib/plugins/baseuser.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/ipalib/plugins/baseuser.py b/ipalib/plugins/baseuser.py
index da4883ccec906472ed2e82f5c61ef91c9b2049e9..4d6bf1dfca7c94aba31f1f8d0125f1065271613f 100644
--- a/ipalib/plugins/baseuser.py
+++ b/ipalib/plugins/baseuser.py
@@ -153,6 +153,23 @@ def normalize_principal(principal):
     return unicode('%s@%s' % (user, realm))
 
 
+def _convert_manager(manager):
+    # convert DN to unicode, otherwise --addattr call will not work
+    # validation of manager is done later, just extract manager login from DN
+    if not manager:
+        return manager
+
+    if isinstance(manager, DN):
+        try:
+            return manager['uid']
+        except KeyError:
+            raise errors.ConversionError(
+                _("DN of the manager does not contain 'uid'")
+            )
+
+
+    return manager
+
 
 def fix_addressbook_permission_bindrule(name, template, is_new,
                                         anonymous_read_aci,
@@ -340,6 +357,7 @@ class baseuser(LDAPObject):
         ),
         Str('manager*',
             label=_('Manager'),
+            normalizer=_convert_manager,
         ),
         Str('carlicense*',
             label=_('Car License'),
-- 
2.4.3

From 250c5d3f2f5e47b19c628115ecd9df8a71d357dc Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Tue, 20 Oct 2015 18:39:57 +0200
Subject: [PATCH] Allow multiple managers per user - CLI part

https://fedorahosted.org/freeipa/ticket/5344
---
 API.txt                    | 12 ++++++------
 VERSION                    |  4 ++--
 ipalib/plugins/baseuser.py |  7 +++++--
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/API.txt b/API.txt
index 873c6d54221a0c1657b5457bd9dceedb4adf06b3..896df430aaa1952c0fe4af4672b78f1ad11da45e 100644
--- a/API.txt
+++ b/API.txt
@@ -4225,7 +4225,7 @@ option: Str('krbprincipalname', attribute=True, autofill=True, cli_name='princip
 option: Str('l', attribute=True, cli_name='city', multivalue=False, required=False)
 option: Str('loginshell', attribute=True, cli_name='shell', multivalue=False, required=False)
 option: Str('mail', attribute=True, cli_name='email', multivalue=True, required=False)
-option: Str('manager', attribute=True, cli_name='manager', multivalue=False, required=False)
+option: Str('manager', attribute=True, cli_name='manager', multivalue=True, required=False)
 option: Str('mobile', attribute=True, cli_name='mobile', multivalue=True, required=False)
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Str('ou', attribute=True, cli_name='orgunit', multivalue=False, required=False)
@@ -4285,7 +4285,7 @@ option: Str('krbprincipalname', attribute=True, autofill=False, cli_name='princi
 option: Str('l', attribute=True, autofill=False, cli_name='city', multivalue=False, query=True, required=False)
 option: Str('loginshell', attribute=True, autofill=False, cli_name='shell', multivalue=False, query=True, required=False)
 option: Str('mail', attribute=True, autofill=False, cli_name='email', multivalue=True, query=True, required=False)
-option: Str('manager', attribute=True, autofill=False, cli_name='manager', multivalue=False, query=True, required=False)
+option: Str('manager', attribute=True, autofill=False, cli_name='manager', multivalue=True, query=True, required=False)
 option: Str('mobile', attribute=True, autofill=False, cli_name='mobile', multivalue=True, query=True, required=False)
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Str('not_in_group*', cli_name='not_in_groups', csv=True)
@@ -4342,7 +4342,7 @@ option: DateTime('krbprincipalexpiration', attribute=True, autofill=False, cli_n
 option: Str('l', attribute=True, autofill=False, cli_name='city', multivalue=False, required=False)
 option: Str('loginshell', attribute=True, autofill=False, cli_name='shell', multivalue=False, required=False)
 option: Str('mail', attribute=True, autofill=False, cli_name='email', multivalue=True, required=False)
-option: Str('manager', attribute=True, autofill=False, cli_name='manager', multivalue=False, required=False)
+option: Str('manager', attribute=True, autofill=False, cli_name='manager', multivalue=True, required=False)
 option: Str('mobile', attribute=True, autofill=False, cli_name='mobile', multivalue=True, required=False)
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Str('ou', attribute=True, autofill=False, cli_name='orgunit', multivalue=False, required=False)
@@ -5172,7 +5172,7 @@ option: Str('krbprincipalname', attribute=True, autofill=True, cli_name='princip
 option: Str('l', attribute=True, cli_name='city', multivalue=False, required=False)
 option: Str('loginshell', attribute=True, cli_name='shell', multivalue=False, required=False)
 option: Str('mail', attribute=True, cli_name='email', multivalue=True, required=False)
-option: Str('manager', attribute=True, cli_name='manager', multivalue=False, required=False)
+option: Str('manager', attribute=True, cli_name='manager', multivalue=True, required=False)
 option: Str('mobile', attribute=True, cli_name='mobile', multivalue=True, required=False)
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Flag('noprivate', autofill=True, cli_name='noprivate', default=False)
@@ -5261,7 +5261,7 @@ option: Str('krbprincipalname', attribute=True, autofill=False, cli_name='princi
 option: Str('l', attribute=True, autofill=False, cli_name='city', multivalue=False, query=True, required=False)
 option: Str('loginshell', attribute=True, autofill=False, cli_name='shell', multivalue=False, query=True, required=False)
 option: Str('mail', attribute=True, autofill=False, cli_name='email', multivalue=True, query=True, required=False)
-option: Str('manager', attribute=True, autofill=False, cli_name='manager', multivalue=False, query=True, required=False)
+option: Str('manager', attribute=True, autofill=False, cli_name='manager', multivalue=True, query=True, required=False)
 option: Str('mobile', attribute=True, autofill=False, cli_name='mobile', multivalue=True, query=True, required=False)
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Str('not_in_group*', cli_name='not_in_groups', csv=True)
@@ -5321,7 +5321,7 @@ option: DateTime('krbprincipalexpiration', attribute=True, autofill=False, cli_n
 option: Str('l', attribute=True, autofill=False, cli_name='city', multivalue=False, required=False)
 option: Str('loginshell', attribute=True, autofill=False, cli_name='shell', multivalue=False, required=False)
 option: Str('mail', attribute=True, autofill=False, cli_name='email', multivalue=True, required=False)
-option: Str('manager', attribute=True, autofill=False, cli_name='manager', multivalue=False, required=False)
+option: Str('manager', attribute=True, autofill=False, cli_name='manager', multivalue=True, required=False)
 option: Str('mobile', attribute=True, autofill=False, cli_name='mobile', multivalue=True, required=False)
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Bool('nsaccountlock', attribute=True, autofill=False, cli_name='nsaccountlock', multivalue=False, required=False)
diff --git a/VERSION b/VERSION
index cdda198c6ce3148dcf785149dc3ce050782e8caa..6bcd9ee8e0557555f790db0940af57f9e9ed4f42 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=157
-# Last change: mbabinsk - hide segment direction from topology commands
+IPA_API_VERSION_MINOR=158
+# Last change: mbasti - allow to specify multiple managers per user
diff --git a/ipalib/plugins/baseuser.py b/ipalib/plugins/baseuser.py
index b974e3fb18659e7eb6e75557e0d4db3ec1197dcd..40114d6e994d0c1f814ce0c5b362c9cf4848f850 100644
--- a/ipalib/plugins/baseuser.py
+++ b/ipalib/plugins/baseuser.py
@@ -338,7 +338,7 @@ class baseuser(LDAPObject):
         Str('title?',
             label=_('Job Title'),
         ),
-        Str('manager?',
+        Str('manager*',
             label=_('Manager'),
         ),
         Str('carlicense*',
@@ -426,8 +426,11 @@ class baseuser(LDAPObject):
         if not manager:
             return None
 
-        if not isinstance(manager, list):
+        if isinstance(manager, tuple):
+            manager = list(manager)
+        elif not isinstance(manager, list):
             manager = [manager]
+
         try:
             container_dn = DN(container, api.env.basedn)
             for i, mgr in enumerate(manager):
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0331, 0337] User plugin: allow multiple managers per user - CLI part

Reply via email to