Re: [Freeipa-devel] [PATCH] 501 report managedby errors
On 08/06/2010 01:10 PM, Rob Crittenden wrote: Report failures when adding/removing members to the managedby attribute (services and hosts). rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [Patch] IPA-HTTPD-config-uses-usr-share-static-as-target-
Adam Young wrote: Changes the URI for the WebUI from ipa/static to ipa/ui, which makes the existing redirects work again. ack ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [Patch] 0001-Remove-search-field-on-group-button.patch
Adam Young wrote: In reusing the search functionality for the group listing, we don't want the search field or button. THis patch hides it, while also performing some initialization/cleanup for the Enroll button ack rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [Patch] 0001-Remove-search-field-on-group-button.patch
On 08/09/2010 01:27 PM, Rob Crittenden wrote: Adam Young wrote: In reusing the search functionality for the group listing, we don't want the search field or button. THis patch hides it, while also performing some initialization/cleanup for the Enroll button ack rob pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [Patch] IPA-HTTPD-config-uses-usr-share-static-as-target-
On 08/09/2010 01:26 PM, Rob Crittenden wrote: Adam Young wrote: Changes the URI for the WebUI from ipa/static to ipa/ui, which makes the existing redirects work again. ack pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 502 hosts can fetch keytabs
On 2010-08-06 04:50, Rob Crittenden wrote: Enable a host to retrieve a keytab for all its services. Using the host service principal one should be able to retrieve a keytab for other services for the host using ipa-getkeytab. This required a number of changes: - allow hosts in the service's managedby to write krbPrincipalKey - automatically add the host to managedby when a service is created - fix ipa-getkeytab to return the entire prinicpal and not just the first data element. It was returning host from the service tgt and not host/ipa.example.com - fix the display of the managedby attribute in the service plugin This led to a number of changes in the service unit tests. I took the opportunity to switch to the Declarative scheme and tripled the number of tests we were doing. This shed some light on a few bugs in the plugin: - if a service had a bad usercertificate it was impossible to delete the service. I made it a bit more flexible. - I added a summary for the mod and find commands - has_keytab wasn't being set in the find output This is for ticket 68 rob ack. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Make LDAPObject classes JSON serializable
Allow LDAPObject classes (and sub-classes) to be serialized into a JSON string using: json.dumps(obj, default=ipalib.util.json_serialize) Pavel From 209162028b58ba8cc59e8c90409082eb8478a0dd Mon Sep 17 00:00:00 2001 From: Pavel Zuna pz...@redhat.com Date: Mon, 9 Aug 2010 16:45:26 -0400 Subject: [PATCH 1/4] Make LDAPObject classes JSON serializable. --- ipalib/plugins/baseldap.py | 17 + ipalib/util.py |6 ++ 2 files changed, 23 insertions(+), 0 deletions(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 11fd18e..52f32e3 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -21,6 +21,7 @@ Base classes for LDAP plugins. import re +import json from ipalib import crud, errors, uuid from ipalib import Method, Object @@ -29,6 +30,7 @@ from ipalib.base import NameSpace from ipalib.cli import to_cli, from_cli from ipalib import output from ipalib.text import _ +from ipalib.util import json_serialize def validate_add_attribute(ugettext, attr): @@ -121,6 +123,21 @@ class LDAPObject(Object): } ) +# list of attributes we want exported to JSON +json_friendly_attributes = ( +'parent_object', 'container_dn', 'object_name', 'object_name_plural', +'object_class', 'object_class_config', 'default_attributes', 'label', +'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name', +'takes_params', +) +def __json__(self): +json_dict = dict( +(a, getattr(self, a)) for a in self.json_friendly_attributes +) +json_dict['primary_key'] = self.primary_key.name +json_dict['methods'] = [m for m in self.methods] +return json_dict + # Options used by create and update. _attr_options = ( diff --git a/ipalib/util.py b/ipalib/util.py index 570d66e..ba111d4 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -31,6 +31,12 @@ from ipalib import errors from ipapython import dnsclient +def json_serialize(obj): +if not callable(getattr(obj, '__json__', None)): +# raise TypeError('%r is not JSON serializable') +return '' +return obj.__json__() + def get_current_principal(): try: return unicode(krbV.default_context().default_ccache().principal().name) -- 1.7.1.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Change the behaviour of addattr/setattr parameters
setattr and addattr can now be used both to set all values of ANY attribute. the last setattr always resets the attribute to the specified value and all addattr append to it. Examples: user-mod testuser --setattr=title=msc title: msc user-mod testuser --setattr=title=msb title: msb user-mod testuser --addattr=title=msc title: msb, msc user-mod testuser --setattr=title= title: user-mod testuser --setattr=title=msc --addattr=msb title: msc, msb user-mod testuser --setattr=title=ing --addattr=bc title: ing, bc user-mod testuser --setattr=title=doc title: doc It's not very user friendly, but it's going to be used very very rarely in special conditions in the CLI and we can use it to save lots of JSON-RPC roundtrips in the webUI. Pavel From 5467a93dc7e4e24e82ba3559b333ac5e55814127 Mon Sep 17 00:00:00 2001 From: Pavel Zuna pz...@redhat.com Date: Mon, 9 Aug 2010 19:43:00 -0400 Subject: [PATCH 2/4] Change the behaviour of addattr/setattr parameters. setattr and addattr can now be used both to set all values of ANY attribute. the last setattr always resets the attribute to the specified value and all addattr append to it. Examples: user-mod testuser --setattr=title=msc title: msc user-mod testuser --setattr=title=msb title: msb user-mod testuser --addattr=title=msc title: msb, msc user-mod testuser --setattr=title= title: user-mod testuser --setattr=title=msc --addattr=msb title: msc, msb user-mod testuser --setattr=title=ing --addattr=bc title: ing, bc user-mod testuser --setattr=title=doc title: doc It's not very user friendly, but it's going to be used very very rarely in special conditions in the CLI and we can use it to save lots of JSON-RPC roundtrips in the webUI. --- ipalib/frontend.py | 15 +++ ipalib/plugins/baseldap.py | 58 ++-- 2 files changed, 38 insertions(+), 35 deletions(-) diff --git a/ipalib/frontend.py b/ipalib/frontend.py index d320f02..950fa7b 100644 --- a/ipalib/frontend.py +++ b/ipalib/frontend.py @@ -519,11 +519,10 @@ class Command(HasParam): if len(value) == 0: # None means delete this attribute value = None -if attr not in self.params: -if append and attr in newdict: -newdict[attr].append(value) -else: -newdict[attr] = [value] +if append and attr in newdict: +newdict[attr].append(value) +else: +newdict[attr] = [value] return newdict def __attributes_2_entry(self, kw): @@ -540,7 +539,11 @@ class Command(HasParam): adddict = self.__convert_2_dict(kw['setattr'], append=False) if kw.get('addattr'): -adddict.update(self.__convert_2_dict(kw['addattr'])) +for (k, v) in self.__convert_2_dict(kw['addattr']).iteritems(): +if k in adddict: +adddict[k] += v +else: +adddict[k] = v for name in adddict: value = adddict[name] diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 52f32e3..c995a61 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -415,6 +415,35 @@ class LDAPUpdate(LDAPQuery, crud.Update): entry_attrs = self.args_options_2_entry(**options) + +Some special handling is needed because we need to update the +values here rather than letting ldap.update_entry() do the work. We +have to do the work of adding new values to an existing attribute +because if we pass just what is addded only the new values get +set. + +if 'addattr' in options: +setset = set(get_attributes(options.get('setattr', []))) +addset = set(get_attributes(options.get('addattr', []))) +difflist = list(addset.difference(setset)) +if difflist: +try: +(dn, old_entry) = ldap.get_entry( +dn, difflist, normalize=self.obj.normalize_dn +) +except errors.ExecutionError, e: +try: +(dn, old_entry) = self._call_exc_callbacks( +keys, options, e, ldap.get_entry, dn, attrs_list, +normalize=self.obj.normalize_dn +) +except errors.NotFound: +self.obj.handle_not_found(*keys) +for a in old_entry: +if not isinstance(entry_attrs[a], (list, tuple)): +entry_attrs[a] = [entry_attrs[a]] +entry_attrs[a] += old_entry[a] + if options.get('all', False): attrs_list = ['*'] else: @@ -432,35 +461,6 @@ class LDAPUpdate(LDAPQuery, crud.Update): self, ldap, dn,
[Freeipa-devel] [PATCH] Add new parameters to LDAPSearch: timelimit and sizelimit.
Doesn't include Robs loading of default values from cn=ipaConfig. Pavel From a81e2b42d16473b0102969246dcf81820b1930f0 Mon Sep 17 00:00:00 2001 From: Pavel Zuna pz...@redhat.com Date: Mon, 9 Aug 2010 19:56:14 -0400 Subject: [PATCH 4/4] Add new parameters to LDAPSearch: timelimit and sizelimit. --- ipalib/plugins/baseldap.py | 25 +++-- 1 files changed, 23 insertions(+), 2 deletions(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index abc1180..7e2fd4f 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -25,7 +25,7 @@ import json from ipalib import crud, errors, uuid from ipalib import Method, Object -from ipalib import Flag, List, Str +from ipalib import Flag, Int, List, Str from ipalib.base import NameSpace from ipalib.cli import to_cli, from_cli from ipalib import output @@ -827,6 +827,25 @@ class LDAPSearch(CallbackInterface, crud.Search): Retrieve all LDAP entries matching the given criteria. +takes_options = ( +Int('timelimit', +label=_('Time Limit'), +doc=_('Time limit of search in seconds (default 1)'), +flags=['no_dispaly'], +minvalue=0, +default=1, +autofill=True, +), +Int('sizelimit', +label=_('Size Limit'), +doc=_('Maximum number of entries returned (default 3000)'), +flags=['no_dispaly'], +minvalue=0, +default=3000, +autofill=True, +), +) + def get_args(self): for key in self.obj.get_ancestor_primary_keys(): yield key @@ -890,7 +909,9 @@ class LDAPSearch(CallbackInterface, crud.Search): try: (entries, truncated) = ldap.find_entries( -filter, attrs_list, base_dn, scope=ldap.SCOPE_ONELEVEL +filter, attrs_list, base_dn, scope=ldap.SCOPE_ONELEVEL, +time_limit=options.get('timelimit', 1), +size_limit=options.get('sizelimit', 3000) ) except errors.ExecutionError, e: try: -- 1.7.1.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [Patch] Changes to the python infrastructure-supporting-the-web ui
On 2010-08-06 17:57, Adam Young wrote: On 08/06/2010 11:51 AM, Rob Crittenden wrote: Adam Young wrote: This code contains the changes to the python code necessary to support the new web ui. It handles the changes to the baseldap code necessary to expose the meta data to the front end, as well as the installation support. nack. About 75 tests are failing with this patch. I didn't investigate them in detail but it looks like memberof isn't being removed after a member attribute is converted. wsgi.py has a ton of imports added that aren't being used. There is an indention change in ipalib/frontend.py that doesn't seem necessary. The timelimit patch is gonig to conflict with a timelimit patch I had submitted previously (patch titled 'use time and search limit values from cn=ipaconfig'). Not even in terms of code but in forcing a default that does not tie into the global config. I think I'd rather have this as an optional argument do no default and autofill is needed. rob I'm going to fob this work off on pzuna, as these are his changes that I just merged in. I split the baseldap.py changes into 4 patches and posted them on the list a few minutes ago. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Web UI Group-add
This patch adds the ability to add a new group. is Posix and group Id fields are passed on accordingly. From d434b8dd837f80d0fc2e66aef6dcb68abe8ae61f Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Mon, 9 Aug 2010 16:32:52 -0400 Subject: [PATCH] Group add functionality now implmented. - Proper navigation. (Add and edit versus add another) - posix field is respected - gid set accordingly --- install/static/group.js | 67 --- 1 files changed, 63 insertions(+), 4 deletions(-) diff --git a/install/static/group.js b/install/static/group.js index e1aa701..eddb272 100644 --- a/install/static/group.js +++ b/install/static/group.js @@ -1,17 +1,78 @@ function setupGroup(facet){ if (facet == details){ setupGroupDetails(); +}else if (facet == add){ +setupAddGroup(); }else{ setupGroupSearch(); } } + +function addGroupFail(desc){ +alert(desc); +} + +function addGroup(on_success){ + +var options = { + posix: $('#isposix').is(':checked') ? 1 : 0 , + description: $(#groupdescription).val()}; + + +var gid = $(#groupidnumber).val(); +if (gid.length 0){ + options.gidnumber = gid; +} + +var params = [$(#groupname).val()]; + +ipa_cmd( 'add', params, options, on_success, addGroupFail, 'group' ); + +} + +function addEditGroup(){ +addGroup(function (response){ + location.href=index.xhtml?tab=groupfacet=detailspkey=+$(#groupname).val(); +}); +} + +function addAnotherGroup(){ +addGroup(setupAddGroup); +} + + +function setupAddGroup(){ +showContent(); +$(h1Add new Group/h1).appendTo(#content); + +$(form id='addGroupForm' /form) + .appendTo(#content); + +$(labelAdd and /labelinput id='addEdit' type='button' value='Edit'/input id='addAnother' type='button' value='Add Another'/).appendTo(#addGroupForm); +$(dl id='groupProperties' /).appendTo(#addGroupForm); + +$(dtName/dtddinput id='groupname' type='text'//dd) + .appendTo(#groupProperties); +$(dtDescription/dtddinput id='groupdescription' type='text'//dd) + .appendTo(#groupProperties); + +$(dtIs this a posix Group/dtddinput id='isposix' type='checkbox'//dd) + .appendTo(#groupProperties); +$(dtGID/dtddinput id='groupidnumber' type='text'//dd) + .appendTo(#groupProperties); + + +$(#addEdit).click(addEditGroup); +$(#addAnother).click(addAnotherGroup); + +} + function setupGroupDetails(){ $('#search').css(visibility,hidden); $('#content').css(visibility,visible); $('#content').load(group-details.inc); - sampleData = sampledata/groupshow.json; } @@ -33,9 +94,7 @@ function setupGroupSearch(){ executeSearch(groupSearchForm); }); $(#new).unbind(); -$(#new).click( function() { - alert(New Group...); -}); +$(#new).click( setupAddGroup ); } -- 1.7.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Make LDAPObject classes JSON serializable
Pavel Zůna wrote: Allow LDAPObject classes (and sub-classes) to be serialized into a JSON string using: json.dumps(obj, default=ipalib.util.json_serialize) Pavel ack ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Fix bug: not found exc. handler was failing for singleton objects
Pavel Zůna wrote: Very minor bug, that would probably never happen in production anyway, but why not fix it. Can you describe the situation this could occur in? How useful would the error be if the key isn't available? rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Add new parameters to LDAPSearch: timelimit and sizelimit.
Pavel Zůna wrote: Doesn't include Robs loading of default values from cn=ipaConfig. Pavel ack for now. We're going to need to remove the built-in defaults at some point and have it default to the value in cn=ipaconfig. I still need to rework the patch I made that does this. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Web UI Group-add
Adam Young wrote: This patch adds the ability to add a new group. is Posix and group Id fields are passed on accordingly. ack ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Web UI Group-add
On 08/09/2010 05:17 PM, Rob Crittenden wrote: Adam Young wrote: This patch adds the ability to add a new group. is Posix and group Id fields are passed on accordingly. ack pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Fix bug: not found exc. handler was failing for singleton objects
On 2010-08-09 23:00, Rob Crittenden wrote: Pavel Zůna wrote: Very minor bug, that would probably never happen in production anyway, but why not fix it. Can you describe the situation this could occur in? How useful would the error be if the key isn't available? rob Well, I caught the bug thanks to a bad config file. The basedn was set to dc=example,dc=com and all searches were failing. The key isn't available on for singleton objects such as config, example: # ipa config-show ipa: ERROR: : configuration options not found Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 503 fix user tests
On 08/09/2010 04:47 PM, Rob Crittenden wrote: Fix the failing user test. It was failing because the entry has a user-private group and were weren't accounting for it in the expected data. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Add new parameters to LDAPSearch: timelimit and sizelimit.
On 08/09/2010 05:01 PM, Rob Crittenden wrote: Pavel Zůna wrote: Doesn't include Robs loading of default values from cn=ipaConfig. Pavel ack for now. We're going to need to remove the built-in defaults at some point and have it default to the value in cn=ipaconfig. I still need to rework the patch I made that does this. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Lets get this in, and then get robs patch in, and then modify this code to use the defaults from Robs. The caching issue can wait.If someone really cares about that, they can always service httpd restart to force flush the cache. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel