[Freeipa-devel] [PATCH] add group dn operation methods
Kevin McCarthy
kmccarth at redhat.com
Wed Sep 26 22:44:04 UTC 2007
This patch adds api calls that manipulate group members using dns.
My apache set up isn't quite working right now, so I wasn't able to test
over the xmlrpc calls. I might have made a typo although I tried to be
careful.
The calls do work for the gui.
-Kevin
-------------- next part --------------
# HG changeset patch
# User Kevin McCarthy <kmccarth at redhat.com>
# Date 1190846854 25200
# Node ID 5bc5ed865060671057635f21456c561b4402416c
# Parent db401a2fa6ac3b1c64d2892d6271ab8e5f5e3f5c
Adds methods to manipulate groups by dns.
Renamed some of the user_group parameters to be self-evident.
Binary wrapping isn't necessary on strings, so removed from xmlrpc calls.
diff -r db401a2fa6ac -r 5bc5ed865060 ipa-python/ipaclient.py
--- a/ipa-python/ipaclient.py Wed Sep 26 15:04:09 2007 -0700
+++ b/ipa-python/ipaclient.py Wed Sep 26 15:47:34 2007 -0700
@@ -205,41 +205,65 @@ class IPAClient:
return groups
- def add_user_to_group(self, user, group):
+ def add_member_to_group(self, member_dn, group_cn):
+ """Add a member to an existing group.
+ """
+
+ return self.transport.add_member_to_group(member_dn, group_cn)
+
+ def add_members_to_group(self, member_dns, group_cn):
+ """Add several members to an existing group.
+ member_dns is a list of dns to add
+
+ Returns a list of the dns that were not added.
+ """
+
+ return self.transport.add_members_to_group(member_dns, group_cn)
+
+ def remove_member_from_group(self, member_dn, group_cn):
+ """Remove a member from an existing group.
+ """
+
+ return self.transport.remove_member_from_group(member_dn, group_cn)
+
+ def remove_members_from_group(self, member_dns, group_cn):
+ """Remove several members from an existing group.
+ member_dns is a list of dns to remove
+
+ Returns a list of the dns that were not removed.
+ """
+
+ return self.transport.remove_members_from_group(member_dns, group_cn)
+
+ def add_user_to_group(self, user_uid, group_cn):
"""Add a user to an existing group.
- user is a uid of the user to add
- group is the cn of the group to be added to
- """
-
- return self.transport.add_user_to_group(user, group)
-
- def add_users_to_group(self, users, group):
+ """
+
+ return self.transport.add_user_to_group(user_uid, group_cn)
+
+ def add_users_to_group(self, user_uids, group_cn):
"""Add several users to an existing group.
- user is a list of uids of the users to add
- group is the cn of the group to be added to
-
- Returns a list of the users that were not added.
- """
-
- return self.transport.add_users_to_group(users, group)
-
- def remove_user_from_group(self, user, group):
+ user_uids is a list of uids of the users to add
+
+ Returns a list of the user uids that were not added.
+ """
+
+ return self.transport.add_users_to_group(user_uids, group_cn)
+
+ def remove_user_from_group(self, user_uid, group_cn):
"""Remove a user from an existing group.
- user is a uid of the user to remove
- group is the cn of the group to be removed from
- """
-
- return self.transport.remove_user_from_group(user, group)
-
- def remove_users_from_group(self, users, group):
+ """
+
+ return self.transport.remove_user_from_group(user_uid, group_cn)
+
+ def remove_users_from_group(self, user_uids, group_cn):
"""Remove several users from an existing group.
- user is a list of uids of the users to remove
- group is the cn of the group to be removed from
-
- Returns a list of the users that were not removed.
- """
-
- return self.transport.remove_users_from_group(users, group)
+ user_uids is a list of uids of the users to remove
+
+ Returns a list of the user uids that were not removed.
+ """
+
+ return self.transport.remove_users_from_group(user_uids, group_cn)
def update_group(self,group):
"""Update a group entry."""
diff -r db401a2fa6ac -r 5bc5ed865060 ipa-python/rpcclient.py
--- a/ipa-python/rpcclient.py Wed Sep 26 15:04:09 2007 -0700
+++ b/ipa-python/rpcclient.py Wed Sep 26 15:47:34 2007 -0700
@@ -326,68 +326,114 @@ class RPCClient:
return ipautil.unwrap_binary_data(result)
- def add_user_to_group(self, user, group):
+ def add_member_to_group(self, member_dn, group_cn):
+ """Add a new member to an existing group.
+ """
+ server = self.setup_server()
+ try:
+ result = server.add_member_to_group(member_dn, group_cn)
+ except xmlrpclib.Fault, fault:
+ raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+ except socket.error, (value, msg):
+ raise xmlrpclib.Fault(value, msg)
+
+ return ipautil.unwrap_binary_data(result)
+
+ def add_members_to_group(self, member_dns, group_cn):
+ """Add several members to an existing group.
+ member_dns is a list of the dns to add
+
+ Returns a list of the dns that were not added.
+ """
+ server = self.setup_server()
+ try:
+ result = server.add_members_to_group(member_dns, group_cn)
+ except xmlrpclib.Fault, fault:
+ raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+ except socket.error, (value, msg):
+ raise xmlrpclib.Fault(value, msg)
+
+ return ipautil.unwrap_binary_data(result)
+
+ def remove_member_from_group(self, member_dn, group_cn):
+ """Remove a member from an existing group.
+ """
+ server = self.setup_server()
+ try:
+ result = server.remove_member_from_group(member_dn, group_cn)
+ except xmlrpclib.Fault, fault:
+ raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+ except socket.error, (value, msg):
+ raise xmlrpclib.Fault(value, msg)
+
+ return ipautil.unwrap_binary_data(result)
+
+ def remove_members_from_group(self, member_dns, group_cn):
+ """Remove several members from an existing group.
+
+ Returns a list of the dns that were not removed.
+ """
+ server = self.setup_server()
+ try:
+ result = server.remove_members_from_group(member_dns, group_cn)
+ except xmlrpclib.Fault, fault:
+ raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+ except socket.error, (value, msg):
+ raise xmlrpclib.Fault(value, msg)
+
+ return ipautil.unwrap_binary_data(result)
+
+ def add_user_to_group(self, user_uid, group_cn):
"""Add a user to an existing group.
- user is a uid of the user to add
- group is the cn of the group to be added to
- """
- server = self.setup_server()
- try:
- result = server.add_user_to_group(ipautil.wrap_binary_data(user),
- ipautil.wrap_binary_data(group))
- except xmlrpclib.Fault, fault:
- raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
- except socket.error, (value, msg):
- raise xmlrpclib.Fault(value, msg)
-
- return ipautil.unwrap_binary_data(result)
-
- def add_users_to_group(self, users, group):
+ """
+ server = self.setup_server()
+ try:
+ result = server.add_user_to_group(user_uid, group_cn)
+ except xmlrpclib.Fault, fault:
+ raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+ except socket.error, (value, msg):
+ raise xmlrpclib.Fault(value, msg)
+
+ return ipautil.unwrap_binary_data(result)
+
+ def add_users_to_group(self, user_uids, group_cn):
"""Add several users to an existing group.
- user is a list of the uids of the users to add
- group is the cn of the group to be added to
-
- Returns a list of the users that were not added.
- """
- server = self.setup_server()
- try:
- result = server.add_users_to_group(ipautil.wrap_binary_data(users),
- ipautil.wrap_binary_data(group))
- except xmlrpclib.Fault, fault:
- raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
- except socket.error, (value, msg):
- raise xmlrpclib.Fault(value, msg)
-
- return ipautil.unwrap_binary_data(result)
-
- def remove_user_from_group(self, user, group):
+ user_uids is a list of the uids of the users to add
+
+ Returns a list of the user uids that were not added.
+ """
+ server = self.setup_server()
+ try:
+ result = server.add_users_to_group(user_uids, group_cn)
+ except xmlrpclib.Fault, fault:
+ raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+ except socket.error, (value, msg):
+ raise xmlrpclib.Fault(value, msg)
+
+ return ipautil.unwrap_binary_data(result)
+
+ def remove_user_from_group(self, user_uid, group_cn):
"""Remove a user from an existing group.
- user is a uid of the user to remove
- group is the cn of the group to be removed from
- """
- server = self.setup_server()
- try:
- result = server.remove_user_from_group(ipautil.wrap_binary_data(user),
- ipautil.wrap_binary_data(group))
- except xmlrpclib.Fault, fault:
- raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
- except socket.error, (value, msg):
- raise xmlrpclib.Fault(value, msg)
-
- return ipautil.unwrap_binary_data(result)
-
- def remove_users_from_group(self, users, group):
+ """
+ server = self.setup_server()
+ try:
+ result = server.remove_user_from_group(user_uid, group_cn)
+ except xmlrpclib.Fault, fault:
+ raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+ except socket.error, (value, msg):
+ raise xmlrpclib.Fault(value, msg)
+
+ return ipautil.unwrap_binary_data(result)
+
+ def remove_users_from_group(self, user_uids, group_cn):
"""Remove several users from an existing group.
- user is a list of the uids of the users to remove
- group is the cn of the group to be removed from
-
- Returns a list of the users that were not removed.
- """
- server = self.setup_server()
- try:
- result = server.remove_users_from_group(
- ipautil.wrap_binary_data(users),
- ipautil.wrap_binary_data(group))
+ user_uids is a list of the uids of the users to remove
+
+ Returns a list of the user uids that were not removed.
+ """
+ server = self.setup_server()
+ try:
+ result = server.remove_users_from_group(user_uids, group_cn)
except xmlrpclib.Fault, fault:
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
except socket.error, (value, msg):
diff -r db401a2fa6ac -r 5bc5ed865060 ipa-server/ipaserver/ipaldap.py
--- a/ipa-server/ipaserver/ipaldap.py Wed Sep 26 15:04:09 2007 -0700
+++ b/ipa-server/ipaserver/ipaldap.py Wed Sep 26 15:47:34 2007 -0700
@@ -215,7 +215,7 @@ class IPAdmin(SimpleLDAPObject):
out this way so that we can call them from places other than
instance creation e.g. when we just need to reconnect, not create a
new instance"""
- if debug.lower() == "on":
+ if debug and debug.lower() == "on":
ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
if cacert is not None:
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,cacert)
diff -r db401a2fa6ac -r 5bc5ed865060 ipa-server/xmlrpc-server/funcs.py
--- a/ipa-server/xmlrpc-server/funcs.py Wed Sep 26 15:04:09 2007 -0700
+++ b/ipa-server/xmlrpc-server/funcs.py Wed Sep 26 15:47:34 2007 -0700
@@ -66,6 +66,8 @@ class IPAConnPool:
return conn
def releaseConn(self, conn):
+ if conn is None:
+ return
# We can't re-use SASL connections. If proxydn is None it means
# we have a Kerberos credentails cache set. See ipaldap.set_krbccache
if conn.proxydn is None:
@@ -736,27 +738,24 @@ class IPAServer:
return groups
- def add_user_to_group(self, user, group, opts=None):
- """Add a user to an existing group.
- user is a uid of the user to add
- group is the cn of the group to be added to
- """
-
- old_group = self.get_group_by_cn(group, None, opts)
+ def add_member_to_group(self, member_dn, group_cn, opts=None):
+ """Add a member to an existing group.
+ """
+
+ old_group = self.get_group_by_cn(group_cn, None, opts)
if old_group is None:
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
new_group = copy.deepcopy(old_group)
- user_dn = self.get_user_by_uid(user, ['dn', 'uid', 'objectclass'], opts)
- if user_dn is None:
- raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+ # check to make sure member_dn exists
+ member_entry = self.__get_entry(member_dn, "(objectClass=*)", ['dn','uid'], opts)
if new_group.get('uniquemember') is not None:
if ((isinstance(new_group.get('uniquemember'), str)) or (isinstance(new_group.get('uniquemember'), unicode))):
new_group['uniquemember'] = [new_group['uniquemember']]
- new_group['uniquemember'].append(user_dn['dn'])
- else:
- new_group['uniquemember'] = user_dn['dn']
+ new_group['uniquemember'].append(member_dn)
+ else:
+ new_group['uniquemember'] = member_dn
try:
ret = self.__update_entry(old_group, new_group, opts)
@@ -764,50 +763,44 @@ class IPAServer:
raise
return ret
- def add_users_to_group(self, users, group, opts=None):
- """Given a list of user uid's add them to the group cn denoted by group
- Returns a list of the users were not added to the group.
+ def add_members_to_group(self, member_dns, group_cn, opts=None):
+ """Given a list of dn's, add them to the group cn denoted by group
+ Returns a list of the member_dns that were not added to the group.
"""
failed = []
- if (isinstance(users, str)):
- users = [users]
-
- for user in users:
+ if (isinstance(member_dns, str)):
+ member_dns = [member_dns]
+
+ for member_dn in member_dns:
try:
- self.add_user_to_group(user, group, opts)
+ self.add_member_to_group(member_dn, group_cn, opts)
except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST):
# User is already in the group
- failed.append(user)
+ failed.append(member_dn)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
# User or the group does not exist
- failed.append(user)
+ failed.append(member_dn)
return failed
- def remove_user_from_group(self, user, group, opts=None):
- """Remove a user from an existing group.
- user is a uid of the user to remove
- group is the cn of the group to be removed from
- """
-
- old_group = self.get_group_by_cn(group, None, opts)
+ def remove_member_from_group(self, member_dn, group_cn, opts=None):
+ """Remove a member_dn from an existing group.
+ """
+
+ old_group = self.get_group_by_cn(group_cn, None, opts)
if old_group is None:
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
new_group = copy.deepcopy(old_group)
-
- user_dn = self.get_user_by_uid(user, ['dn', 'uid', 'objectclass'], opts)
- if user_dn is None:
- raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
if new_group.get('uniquemember') is not None:
if ((isinstance(new_group.get('uniquemember'), str)) or (isinstance(new_group.get('uniquemember'), unicode))):
new_group['uniquemember'] = [new_group['uniquemember']]
try:
- new_group['uniquemember'].remove(user_dn['dn'])
+ new_group['uniquemember'].remove(member_dn)
except ValueError:
- # User is not in the group
+ # member is not in the group
# FIXME: raise more specific error?
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
else:
@@ -821,26 +814,89 @@ class IPAServer:
raise
return ret
- def remove_users_from_group(self, users, group, opts=None):
- """Given a list of user uid's remove them from the group cn denoted
- by group
- Returns a list of the users were not removed from the group.
+ def remove_members_from_group(self, member_dns, group_cn, opts=None):
+ """Given a list of member dn's remove them from the group.
+ Returns a list of the members not removed from the group.
"""
failed = []
- if (isinstance(users, str)):
- users = [users]
-
- for user in users:
+ if (isinstance(member_dns, str)):
+ member_dns = [member_dns]
+
+ for member_dn in member_dns:
try:
- self.remove_user_from_group(user, group, opts)
+ self.remove_member_from_group(member_dn, group_cn, opts)
+ except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST):
+ # member is not in the group
+ failed.append(member_dn)
+ except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+ # member_dn or the group does not exist
+ failed.append(member_dn)
+
+ return failed
+
+ def add_user_to_group(self, user_uid, group_cn, opts=None):
+ """Add a user to an existing group.
+ """
+
+ user = self.get_user_by_uid(user_uid, ['dn', 'uid', 'objectclass'], opts)
+ if user is None:
+ raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+
+ return self.add_member_to_group(user['dn'], group_cn, opts)
+
+ def add_users_to_group(self, user_uids, group_cn, opts=None):
+ """Given a list of user uid's add them to the group cn denoted by group
+ Returns a list of the users were not added to the group.
+ """
+
+ failed = []
+
+ if (isinstance(user_uids, str)):
+ user_uids = [user_uids]
+
+ for user_uid in user_uids:
+ try:
+ self.add_user_to_group(user_uid, group_cn, opts)
+ except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST):
+ # User is already in the group
+ failed.append(user_uid)
+ except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+ # User or the group does not exist
+ failed.append(user_uid)
+
+ return failed
+
+ def remove_user_from_group(self, user_uid, group_cn, opts=None):
+ """Remove a user from an existing group.
+ """
+
+ user = self.get_user_by_uid(user_uid, ['dn', 'uid', 'objectclass'], opts)
+ if user is None:
+ raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+
+ return self.remove_member_from_group(user['dn'], group_cn, opts)
+
+ def remove_users_from_group(self, user_uids, group_cn, opts=None):
+ """Given a list of user uid's remove them from the group
+ Returns a list of the user uids not removed from the group.
+ """
+
+ failed = []
+
+ if (isinstance(user_uids, str)):
+ user_uids = [user_uids]
+
+ for user_uid in user_uids:
+ try:
+ self.remove_user_from_group(user_uid, group_cn, opts)
except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST):
# User is not in the group
- failed.append(user)
+ failed.append(user_uid)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
# User or the group does not exist
- failed.append(user)
+ failed.append(user_uid)
return failed
diff -r db401a2fa6ac -r 5bc5ed865060 ipa-server/xmlrpc-server/ipaxmlrpc.py
--- a/ipa-server/xmlrpc-server/ipaxmlrpc.py Wed Sep 26 15:04:09 2007 -0700
+++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py Wed Sep 26 15:47:34 2007 -0700
@@ -330,6 +330,10 @@ def handler(req, profiling=False):
h.register_function(f.get_groups_by_member)
h.register_function(f.add_group)
h.register_function(f.find_groups)
+ h.register_function(f.add_member_to_group)
+ h.register_function(f.add_members_to_group)
+ h.register_function(f.remove_member_from_group)
+ h.register_function(f.remove_members_from_group)
h.register_function(f.add_user_to_group)
h.register_function(f.add_users_to_group)
h.register_function(f.add_group_to_group)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4054 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070926/5944c376/attachment.bin>
More information about the Freeipa-devel
mailing list