[Freeipa-devel] [PATCH 0016] Add RADIUS proxy support to ipalib CLI
Jan Cholasta
jcholast at redhat.com
Fri Sep 13 07:21:33 UTC 2013
Hi,
On 12.9.2013 22:48, Nathaniel McCallum wrote:
> On Thu, 2013-09-05 at 00:06 -0400, Nathaniel McCallum wrote:
>> patch attached
>
> Update for ./makeapi attached.
>
+ if 'ipatokenradiusconfiglink' in entry_attrs:
+ cl = entry_attrs['ipatokenradiusconfiglink']
+ if not cl:
+ entry_attrs['ipatokenradiususername'] = None
+ if 'ipatokenradiusproxyuser' in entry_attrs['objectclass']:
+
entry_attrs['objectclass'].remove('ipatokenradiusproxyuser')
Is there are particular reason to remove the object class? I think you
can just leave it there, that is what we do in other plugins.
+ else:
+ if 'ipatokenradiusproxyuser' not in
entry_attrs['objectclass']:
+
entry_attrs['objectclass'].append('ipatokenradiusproxyuser')
+
+ answer = self.api.Command.radius_show(cl)
+ entry_attrs['ipatokenradiusconfiglink'] =
answer['result']['dn']
Please use self.api.Object.radius.get_dn_if_exists(cl) to get the DN
instead of radius_show.
The whole code block should be added to user_add as well.
+ radius = options.get('ipatokenradiusconfiglink', None)
+ if radius is not None:
+ answer = self.api.Command.radius_show(radius)
+ filter = filter.replace('(ipatokenradiusconfiglink=%s)' %
radius,
+ '(ipatokenradiusconfiglink=%s)' %
answer['result']['dn'])
Again, use get_dn_if_exists instead of radius_show to get the DN.
As for the filter processing, I think it would be safer to override
args_options_2_entry in user_find and do it in there:
def args_options_2_entry(self, *keys, **options):
if 'ipatokenradiusconfiglink' in options:
options['ipatokenradiusconfiglink'] =
self.api.Object.radius.get_dn(options['ipatokenradiusconfiglink'])
return super(user_find, self).args_options_2_entry(
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list