Thursday, March 5, 2020

[389-commits] [389-ds-base] branch 389-ds-base-1.4.1 updated: Issue 50928 - Unable to create a suffix with countryName

This is an automated email from the git hooks/post-receive script.

mreynolds pushed a commit to branch 389-ds-base-1.4.1
in repository 389-ds-base.

The following commit(s) were added to refs/heads/389-ds-base-1.4.1 by this push:
new aa8c123 Issue 50928 - Unable to create a suffix with countryName
aa8c123 is described below

commit aa8c1230708095957a89e460e6f5b6550488c80e
Author: Mark Reynolds <mreynolds@redhat.com>
AuthorDate: Tue Mar 3 12:54:55 2020 -0500

Issue 50928 - Unable to create a suffix with countryName

Bug Description: It is not possible to create a suffix using 'c' as
the RDN attribute.

Fix Description: Support 'c' when creating an instance or backend.

Also fixed a few python warnings.

reletes: https://pagure.io/389-ds-base/issue/50928

Reviewed by: firstyear(Thanks!)
---
src/lib389/lib389/cli_conf/backend.py | 18 ++++---
src/lib389/lib389/configurations/sample.py | 75 ++++++++++++++++++++++++------
src/lib389/lib389/idm/country.py | 53 +++++++++++++++++++++
src/lib389/lib389/instance/setup.py | 44 +++++++++++++-----
4 files changed, 155 insertions(+), 35 deletions(-)

diff --git a/src/lib389/lib389/cli_conf/backend.py b/src/lib389/lib389/cli_conf/backend.py
index 10208bd..68e3893 100644
--- a/src/lib389/lib389/cli_conf/backend.py
+++ b/src/lib389/lib389/cli_conf/backend.py
@@ -1,5 +1,5 @@
# --- BEGIN COPYRIGHT BLOCK ---
-# Copyright (C) 2019 Red Hat, Inc.
+# Copyright (C) 2020 Red Hat, Inc.
# Copyright (C) 2019 William Brown <william@blackhats.net.au>
# All rights reserved.
#
@@ -13,23 +13,17 @@ from lib389.configurations.sample import (
create_base_org,
create_base_orgunit,
create_base_cn,
+ create_base_c,
)
from lib389.chaining import (ChainingLinks)
-from lib389.index import Index, VLVIndex, VLVSearches
from lib389.monitor import MonitorLDBM
from lib389.replica import Replicas
from lib389.utils import ensure_str, is_a_dn, is_dn_parent
from lib389._constants import *
from lib389.cli_base import (
- populate_attr_arguments,
- _generic_list,
_generic_get,
_generic_get_dn,
- _generic_create,
- _generic_delete,
_get_arg,
- _get_args,
- _get_attributes,
_warn,
)
import json
@@ -181,8 +175,9 @@ def backend_create(inst, basedn, log, args):
be.create(properties=props)
if args.create_suffix and not args.create_entries:
# Set basic ACIs (taken from instance/setup.py)
+ c_aci = '(targetattr="c || description || objectClass")(targetfilter="(objectClass=country)")(version 3.0; acl "Enable anyone c read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
o_aci = '(targetattr="o || description || objectClass")(targetfilter="(objectClass=organization)")(version 3.0; acl "Enable anyone o read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
- dc_aci = '(targetattr="dc || description || objectClass")(targetfilter="(objectClass=domain)")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone");)',
+ dc_aci = '(targetattr="dc || description || objectClass")(targetfilter="(objectClass=domain)")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
ou_aci = '(targetattr="ou || description || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
cn_aci = '(targetattr="cn || description || objectClass")(targetfilter="(objectClass=nscontainer)")(version 3.0; acl "Enable anyone cn read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
suffix_rdn_attr = args.suffix.split('=')[0].lower()
@@ -198,6 +193,9 @@ def backend_create(inst, basedn, log, args):
elif suffix_rdn_attr == 'cn':
cn = create_base_cn(inst, args.suffix)
cn.add('aci', cn_aci)
+ elif suffix_rdn_attr == 'c':
+ c = create_base_c(inst, args.suffix)
+ c.add('aci', c_aci)
else:
# Unsupported rdn
raise ValueError("Suffix RDN is not supported for creating suffix object. Only 'dc', 'o', 'ou', and 'cn' are supported.")
@@ -291,7 +289,7 @@ def is_db_link(inst, rdn):
def is_db_replicated(inst, suffix):
replicas = Replicas(inst)
try:
- replica = replicas.get(suffix)
+ replicas.get(suffix)
return True
except:
return False
diff --git a/src/lib389/lib389/configurations/sample.py b/src/lib389/lib389/configurations/sample.py
index f30b8d6..0f6f470 100644
--- a/src/lib389/lib389/configurations/sample.py
+++ b/src/lib389/lib389/configurations/sample.py
@@ -1,5 +1,5 @@
# --- BEGIN COPYRIGHT BLOCK ---
-# Copyright (C) 2017 Red Hat, Inc.
+# Copyright (C) 2020 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
@@ -12,22 +12,10 @@ from lib389.idm.domain import Domain
from lib389.idm.organization import Organization
from lib389.idm.organizationalunit import OrganizationalUnit
from lib389.idm.nscontainer import nsContainer
+from lib389.idm.country import Country
from lib389.utils import ensure_str


-class sampleentries(object):
- def __init__(self, instance, basedn):
- self._instance = instance
- self._basedn = ensure_str(basedn)
- self.description = None
-
- def apply(self):
- self._apply()
-
- def _apply(self):
- raise Exception('Not implemented')
-
-
def create_base_domain(instance, basedn):
"""Create the base domain object"""

@@ -95,3 +83,62 @@ def create_base_cn(instance, basedn):
})

return cn
+
+def create_base_c(instance, basedn):
+ """Create the base country object"""
+
+ c = Country(instance, dn=basedn)
+ # Explode the dn to get the first bit.
+ avas = dn.str2dn(basedn)
+ c_ava = avas[0][0][1]
+
+ c.create(properties={
+ 'c': c_ava,
+ })
+
+ return c
+
+
+class sampleentries(object):
+ def __init__(self, instance, basedn):
+ self._instance = instance
+ self._basedn = ensure_str(basedn)
+ self.description = None
+ self.version = None
+
+ def apply(self):
+ self._apply()
+
+ def _configure_base(self, add_acis=True):
+ suffix_rdn_attr = self._basedn.split('=')[0].lower()
+ suffix_obj = None
+ if suffix_rdn_attr == 'dc':
+ suffix_obj = create_base_domain(self._instance, self._basedn)
+ aci_vals = ['dc', 'domain']
+ elif suffix_rdn_attr == 'c':
+ suffix_obj = create_base_c(self._instance, self._basedn)
+ aci_vals = ['c', 'country']
+ elif suffix_rdn_attr == 'o':
+ suffix_obj = create_base_org(self._instance, self._basedn)
+ aci_vals = ['o', 'organization']
+ elif suffix_rdn_attr == 'ou':
+ suffix_obj = create_base_orgunit(self._instance, self._basedn)
+ aci_vals = ['ou', 'organizationalunit']
+ elif suffix_rdn_attr == 'cn':
+ suffix_obj = create_base_cn(self._instance, self._basedn)
+ aci_vals = ['cn', 'nscontainer']
+ else:
+ # Unsupported rdn
+ raise ValueError("Suffix RDN '{}' in '{}' is not supported. Supported RDN's are: 'c', 'cn', 'dc', 'o', and 'ou'".format(suffix_rdn_attr, self._basedn))
+
+ if add_acis:
+ suffix_obj.add('aci', [
+ # Allow reading the base domain object
+ '(targetattr="' + aci_vals[0] + ' || description || objectClass")(targetfilter="(objectClass=' + aci_vals[1] + ')")(version 3.0; acl "Enable anyone ' + aci_vals[1] + ' read"; allow (read, search, compare)(userdn="ldap:///anyone");)',
+ # Allow reading the ou
+ '(targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
+ ])
+ return suffix_obj
+
+ def _apply(self):
+ raise Exception('Not implemented')
diff --git a/src/lib389/lib389/idm/country.py b/src/lib389/lib389/idm/country.py
new file mode 100644
index 0000000..b0d0e9b
--- /dev/null
+++ b/src/lib389/lib389/idm/country.py
@@ -0,0 +1,53 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2020 Red Hat, Inc.
+# All rights reserved.
+#
+# License: GPL (version 3 or any later version).
+# See LICENSE for details.
+# --- END COPYRIGHT BLOCK ---
+
+from lib389._mapped_object import DSLdapObject, DSLdapObjects
+
+MUST_ATTRIBUTES = [
+ 'c',
+]
+RDN = 'c'
+
+
+class Country(DSLdapObject):
+ """A single instance of Country entry
+
+ :param instance: An instance
+ :type instance: lib389.DirSrv
+ :param dn: Entry DN
+ :type dn: str
+ """
+
+ def __init__(self, instance, dn=None):
+ super(Country, self).__init__(instance, dn)
+ self._rdn_attribute = RDN
+ self._must_attributes = MUST_ATTRIBUTES
+ self._create_objectclasses = [
+ 'top',
+ 'country',
+ ]
+ self._protected = False
+
+
+class Countries(DSLdapObjects):
+ """DSLdapObjects that represents Country entries
+
+ :param instance: An instance
+ :type instance: lib389.DirSrv
+ :param basedn: Base DN for all group entries below
+ :type basedn: str
+ """
+
+ def __init__(self, instance, basedn):
+ super(Countries, self).__init__(instance)
+ self._objectclasses = [
+ 'country',
+ ]
+ self._filterattrs = [RDN]
+ self._childobject = Country
+ self._basedn = basedn
diff --git a/src/lib389/lib389/instance/setup.py b/src/lib389/lib389/instance/setup.py
index 28e75e4..8217557 100644
--- a/src/lib389/lib389/instance/setup.py
+++ b/src/lib389/lib389/instance/setup.py
@@ -1,5 +1,5 @@
# --- BEGIN COPYRIGHT BLOCK ---
-# Copyright (C) 2019 Red Hat, Inc.
+# Copyright (C) 2020 Red Hat, Inc.
# Copyright (C) 2019 William Brown <william@blackhats.net.au>
# All rights reserved.
#
@@ -8,7 +8,6 @@
# --- END COPYRIGHT BLOCK ---

import os
-import logging
import sys
import shutil
import pwd
@@ -24,7 +23,13 @@ from lib389.properties import *
from lib389.passwd import password_hash, password_generate
from lib389.nss_ssl import NssSsl
from lib389.configurations import get_config
-from lib389.configurations.sample import create_base_domain
+from lib389.configurations.sample import (
+ create_base_domain,
+ create_base_org,
+ create_base_orgunit,
+ create_base_cn,
+ create_base_c,
+)
from lib389.instance.options import General2Base, Slapd2Base, Backend2Base
from lib389.paths import Paths
from lib389.saslmap import SaslMappings
@@ -895,14 +900,31 @@ class SetupDs(object):
create_suffix_entry_in_props = backend.pop('create_suffix_entry', False)
ds_instance.backends.create(properties=backend)
if not is_sample_entries_in_props and create_suffix_entry_in_props:
- domain = create_base_domain(ds_instance, backend['nsslapd-suffix'])
- # Set basic ACI
- domain.add('aci', [
- # Allow reading the base domain object
- '(targetattr="dc || description || objectClass")(targetfilter="(objectClass=domain)")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone");)',
- # Allow reading the ou
- '(targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
- ])
+ # Set basic ACIs
+ c_aci = '(targetattr="c || description || objectClass")(targetfilter="(objectClass=country)")(version 3.0; acl "Enable anyone c read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
+ o_aci = '(targetattr="o || description || objectClass")(targetfilter="(objectClass=organization)")(version 3.0; acl "Enable anyone o read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
+ dc_aci = '(targetattr="dc || description || objectClass")(targetfilter="(objectClass=domain)")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
+ ou_aci = '(targetattr="ou || description || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
+ cn_aci = '(targetattr="cn || description || objectClass")(targetfilter="(objectClass=nscontainer)")(version 3.0; acl "Enable anyone cn read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
+ suffix_rdn_attr = backend['nsslapd-suffix'].split('=')[0].lower()
+ if suffix_rdn_attr == 'dc':
+ domain = create_base_domain(ds_instance, backend['nsslapd-suffix'])
+ domain.add('aci', dc_aci)
+ elif suffix_rdn_attr == 'o':
+ org = create_base_org(ds_instance, backend['nsslapd-suffix'])
+ org.add('aci', o_aci)
+ elif suffix_rdn_attr == 'ou':
+ orgunit = create_base_orgunit(ds_instance, backend['nsslapd-suffix'])
+ orgunit.add('aci', ou_aci)
+ elif suffix_rdn_attr == 'cn':
+ cn = create_base_cn(ds_instance, backend['nsslapd-suffix'])
+ cn.add('aci', cn_aci)
+ elif suffix_rdn_attr == 'c':
+ c = create_base_c(ds_instance, backend['nsslapd-suffix'])
+ c.add('aci', c_aci)
+ else:
+ # Unsupported rdn
+ raise ValueError("Suffix RDN '{}' in '{}' is not supported. Supported RDN's are: 'c', 'cn', 'dc', 'o', and 'ou'".format(suffix_rdn_attr, backend['nsslapd-suffix']))

# Initialise ldapi socket information. IPA expects this ....
ldapi_path = os.path.join(slapd['local_state_dir'], "run/slapd-%s.socket" % slapd['instance_name'])

--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
389-commits mailing list -- 389-commits@lists.fedoraproject.org
To unsubscribe send an email to 389-commits-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-commits@lists.fedoraproject.org
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)