389-ds-base

Clone
Source Code
GIT

#50044 Issue 49984 - Add an empty domain creation to the dscreate
Closed 3 years ago by spichugi. Opened 5 years ago by spichugi.
spichugi/389-ds-base sample_entries_fix  into  master

file modified
+3 -14 
@@ -6,12 +6,9 @@ 
 

  # See LICENSE for details.
 

  # --- END COPYRIGHT BLOCK ---
 

  

- from ldap import dn
 

- 

  from .config import baseconfig, configoperation
 

- from .sample import sampleentries
 

+ from .sample import sampleentries, create_base_domain
 

  

- from lib389.idm.domain import Domain
 

  from lib389.idm.organizationalunit import OrganizationalUnits
 

  from lib389.idm.group import UniqueGroups, UniqueGroup
 

  
@@ -25,17 +22,9 @@ 
 

      # All the checks are done, apply them.
 

      def _apply(self):
 

          # Create the base domain object
 

-         domain = Domain(self._instance, dn=self._basedn)
 

-         # Explode the dn to get the first bit.
 

-         avas = dn.str2dn(self._basedn)
 

-         dc_ava = avas[0][0][1]
 

+         domain = create_base_domain(self._instance, self._basedn)
 

+         domain.add('aci' , '(targetattr ="*")(version 3.0;acl "Directory Administrators Group";allow (all) (groupdn = "ldap:///cn=Directory Administrators,{BASEDN}");)'.format(BASEDN=self._basedn))
 

  

-         domain.create(properties={
 

-             # I think in python 2 this forces unicode return ...
 

-             'dc': dc_ava,
 

-             'description': self._basedn,
 

-             'aci' : '(targetattr ="*")(version 3.0;acl "Directory Administrators Group";allow (all) (groupdn = "ldap:///cn=Directory Administrators,{BASEDN}");)'.format(BASEDN=self._basedn)
 

-             })
 

          # Create the OUs
 

          ous = OrganizationalUnits(self._instance, self._basedn)
 

          ous.create(properties = {

file modified
+8 -20 
@@ -6,12 +6,9 @@ 
 

  # See LICENSE for details.
 

  # --- END COPYRIGHT BLOCK ---
 

  

- from ldap import dn
 

- 

  from .config import baseconfig, configoperation
 

- from .sample import sampleentries
 

+ from .sample import sampleentries, create_base_domain
 

  

- from lib389.idm.domain import Domain
 

  from lib389.idm.organizationalunit import OrganizationalUnits
 

  from lib389.idm.group import Groups
 

  from lib389.idm.posixgroup import PosixGroups
 
@@ -28,22 +25,13 @@ 
 

      # All checks done, apply!
 

      def _apply(self):
 

          # Create the base domain object
 

-         domain = Domain(self._instance, dn=self._basedn)
 

-         # Explode the dn to get the first bit.
 

-         avas = dn.str2dn(self._basedn)
 

-         dc_ava = avas[0][0][1]
 

- 

-         domain.create(properties={
 

-             # I think in python 2 this forces unicode return ...
 

-             'dc': dc_ava,
 

-             'description': self._basedn,
 

-             'aci': [
 

-                 # Allow reading the base domain object
 

-                 '(targetattr="dc || description || objectClass")(targetfilter="(objectClass=domain)")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone");)',
 

-                 # Allow reading the ou
 

-                 '(targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
 

-             ]
 

-             })
 

+         domain = create_base_domain(self._instance, self._basedn)
 

+         domain.add('aci', [
 

+             # Allow reading the base domain object
 

+             '(targetattr="dc || description || objectClass")(targetfilter="(objectClass=domain)")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone");)',
 

+             # Allow reading the ou
 

+             '(targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
 

+         ])
 

  

          # Create the 389 service container
 

          # This could also move to be part of core later ....

file modified
+23 
@@ -6,8 +6,12 @@ 
 

  # See LICENSE for details.
 

  # --- END COPYRIGHT BLOCK ---
 

  

+ from ldap import dn
 

+ 

+ from lib389.idm.domain import Domain
 

  from lib389.utils import ensure_str
 

  

+ 

  class sampleentries(object):
 

      def __init__(self, instance, basedn):
 

          self._instance = instance
 
@@ -19,3 +23,22 @@ 
 

  

      def _apply(self):
 

          raise Exception('Not implemented')
 

+ 

+ 

+ def create_base_domain(instance, basedn):
 

+     """Create the base domain object"""
 

+ 

+     domain = Domain(instance, dn=basedn)
 

+     # Explode the dn to get the first bit.
 

+     avas = dn.str2dn(basedn)
 

+     dc_ava = avas[0][0][1]
 

+ 

+     domain.create(properties={
 

+         # I think in python 2 this forces unicode return ...
 

+         'dc': dc_ava,
 

+         'description': basedn,
 

+     })
 

+     # ACI can be added later according to your needs
 

+ 

+     return domain
 

+

file modified
+11 -1 
@@ -22,6 +22,7 @@ 
 

  from lib389.passwd import password_hash, password_generate
 

  from lib389.nss_ssl import NssSsl
 

  from lib389.configurations import get_config
 

+ from lib389.configurations.sample import create_base_domain
 

  from lib389.instance.options import General2Base, Slapd2Base, Backend2Base
 

  from lib389.paths import Paths
 

  from lib389.saslmap import SaslMappings
 
@@ -672,7 +673,6 @@ 
 

          if len(backends) > 0:
 

              ds_suffix = backends[0]['nsslapd-suffix']
 

  

- 

          # Create certdb in sysconfidir
 

          if self.verbose:
 

              self.log.info("ACTION: Creating certificate database is %s", slapd['cert_dir'])
 
@@ -785,7 +785,17 @@ 
 

          # Create the backends as listed
 

          # Load example data if needed.
 

          for backend in backends:
 

+             is_sample_entries_in_props = "sample_entries" in backend
 

              ds_instance.backends.create(properties=backend)
 

+             if not is_sample_entries_in_props:
 

+                 domain = create_base_domain(ds_instance, backend['nsslapd-suffix'])
 

+                 # Set basic ACI
 

+                 domain.add('aci', [
 

+                     # Allow reading the base domain object
 

+                     '(targetattr="dc || description || objectClass")(targetfilter="(objectClass=domain)")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone");)',
 

+                     # Allow reading the ou
 

+                     '(targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
 

+                 ])
 

  

          # Initialise ldapi socket information. IPA expects this ....
 

          ldapi_path = os.path.join(slapd['local_state_dir'], "run/slapd-%s.socket" % slapd['instance_name'])

Description: Create an empty domain with basic ACIs
while creating an instance without sample_entries but with a backend.

https://pagure.io/389-ds-base/issue/49984

Reviewed by: ?

I like this approach. We should always create the base object :thumbsup:

Ack

rebased onto e434e5fcbac14e69048b8a498e8cbf86c4ea58b1
5 years ago

LGTM

rebased onto 5acc4e4
5 years ago

Pull-Request has been merged by spichugi
5 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/3103

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi
3 years ago
Metadata
None
No Tags
Changes Summary 4
+3 -14
file changed
src/lib389/lib389/configurations/config_001003006.py
+8 -20
file changed
src/lib389/lib389/configurations/config_001004000.py
+23 -0
file changed
src/lib389/lib389/configurations/sample.py
+11 -1
file changed
src/lib389/lib389/instance/setup.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.