| |
@@ -78,7 +78,6 @@
|
| |
cn.create(properties={
|
| |
# I think in python 2 this forces unicode return ...
|
| |
'cn': cn_ava,
|
| |
- 'description': basedn,
|
| |
})
|
| |
|
| |
return cn
|
| |
@@ -94,7 +93,7 @@
|
| |
def apply(self):
|
| |
self._apply()
|
| |
|
| |
- def _configure_base(self):
|
| |
+ def _configure_base(self, add_acis=True):
|
| |
suffix_rdn_attr = self._basedn.split('=')[0].lower()
|
| |
suffix_obj = None
|
| |
if suffix_rdn_attr == 'dc':
|
| |
@@ -113,6 +112,13 @@
|
| |
# Unsupported rdn
|
| |
raise ValueError("Suffix RDN is not supported for creating sample entries. Only 'dc', 'o', 'ou', and 'cn' are supported.")
|
| |
|
| |
+ if add_acis:
|
| |
+ suffix_obj.add('aci', [
|
| |
+ # Allow reading the base domain object
|
| |
+ '(targetattr="' + aci_vals[0] + ' || description || objectClass")(targetfilter="(objectClass=' + aci_vals[1] + ')")(version 3.0; acl "Enable anyone ' + aci_vals[1] + ' read"; allow (read, search, compare)(userdn="ldap:///anyone");)',
|
| |
+ # Allow reading the ou
|
| |
+ '(targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)'
|
| |
+ ])
|
| |
return suffix_obj
|
| |
|
| |
def _apply(self):
|
| |
Bug Description:
The previous commit for this issue missed how the aci's were were being adjusted for each type of different suffix rdn.
Fix Description:
I just moved the aci creation into the base object creation code where all the info needed was readily available.
relates: https://pagure.io/389-ds-base/issue/50644