From f90077f5a6dcac2beee9aff89f82e1abcb5d23f9 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Nov 14 2019 00:10:46 +0000 Subject: Issue 50644 - fix regression with creating sample entries Bug Description: The previous commit for this issue missed how the aci's were were being adjusted for each type of different suffix rdn. Fix Description: I just moved the aci creation into the base object creation code where all the info needed was readily available. relates: https://pagure.io/389-ds-base/issue/50644 Reviewed by: firstyear(Thanks!) --- diff --git a/src/lib389/lib389/configurations/config_001004000.py b/src/lib389/lib389/configurations/config_001004000.py index bd69f7e..0b0c6b3 100644 --- a/src/lib389/lib389/configurations/config_001004000.py +++ b/src/lib389/lib389/configurations/config_001004000.py @@ -24,14 +24,7 @@ class c001004000_sample_entries(sampleentries): # All checks done, apply! def _apply(self): - suffix_obj = self._configure_base() - # Create the base object - suffix_obj.add('aci', [ - # Allow reading the base domain object - '(targetattr="' + aci_vals[0] + ' || description || objectClass")(targetfilter="(objectClass=' + aci_vals[1] + ')")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone");)', - # Allow reading the ou - '(targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)' - ]) + self._configure_base() # Create the 389 service container # This could also move to be part of core later .... diff --git a/src/lib389/lib389/configurations/config_001004002.py b/src/lib389/lib389/configurations/config_001004002.py index 51c5ce4..ffc1b1d 100644 --- a/src/lib389/lib389/configurations/config_001004002.py +++ b/src/lib389/lib389/configurations/config_001004002.py @@ -25,14 +25,7 @@ class c001004002_sample_entries(sampleentries): # All checks done, apply! def _apply(self): - suffix_obj = self._configure_base() - # Create the base domain object - suffix_obj.add('aci', [ - # Allow reading the base domain object - '(targetattr="dc || description || objectClass")(targetfilter="(objectClass=domain)")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone");)', - # Allow reading the ou - '(targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)' - ]) + self._configure_base() # Create the 389 service container # This could also move to be part of core later .... diff --git a/src/lib389/lib389/configurations/sample.py b/src/lib389/lib389/configurations/sample.py index b2d7063..62fb816 100644 --- a/src/lib389/lib389/configurations/sample.py +++ b/src/lib389/lib389/configurations/sample.py @@ -78,7 +78,6 @@ def create_base_cn(instance, basedn): cn.create(properties={ # I think in python 2 this forces unicode return ... 'cn': cn_ava, - 'description': basedn, }) return cn @@ -94,7 +93,7 @@ class sampleentries(object): def apply(self): self._apply() - def _configure_base(self): + def _configure_base(self, add_acis=True): suffix_rdn_attr = self._basedn.split('=')[0].lower() suffix_obj = None if suffix_rdn_attr == 'dc': @@ -113,6 +112,13 @@ class sampleentries(object): # Unsupported rdn raise ValueError("Suffix RDN is not supported for creating sample entries. Only 'dc', 'o', 'ou', and 'cn' are supported.") + if add_acis: + suffix_obj.add('aci', [ + # Allow reading the base domain object + '(targetattr="' + aci_vals[0] + ' || description || objectClass")(targetfilter="(objectClass=' + aci_vals[1] + ')")(version 3.0; acl "Enable anyone ' + aci_vals[1] + ' read"; allow (read, search, compare)(userdn="ldap:///anyone");)', + # Allow reading the ou + '(targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)' + ]) return suffix_obj def _apply(self):