973e0c0 idviews: handle unqualified ID override lookups from Web UI

1 file Authored by abbra 3 years ago, Committed by rcritten 3 years ago,
    idviews: handle unqualified ID override lookups from Web UI
    
    First part of the required changes to merge a plugin to manage IPA as
    a trusted Active Directory user.
    
    It is not possible to omit ID view in IPA API but a client might specify
    empty ID view. Up right now the empty view was considered an error. This
    prevented Web UI from resolving ID overrides in a group member adder
    dialog.
    
    Default to 'Default Trust View' if the ID view is None or empty string
    (''). Do this only for user ID overrides, as we do not support adding
    group ID overrides as group members in a plugin to manage IPA as a
    trusted Active Directory user[1].
    
    Being a group member means an object in LDAP must have an object class
    that allows 'memberOf' attribute because 389-ds 'memberof' plugin will
    attempt to link back to the object from the group. Allow use of
    'nsMemberOf' object class in ID overrides.
    
    Fixes: https://pagure.io/freeipa/issue/7255
    
    [1] https://github.com/abbra/freeipa-adusers-admins
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    
        
file modified
+43 -3