|
|
5144c6 |
From b95817e35716bbab000633043817202e17d7c53e Mon Sep 17 00:00:00 2001
|
|
|
5144c6 |
From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fcami@redhat.com>
|
|
|
5144c6 |
Date: Thu, 6 Aug 2020 17:07:36 +0200
|
|
|
5144c6 |
Subject: [PATCH] IPA-EPN: Use a helper to retrieve LDAP attributes from an
|
|
|
5144c6 |
entry
|
|
|
5144c6 |
|
|
|
5144c6 |
Allow for empty attributes.
|
|
|
5144c6 |
|
|
|
5144c6 |
Reviewed-By: Francois Cami <fcami@redhat.com>
|
|
|
5144c6 |
---
|
|
|
5144c6 |
ipaclient/install/ipa_epn.py | 22 +++++++++++++++-------
|
|
|
5144c6 |
1 file changed, 15 insertions(+), 7 deletions(-)
|
|
|
5144c6 |
|
|
|
5144c6 |
diff --git a/ipaclient/install/ipa_epn.py b/ipaclient/install/ipa_epn.py
|
|
|
5144c6 |
index 65f9f3d47..0d1ae2add 100644
|
|
|
5144c6 |
--- a/ipaclient/install/ipa_epn.py
|
|
|
5144c6 |
+++ b/ipaclient/install/ipa_epn.py
|
|
|
5144c6 |
@@ -122,22 +122,30 @@ class EPNUserList:
|
|
|
5144c6 |
"""Return len(self)."""
|
|
|
5144c6 |
return len(self._expiring_password_user_dq)
|
|
|
5144c6 |
|
|
|
5144c6 |
+ def get_ldap_attr(self, entry, attr):
|
|
|
5144c6 |
+ """Get a single value from a multi-valued attr in a safe way"""
|
|
|
5144c6 |
+ return str(entry.get(attr, [""]).pop(0))
|
|
|
5144c6 |
+
|
|
|
5144c6 |
def add(self, entry):
|
|
|
5144c6 |
"""Parses and appends an LDAP user entry with the uid, cn,
|
|
|
5144c6 |
givenname, sn, krbpasswordexpiration and mail attributes.
|
|
|
5144c6 |
"""
|
|
|
5144c6 |
try:
|
|
|
5144c6 |
self._sorted = False
|
|
|
5144c6 |
+ if entry.get("mail") is None:
|
|
|
5144c6 |
+ logger.error("IPA-EPN: No mail address defined for: %s",
|
|
|
5144c6 |
+ entry.dn)
|
|
|
5144c6 |
+ return
|
|
|
5144c6 |
self._expiring_password_user_dq.append(
|
|
|
5144c6 |
dict(
|
|
|
5144c6 |
- uid=str(entry["uid"].pop(0)),
|
|
|
5144c6 |
- cn=str(entry["cn"].pop(0)),
|
|
|
5144c6 |
- givenname=str(entry["givenname"].pop(0)),
|
|
|
5144c6 |
- sn=str(entry["sn"].pop(0)),
|
|
|
5144c6 |
- krbpasswordexpiration=str(
|
|
|
5144c6 |
- entry["krbpasswordexpiration"].pop(0)
|
|
|
5144c6 |
+ uid=self.get_ldap_attr(entry, "uid"),
|
|
|
5144c6 |
+ cn=self.get_ldap_attr(entry, "cn"),
|
|
|
5144c6 |
+ givenname=self.get_ldap_attr(entry, "givenname"),
|
|
|
5144c6 |
+ sn=self.get_ldap_attr(entry, "sn"),
|
|
|
5144c6 |
+ krbpasswordexpiration=(
|
|
|
5144c6 |
+ self.get_ldap_attr(entry,"krbpasswordexpiration")
|
|
|
5144c6 |
),
|
|
|
5144c6 |
- mail=str(entry["mail"]),
|
|
|
5144c6 |
+ mail=str(entry.get("mail")),
|
|
|
5144c6 |
)
|
|
|
5144c6 |
)
|
|
|
5144c6 |
except IndexError as e:
|
|
|
5144c6 |
--
|
|
|
5144c6 |
2.26.2
|
|
|
5144c6 |
|
|
|
5144c6 |
From 8e810d8cf38ec60d76178bd673e218fb05d56c8e Mon Sep 17 00:00:00 2001
|
|
|
5144c6 |
From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fcami@redhat.com>
|
|
|
5144c6 |
Date: Thu, 6 Aug 2020 17:13:19 +0200
|
|
|
5144c6 |
Subject: [PATCH] IPA-EPN: fix configuration file typo
|
|
|
5144c6 |
MIME-Version: 1.0
|
|
|
5144c6 |
Content-Type: text/plain; charset=UTF-8
|
|
|
5144c6 |
Content-Transfer-Encoding: 8bit
|
|
|
5144c6 |
|
|
|
5144c6 |
Signed-off-by: François Cami <fcami@redhat.com>
|
|
|
5144c6 |
Reviewed-By: Francois Cami <fcami@redhat.com>
|
|
|
5144c6 |
---
|
|
|
5144c6 |
client/share/epn.conf | 2 +-
|
|
|
5144c6 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
5144c6 |
|
|
|
5144c6 |
diff --git a/client/share/epn.conf b/client/share/epn.conf
|
|
|
5144c6 |
index 0e590dfc3..e3645801c 100644
|
|
|
5144c6 |
--- a/client/share/epn.conf
|
|
|
5144c6 |
+++ b/client/share/epn.conf
|
|
|
5144c6 |
@@ -23,7 +23,7 @@ smtp_port = 25
|
|
|
5144c6 |
# Default None (empty value).
|
|
|
5144c6 |
# smtp_password =
|
|
|
5144c6 |
|
|
|
5144c6 |
-# pecifies the number of seconds to wait for SMTP to respond.
|
|
|
5144c6 |
+# Specifies the number of seconds to wait for SMTP to respond.
|
|
|
5144c6 |
smtp_timeout = 60
|
|
|
5144c6 |
|
|
|
5144c6 |
# Specifies the type of secure connection to make. Options are: none,
|
|
|
5144c6 |
--
|
|
|
5144c6 |
2.26.2
|
|
|
5144c6 |
|
|
|
5144c6 |
From 1b1dbcbe9d83ba35f3cfdd01399f123816ec6e5b Mon Sep 17 00:00:00 2001
|
|
|
5144c6 |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
5144c6 |
Date: Thu, 6 Aug 2020 18:57:10 -0400
|
|
|
5144c6 |
Subject: [PATCH] IPA-EPN: Test that users without givenname and/or mail are
|
|
|
5144c6 |
handled
|
|
|
5144c6 |
|
|
|
5144c6 |
The admin user does not have a givenname by default, allow for that.
|
|
|
5144c6 |
|
|
|
5144c6 |
Report errors for users without a default e-mail address.
|
|
|
5144c6 |
|
|
|
5144c6 |
Update the SHA256 hash with the typo fix.
|
|
|
5144c6 |
|
|
|
5144c6 |
Reviewed-By: Francois Cami <fcami@redhat.com>
|
|
|
5144c6 |
---
|
|
|
5144c6 |
ipatests/test_integration/test_epn.py | 22 +++++++++++++++++++++-
|
|
|
5144c6 |
1 file changed, 21 insertions(+), 1 deletion(-)
|
|
|
5144c6 |
|
|
|
5144c6 |
diff --git a/ipatests/test_integration/test_epn.py b/ipatests/test_integration/test_epn.py
|
|
|
5144c6 |
index 18f73c722..c5c73835a 100644
|
|
|
5144c6 |
--- a/ipatests/test_integration/test_epn.py
|
|
|
5144c6 |
+++ b/ipatests/test_integration/test_epn.py
|
|
|
5144c6 |
@@ -240,7 +240,7 @@ class TestEPN(IntegrationTest):
|
|
|
5144c6 |
assert epn_conf in cmd1.stdout_text
|
|
|
5144c6 |
assert epn_template in cmd1.stdout_text
|
|
|
5144c6 |
cmd2 = self.master.run_command(["sha256sum", epn_conf])
|
|
|
5144c6 |
- ck = "4c207b5c9c760c36db0d3b2b93da50ea49edcc4002d6d1e7383601f0ec30b957"
|
|
|
5144c6 |
+ ck = "192481b52fb591112afd7b55b12a44c6618fdbc7e05a3b1866fd67ec579c51df"
|
|
|
5144c6 |
assert cmd2.stdout_text.find(ck) == 0
|
|
|
5144c6 |
|
|
|
5144c6 |
def test_EPN_smoketest_1(self):
|
|
|
5144c6 |
@@ -591,3 +591,23 @@ class TestEPN(IntegrationTest):
|
|
|
5144c6 |
self.master.put_file_contents('/etc/ipa/epn.conf', epn_conf)
|
|
|
5144c6 |
result = tasks.ipa_epn(self.master, raiseonerr=False)
|
|
|
5144c6 |
assert "smtp_delay cannot be less than zero" in result.stderr_text
|
|
|
5144c6 |
+
|
|
|
5144c6 |
+ def test_EPN_admin(self):
|
|
|
5144c6 |
+ """The admin user is special and has no givenName by default
|
|
|
5144c6 |
+ It also doesn't by default have an e-mail address
|
|
|
5144c6 |
+ Check --dry-run output.
|
|
|
5144c6 |
+ """
|
|
|
5144c6 |
+ epn_conf = textwrap.dedent('''
|
|
|
5144c6 |
+ [global]
|
|
|
5144c6 |
+ ''')
|
|
|
5144c6 |
+ self.master.put_file_contents('/etc/ipa/epn.conf', epn_conf)
|
|
|
5144c6 |
+ self.master.run_command(
|
|
|
5144c6 |
+ ['ipa', 'user-mod', 'admin', '--password-expiration',
|
|
|
5144c6 |
+ datetime_to_generalized_time(
|
|
|
5144c6 |
+ datetime.datetime.utcnow() + datetime.timedelta(days=7)
|
|
|
5144c6 |
+ )]
|
|
|
5144c6 |
+ )
|
|
|
5144c6 |
+ (unused, stderr_text, _unused) = self._check_epn_output(
|
|
|
5144c6 |
+ self.master, dry_run=True
|
|
|
5144c6 |
+ )
|
|
|
5144c6 |
+ assert "uid=admin" in stderr_text
|
|
|
5144c6 |
--
|
|
|
5144c6 |
2.26.2
|
|
|
5144c6 |
|