Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
# Authors: # Rob Crittenden <rcritten@redhat.com> # Pavel Zuna <pzuna@redhat.com> # # Copyright (C) 2009 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>.
Netgroups
A netgroup is a group used for permission checking. It can contain both user and host values.
EXAMPLES:
Add a new netgroup: ipa netgroup-add --desc="NFS admins" admins
Add members to the netgroup: ipa netgroup-add-member --users=tuser1 --users=tuser2 admins
Remove a member from the netgroup: ipa netgroup-remove-member --users=tuser2 admins
Display information about a netgroup: ipa netgroup-show admins
Delete a netgroup: ipa netgroup-del admins """)
# according to most common use cases the netgroup pattern should fit # also the nisdomain pattern
Str('memberuser_user?', label='Member User', ), Str('memberuser_group?', label='Member Group', ), Str('memberhost_host?', label=_('Member Host'), ), Str('memberhost_hostgroup?', label='Member Hostgroup', ), )
""" Netgroup object. """ 'cn', 'description', 'memberof', 'externalhost', 'nisdomainname', 'memberuser', 'memberhost', 'member', 'memberindirect', 'usercategory', 'hostcategory', ] 'member': ['netgroup'], 'memberof': ['netgroup'], 'memberindirect': ['netgroup'], 'memberuser': ['user', 'group'], 'memberhost': ['host', 'hostgroup'], } 'member': ('Member', '', 'no_'), 'memberof': ('Member Of', 'in_', 'not_in_'), 'memberindirect': ( 'Indirect Member', None, 'no_indirect_' ), 'memberuser': ('Member', '', 'no_'), 'memberhost': ('Member', '', 'no_'), }
Str('cn', pattern=NETGROUP_PATTERN, pattern_errmsg=NETGROUP_PATTERN_ERRMSG, cli_name='name', label=_('Netgroup name'), primary_key=True, normalizer=lambda value: value.lower(), ), Str('description', cli_name='desc', label=_('Description'), doc=_('Netgroup description'), ), Str('nisdomainname?', pattern=NISDOMAIN_PATTERN, pattern_errmsg=NISDOMAIN_PATTERN_ERRMSG, cli_name='nisdomain', label=_('NIS domain name'), ), Str('ipauniqueid?', cli_name='uuid', label='IPA unique ID', doc=_('IPA unique ID'), flags=['no_create', 'no_update'], ), StrEnum('usercategory?', cli_name='usercat', label=_('User category'), doc=_('User category the rule applies to'), values=(u'all', ), ), StrEnum('hostcategory?', cli_name='hostcat', label=_('Host category'), doc=_('Host category the rule applies to'), values=(u'all', ), ), external_host_param, )
u'Hostgroups and netgroups share a common namespace')
if 'mepManagedEntry' in netgroup.get('objectclass', []): raise errors.DuplicateEntry(message=unicode(self.msg_collision % keys[-1])) else: self.obj.handle_duplicate_entry(*keys)
# when enabled, a managed netgroup is created for every hostgroup # make sure that we don't create a collision if the plugin is # (temporarily) disabled raise errors.DuplicateEntry(message=unicode(self.msg_collision % keys[-1]))
raise errors.MutuallyExclusiveError(reason=_("user category cannot be set to 'all' while there are allowed users")) raise errors.MutuallyExclusiveError(reason=_("host category cannot be set to 'all' while there are allowed hosts"))
'%(count)d netgroup matched', '%(count)d netgroups matched', 0 )
Flag('private', exclude='webui', flags=['no_option', 'no_output'], ), Flag('managed', cli_name='managed', doc=_('search for managed groups'), default_from=lambda private: private, ), )
# Do not display private mepManagedEntry netgroups by default # If looking for managed groups, we need to omit the negation search filter
else: local_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
|