from ipsilon.info.common import InfoProviderBase
from ipsilon.info.common import InfoProviderInstaller
-from ipsilon.info.common import InfoMapping
from ipsilon.util.plugin import PluginObject
+from ipsilon.util.policy import Policy
from string import Template
import cherrypy
import time
# Map the mod_lookup_identity env variables to Ipsilon. The inverse of
# this is in the httpd template.
-sssd_mapping = {
- 'REMOTE_USER_GECOS': 'fullname',
- 'REMOTE_USER_EMAIL': 'email',
- 'REMOTE_USER_FIRSTNAME': 'givenname',
- 'REMOTE_USER_LASTNAME': 'surname',
- 'REMOTE_USER_STREET': 'street',
- 'REMOTE_USER_STATE': 'state',
- 'REMOTE_USER_POSTALCODE': 'postcode',
- 'REMOTE_USER_TELEPHONENUMBER': 'phone',
-}
+sssd_mapping = [
+ ['REMOTE_USER_GECOS', 'fullname'],
+ ['REMOTE_USER_EMAIL', 'email'],
+ ['REMOTE_USER_FIRSTNAME', 'givenname'],
+ ['REMOTE_USER_LASTNAME', 'surname'],
+ ['REMOTE_USER_STREET', 'street'],
+ ['REMOTE_USER_STATE', 'state'],
+ ['REMOTE_USER_POSTALCODE', 'postcode'],
+ ['REMOTE_USER_TELEPHONENUMBER', 'phone'],
+]
class InfoProvider(InfoProviderBase):
def __init__(self, *pargs):
super(InfoProvider, self).__init__(*pargs)
- self.mapper = InfoMapping()
- self.mapper.set_mapping(sssd_mapping)
+ self.mapper = Policy(sssd_mapping)
self.name = 'sssd'
self.new_config(self.name)
reply = dict()
try:
attrs, groups = self._get_user_data(user)
- userattrs, extras = self.mapper.map_attrs(attrs)
+ userattrs, extras = self.mapper.map_attributes(attrs)
reply = userattrs
reply['_groups'] = groups
reply['_extras'] = {'sssd': extras}
default='no',
help='Use mod_lookup_identity and SSSD to populate'
' user attrs')
- group.add_argument('--info-sssd-domain', action='store',
+ group.add_argument('--info-sssd-domain', action='append',
help='SSSD domain to enable mod_lookup_identity'
' for')
if opts['info_sssd'] != 'yes':
return
- if not opts['info_sssd_domain']:
- print 'info-identity-domain is required'
- return False
+ configured = 0
confopts = {'instance': opts['instance']}
print 'Loading SSSD config failed: %s' % e
return False
- try:
- domain = sssdconfig.get_domain(opts['info_sssd_domain'])
- except SSSDConfig.NoDomainError:
- print 'No domain %s' % opts['info_sssd_domain']
+ if not opts['info_sssd_domain']:
+ domains = sssdconfig.list_domains()
+ else:
+ domains = opts['info_sssd_domain']
+
+ for domain in domains:
+ try:
+ sssd_domain = sssdconfig.get_domain(domain)
+ except SSSDConfig.NoDomainError:
+ print 'No SSSD domain %s' % domain
+ continue
+ else:
+ sssd_domain.set_option(
+ 'ldap_user_extra_attrs', ', '.join(SSSD_ATTRS)
+ )
+ sssdconfig.save_domain(sssd_domain)
+ configured += 1
+ print "Configured SSSD domain %s" % domain
+
+ if configured == 0:
+ print 'No SSSD domains configured'
return False
- domain.set_option('ldap_user_extra_attrs', ', '.join(SSSD_ATTRS))
-
try:
sssdconfig.new_service('ifp')
except SSSDConfig.ServiceAlreadyExists:
ifp.set_option('user_attributes', '+' + ', +'.join(SSSD_ATTRS))
sssdconfig.save_service(ifp)
- sssdconfig.save_domain(domain)
sssdconfig.write(SSSD_CONF)
+ # for selinux enabled platforms, ignore if it fails just report
+ try:
+ subprocess.call(['/usr/sbin/setsebool', '-P',
+ 'httpd_dbus_sssd=on'])
+ except Exception: # pylint: disable=broad-except
+ pass
+
try:
subprocess.call(['/sbin/service', 'sssd', 'restart'])
except Exception: # pylint: disable=broad-except
projects / cascardo / ipsilon.git / blobdiff