ipaserver.plugins.stageuser.stageuser

class ipaserver.plugins.stageuser.stageuser(api)[source]

Bases: ipaserver.plugins.baseuser.baseuser

Stage User object A Stage user is not an Active user and can not be used to bind with. Stage container is: cn=staged users,cn=accounts,cn=provisioning,SUFFIX Stage entry conforms the schema Stage entry RDN attribute is ‘uid’ Stage entry are disabled (nsAccountLock: True) through cos

Public Methods:

Inherited from baseuser

normalize_and_validate_email(email[, config])

normalize_manager(manager, container)

Given a userid verify the user's existence (in the appropriate containter) and return the dn.

active_user(user)

stage_user(user)

delete_user(user)

convert_usercertificate_pre(entry_attrs)

convert_usercertificate_post(entry_attrs, ...)

convert_attribute_members(entry_attrs, ...)

Inherited from LDAPObject

get_dn(*keys, **kwargs)

Construct an LDAP DN.

get_dn_if_exists(*keys, **kwargs)

get_primary_key_from_dn(dn)

get_ancestor_primary_keys()

has_objectclass(classes, objectclass)

convert_attribute_members(entry_attrs, ...)

get_indirect_members(entry_attrs, attrs_list)

get_memberindirect(group_entry)

Get indirect members

get_memberofindirect(entry)

get_password_attributes(ldap, dn, entry_attrs)

Search on the entry to determine if it has a password or keytab set.

handle_not_found(*keys)

Handle NotFound exception

handle_duplicate_entry(*keys)

__json__()

Inherited from Object

backend

methods

params

primary_key

params_minus_pk

params_minus(*names)

Yield all Param whose name is not in names.

get_dn(*keys, **kwargs)

Construct an LDAP DN.

get_params()

This method gets called by HasParam._create_param_namespace().

__json__()

Inherited from Plugin

__init__(api)

finalize()

Finalize plugin initialization.

ensure_finalized()

Finalize plugin initialization if it has not yet been finalized.

__repr__()

Return 'module_name.class_name()' representation.

Inherited from ReadOnly

__lock__()

Put this instance into a read-only state.

__islocked__()

Return True if instance is locked, otherwise False.

__setattr__(name, value)

If unlocked, set attribute named name to value.

__delattr__(name)

If unlocked, delete attribute named name.

Private Data Attributes:

Inherited from ReadOnly

_ReadOnly__locked

Private Methods:

Inherited from baseuser

_user_status(user, container)

Inherited from Object

_on_finalize()

Do custom finalization.

_Object__get_attrs(name)

Inherited from HasParam

_get_param_iterable(name[, verb])

Return an iterable of params defined by the attribute named name.

_filter_param_by_context(name[, env])

Filter params on attribute named name by environment env.

_create_param_namespace(name[, env])

Inherited from Plugin

_Plugin__name_getter()

_Plugin__full_name_getter()

_Plugin__bases_getter()

_Plugin__doc_getter()

_Plugin__summary_getter()

_on_finalize()

Do custom finalization.


property Backend
property Command
NO_CLI = False
__annotations__ = {}
__delattr__(name)

If unlocked, delete attribute named name.

If this instance is locked, an AttributeError will be raised.

Parameters

name – Name of attribute to delete.

__dict__ = mappingproxy({'__module__': 'ipaserver.plugins.stageuser', '__doc__': "\n    Stage User object\n    A Stage user is not an Active user and can not be used to bind with.\n    Stage container is: cn=staged users,cn=accounts,cn=provisioning,SUFFIX\n    Stage entry conforms the schema\n    Stage entry RDN attribute is 'uid'\n    Stage entry are disabled (nsAccountLock: True) through cos\n    ", 'container_dn': ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning'), 'label': Gettext('Stage Users', domain='ipa', localedir=None), 'label_singular': Gettext('Stage User', domain='ipa', localedir=None), 'object_name': Gettext('stage user', domain='ipa', localedir=None), 'object_name_plural': Gettext('stage users', domain='ipa', localedir=None), 'managed_permissions': {'System: Add Stage User': {'ipapermlocation': ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermbindruletype': 'permission', 'ipapermtarget': ipapython.dn.DN('uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=*)'}, 'ipapermright': {'add'}, 'ipapermdefaultattr': {'*'}, 'default_privileges': {'Stage User Administrators', 'Stage User Provisioning'}}, 'System: Read Stage User password': {'ipapermlocation': ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermbindruletype': 'permission', 'ipapermtarget': ipapython.dn.DN('uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=*)'}, 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': {'userPassword', 'krbPrincipalKey'}, 'default_privileges': {'Stage User Administrators'}}, 'System: Modify Stage User': {'ipapermlocation': ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermbindruletype': 'permission', 'ipapermtarget': ipapython.dn.DN('uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=*)'}, 'ipapermright': {'write'}, 'ipapermdefaultattr': {'*'}, 'default_privileges': {'Stage User Administrators'}}, 'System: Remove Stage User': {'ipapermlocation': ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermbindruletype': 'permission', 'ipapermtarget': ipapython.dn.DN('uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=*)'}, 'ipapermright': {'delete'}, 'ipapermdefaultattr': {'*'}, 'default_privileges': {'Stage User Administrators'}}, 'System: Read Stage Users': {'ipapermlocation': ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermbindruletype': 'permission', 'ipapermtarget': ipapython.dn.DN('uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=*)'}, 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': {'*'}, 'default_privileges': {'Stage User Administrators'}}, 'System: Read Preserved Users': {'ipapermlocation': ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermbindruletype': 'permission', 'ipapermtarget': ipapython.dn.DN('uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=posixaccount)'}, 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': {'*'}, 'default_privileges': {'Stage User Administrators'}}, 'System: Modify Preserved Users': {'ipapermlocation': ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermbindruletype': 'permission', 'ipapermtarget': ipapython.dn.DN('uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=posixaccount)'}, 'ipapermright': {'write'}, 'ipapermdefaultattr': {'*'}, 'default_privileges': {'Stage User Administrators'}}, 'System: Reset Preserved User password': {'ipapermlocation': ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermbindruletype': 'permission', 'ipapermtarget': ipapython.dn.DN('uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=posixaccount)'}, 'ipapermright': {'read', 'search', 'write'}, 'ipapermdefaultattr': {'userPassword', 'krbPrincipalKey', 'krbPasswordExpiration', 'krbLastPwdChange'}, 'default_privileges': {'Stage User Administrators'}}, 'System: Remove preserved User': {'ipapermlocation': ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermbindruletype': 'permission', 'ipapermtarget': ipapython.dn.DN('uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=*)'}, 'ipapermright': {'delete'}, 'ipapermdefaultattr': {'*'}, 'default_privileges': {'Stage User Administrators'}}, 'System: Modify User RDN': {'ipapermlocation': ipapython.dn.DN('cn=users,cn=accounts,dc=ipa,dc=example'), 'ipapermbindruletype': 'permission', 'ipapermtarget': ipapython.dn.DN('uid=*,cn=users,cn=accounts,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=posixaccount)'}, 'ipapermright': {'write'}, 'ipapermdefaultattr': {'uid'}, 'default_privileges': {'Stage User Administrators'}}, 'System: Preserve User': {'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermbindruletype': 'permission', 'ipapermtargetfrom': ipapython.dn.DN('cn=users,cn=accounts,dc=ipa,dc=example'), 'ipapermtargetto': ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=nsContainer)'}, 'ipapermright': {'moddn'}, 'default_privileges': {'Stage User Administrators'}}, 'System: Undelete User': {'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermbindruletype': 'permission', 'ipapermtargetfrom': ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetto': ipapython.dn.DN('cn=users,cn=accounts,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=nsContainer)'}, 'ipapermright': {'moddn'}, 'default_privileges': {'Stage User Administrators'}}}, '__annotations__': {}})
__init__(api)
__islocked__()

Return True if instance is locked, otherwise False.

__json__()
__lock__()

Put this instance into a read-only state.

After the instance has been locked, attempting to set or delete an attribute will raise an AttributeError.

__module__ = 'ipaserver.plugins.stageuser'
__repr__()

Return ‘module_name.class_name()’ representation.

This representation could be used to instantiate this Plugin instance given the appropriate environment.

__setattr__(name, value)

If unlocked, set attribute named name to value.

If this instance is locked, an AttributeError will be raised.

Parameters
  • name – Name of attribute to set.

  • value – Value to assign to attribute.

__weakref__

list of weak references to the object (if defined)

_create_param_namespace(name, env=None)
_filter_param_by_context(name, env=None)

Filter params on attribute named name by environment env.

For example:

>>> from ipalib.config import Env
>>> class Example(HasParam):
...
...     takes_args = (
...         Str('foo_only', include=['foo']),
...         Str('not_bar', exclude=['bar']),
...         'both',
...     )
...
...     def get_args(self):
...         return self._get_param_iterable('args')
...
...
>>> eg = Example()
>>> foo = Env(context='foo')
>>> bar = Env(context='bar')
>>> another = Env(context='another')
>>> (foo.context, bar.context, another.context)
(u'foo', u'bar', u'another')
>>> list(eg._filter_param_by_context('args', foo))
[Str('foo_only', include=['foo']), Str('not_bar', exclude=['bar']), Str('both')]
>>> list(eg._filter_param_by_context('args', bar))
[Str('both')]
>>> list(eg._filter_param_by_context('args', another))
[Str('not_bar', exclude=['bar']), Str('both')]
_get_param_iterable(name, verb='takes')

Return an iterable of params defined by the attribute named name.

A sequence of params can be defined one of three ways: as a tuple; as a callable that returns an iterable; or as a param spec (a Param or str instance). This method returns a uniform iterable regardless of how the param sequence was defined.

For example, when defined with a tuple:

>>> class ByTuple(HasParam):
...     takes_args = (Param('foo'), Param('bar'))
...
>>> by_tuple = ByTuple()
>>> list(by_tuple._get_param_iterable('args'))
[Param('foo'), Param('bar')]

Or you can define your param sequence with a callable when you need to reference attributes on your plugin instance (for validation rules, etc.). For example:

>>> class ByCallable(HasParam):
...     def takes_args(self):
...         yield Param('foo', self.validate_foo)
...         yield Param('bar', self.validate_bar)
...
...     def validate_foo(self, _, value, **kw):
...         if value != 'Foo':
...             return _("must be 'Foo'")
...
...     def validate_bar(self, _, value, **kw):
...         if value != 'Bar':
...             return _("must be 'Bar'")
...
>>> by_callable = ByCallable()
>>> list(by_callable._get_param_iterable('args'))
[Param('foo', validate_foo), Param('bar', validate_bar)]

Lastly, as a convenience for when a param sequence contains a single param, your defining attribute may a param spec (either a Param or an str instance). For example:

>>> class BySpec(HasParam):
...     takes_args = Param('foo')
...     takes_options = 'bar?'
...
>>> by_spec = BySpec()
>>> list(by_spec._get_param_iterable('args'))
[Param('foo')]
>>> list(by_spec._get_param_iterable('options'))
['bar?']

For information on how an str param spec is interpreted, see the create_param() and parse_param_spec() functions in the ipalib.parameters module.

Also see HasParam._filter_param_by_context().

_on_finalize()

Do custom finalization.

This method is called from finalize(). Subclasses can override this method in order to add custom finalization.

_user_status(user, container)
active_container_dn = ipapython.dn.DN('cn=users,cn=accounts')
active_user(user)
allow_rename = True
already_exists_msg = Gettext('%(oname)s with name "%(pkey)s" already exists', domain='ipa', localedir=None)
property api

Return API instance passed to __init__().

attribute_members = {'manager': ['user'], 'memberof': ['group', 'netgroup', 'role', 'hbacrule', 'sudorule', 'subid'], 'memberofindirect': ['group', 'netgroup', 'role', 'hbacrule', 'sudorule']}
backend = None
backend_name = 'ldap2'
bases = (<class 'ipaserver.plugins.baseuser.baseuser'>,)
bindable = True
container_dn = ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning')
container_not_found_msg = Gettext('container entry (%(container)s) not found', domain='ipa', localedir=None)
property context
convert_attribute_members(entry_attrs, *keys, **options)
convert_usercertificate_post(entry_attrs, **options)
convert_usercertificate_pre(entry_attrs)
default_attributes = ['uid', 'givenname', 'sn', 'homedirectory', 'loginshell', 'uidnumber', 'gidnumber', 'mail', 'ou', 'telephonenumber', 'title', 'memberof', 'nsaccountlock', 'memberofindirect', 'ipauserauthtype', 'userclass', 'ipatokenradiusconfiglink', 'ipatokenradiususername', 'ipaidpconfiglink', 'ipaidpsub', 'krbprincipalexpiration', 'usercertificate;binary', 'krbprincipalname', 'krbcanonicalname', 'ipacertmapdata', 'ipantlogonscript', 'ipantprofilepath', 'ipanthomedirectory', 'ipanthomedirectorydrive']
delete_container_dn = ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning')
delete_user(user)
disallow_object_classes = ['krbticketpolicyaux']
doc = "\n    Stage User object\n    A Stage user is not an Active user and can not be used to bind with.\n    Stage container is: cn=staged users,cn=accounts,cn=provisioning,SUFFIX\n    Stage entry conforms the schema\n    Stage entry RDN attribute is 'uid'\n    Stage entry are disabled (nsAccountLock: True) through cos\n    "
ensure_finalized()

Finalize plugin initialization if it has not yet been finalized.

property env
finalize()

Finalize plugin initialization.

This method calls _on_finalize() and locks the plugin object.

Subclasses should not override this method. Custom finalization is done in _on_finalize().

class finalize_attr(name, value=None)

Bases: object

Create a stub object for plugin attribute that isn’t set until the finalization of the plugin initialization.

When the stub object is accessed, it calls ensure_finalized() to make sure the plugin initialization is finalized. The stub object is expected to be replaced with the actual attribute value during the finalization (preferably in _on_finalize()), otherwise an AttributeError is raised.

This is used to implement on-demand finalization of plugin initialization.

__annotations__ = {}
__get__(obj, cls)
__init__(name, value=None)
__module__ = 'ipalib.plugable'
__slots__ = ('name', 'value')
name
value
full_name = 'stageuser/1'
get_ancestor_primary_keys()
get_dn(*keys, **kwargs)

Construct an LDAP DN.

get_dn_if_exists(*keys, **kwargs)
get_indirect_members(entry_attrs, attrs_list)
get_memberindirect(group_entry)

Get indirect members

get_memberofindirect(entry)
get_params()

This method gets called by HasParam._create_param_namespace().

get_password_attributes(ldap, dn, entry_attrs)

Search on the entry to determine if it has a password or keytab set.

A tuple is used to determine which attribute is set in entry_attrs. The value is set to True/False whether a given password type is set.

get_primary_key_from_dn(dn)
handle_duplicate_entry(*keys)
handle_not_found(*keys)

Handle NotFound exception

Must raise errors.NotFound again.

has_objectclass(classes, objectclass)
hidden_attributes = ['objectclass', 'aci']
json_friendly_attributes = ('parent_object', 'container_dn', 'object_name', 'object_name_plural', 'object_class', 'object_class_config', 'default_attributes', 'label', 'label_singular', 'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name', 'takes_params', 'rdn_attribute', 'bindable', 'relationships')
label = Gettext('Stage Users', domain='ipa', localedir=None)
label_singular = Gettext('Stage User', domain='ipa', localedir=None)
limit_object_classes = []
managed_permissions = {'System: Add Stage User': {'default_privileges': {'Stage User Administrators', 'Stage User Provisioning'}, 'ipapermbindruletype': 'permission', 'ipapermdefaultattr': {'*'}, 'ipapermlocation': ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermright': {'add'}, 'ipapermtarget': ipapython.dn.DN('uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=*)'}}, 'System: Modify Preserved Users': {'default_privileges': {'Stage User Administrators'}, 'ipapermbindruletype': 'permission', 'ipapermdefaultattr': {'*'}, 'ipapermlocation': ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermright': {'write'}, 'ipapermtarget': ipapython.dn.DN('uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=posixaccount)'}}, 'System: Modify Stage User': {'default_privileges': {'Stage User Administrators'}, 'ipapermbindruletype': 'permission', 'ipapermdefaultattr': {'*'}, 'ipapermlocation': ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermright': {'write'}, 'ipapermtarget': ipapython.dn.DN('uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=*)'}}, 'System: Modify User RDN': {'default_privileges': {'Stage User Administrators'}, 'ipapermbindruletype': 'permission', 'ipapermdefaultattr': {'uid'}, 'ipapermlocation': ipapython.dn.DN('cn=users,cn=accounts,dc=ipa,dc=example'), 'ipapermright': {'write'}, 'ipapermtarget': ipapython.dn.DN('uid=*,cn=users,cn=accounts,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=posixaccount)'}}, 'System: Preserve User': {'default_privileges': {'Stage User Administrators'}, 'ipapermbindruletype': 'permission', 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermright': {'moddn'}, 'ipapermtargetfilter': {'(objectclass=nsContainer)'}, 'ipapermtargetfrom': ipapython.dn.DN('cn=users,cn=accounts,dc=ipa,dc=example'), 'ipapermtargetto': ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example')}, 'System: Read Preserved Users': {'default_privileges': {'Stage User Administrators'}, 'ipapermbindruletype': 'permission', 'ipapermdefaultattr': {'*'}, 'ipapermlocation': ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermright': {'compare', 'read', 'search'}, 'ipapermtarget': ipapython.dn.DN('uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=posixaccount)'}}, 'System: Read Stage User password': {'default_privileges': {'Stage User Administrators'}, 'ipapermbindruletype': 'permission', 'ipapermdefaultattr': {'krbPrincipalKey', 'userPassword'}, 'ipapermlocation': ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermright': {'compare', 'read', 'search'}, 'ipapermtarget': ipapython.dn.DN('uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=*)'}}, 'System: Read Stage Users': {'default_privileges': {'Stage User Administrators'}, 'ipapermbindruletype': 'permission', 'ipapermdefaultattr': {'*'}, 'ipapermlocation': ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermright': {'compare', 'read', 'search'}, 'ipapermtarget': ipapython.dn.DN('uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=*)'}}, 'System: Remove Stage User': {'default_privileges': {'Stage User Administrators'}, 'ipapermbindruletype': 'permission', 'ipapermdefaultattr': {'*'}, 'ipapermlocation': ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermright': {'delete'}, 'ipapermtarget': ipapython.dn.DN('uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=*)'}}, 'System: Remove preserved User': {'default_privileges': {'Stage User Administrators'}, 'ipapermbindruletype': 'permission', 'ipapermdefaultattr': {'*'}, 'ipapermlocation': ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermright': {'delete'}, 'ipapermtarget': ipapython.dn.DN('uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=*)'}}, 'System: Reset Preserved User password': {'default_privileges': {'Stage User Administrators'}, 'ipapermbindruletype': 'permission', 'ipapermdefaultattr': {'krbLastPwdChange', 'krbPasswordExpiration', 'krbPrincipalKey', 'userPassword'}, 'ipapermlocation': ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermright': {'read', 'search', 'write'}, 'ipapermtarget': ipapython.dn.DN('uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetfilter': {'(objectclass=posixaccount)'}}, 'System: Undelete User': {'default_privileges': {'Stage User Administrators'}, 'ipapermbindruletype': 'permission', 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermright': {'moddn'}, 'ipapermtargetfilter': {'(objectclass=nsContainer)'}, 'ipapermtargetfrom': ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example'), 'ipapermtargetto': ipapython.dn.DN('cn=users,cn=accounts,dc=ipa,dc=example')}}
methods = None
name = 'stageuser'
normalize_and_validate_email(email, config=None)
normalize_manager(manager, container)

Given a userid verify the user’s existence (in the appropriate containter) and return the dn.

object_class = ['posixaccount']
object_class_config = 'ipauserobjectclasses'
object_name = Gettext('stage user', domain='ipa', localedir=None)
object_name_plural = Gettext('stage users', domain='ipa', localedir=None)
object_not_found_msg = Gettext('%(pkey)s: %(oname)s not found', domain='ipa', localedir=None)
params = None
params_minus(*names)

Yield all Param whose name is not in names.

params_minus_pk = None
parent_not_found_msg = Gettext('%(parent)s: %(oname)s not found', domain='ipa', localedir=None)
parent_object = ''
password_attributes = [('userpassword', 'has_password'), ('krbprincipalkey', 'has_keytab')]
permission_filter_objectclasses = ['posixaccount']
possible_objectclasses = ['meporiginentry', 'ipauserauthtypeclass', 'ipauser', 'ipatokenradiusproxyuser', 'ipacertmapobject', 'ipantuserattrs', 'ipaidpuser']
primary_key = None
rdn_attribute = ''
relationships = {'member': ('Member', '', 'no_'), 'memberindirect': ('Indirect Member', None, 'no_indirect_'), 'membermanager': ('Group membership managed by', 'membermanager_', 'not_membermanager_'), 'memberof': ('Member Of', 'in_', 'not_in_'), 'memberofindirect': ('Indirect Member Of', None, 'not_in_indirect_')}
search_attributes = []
search_attributes_config = 'ipausersearchfields'
search_display_attributes = ['uid', 'givenname', 'sn', 'homedirectory', 'krbcanonicalname', 'krbprincipalname', 'loginshell', 'mail', 'telephonenumber', 'title', 'nsaccountlock', 'uidnumber', 'gidnumber', 'sshpubkeyfp']
stage_container_dn = ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning')
stage_user(user)
summary = "Stage User object\n    A Stage user is not an Active user and can not be used to bind with.\n    Stage container is: cn=staged users,cn=accounts,cn=provisioning,SUFFIX\n    Stage entry conforms the schema\n    Stage entry RDN attribute is 'uid'\n    Stage entry are disabled (nsAccountLock: True) through cos"
takes_params = (Str('uid', cli_name='login', default_from=DefaultFrom('givenname', 'sn'), label=Gettext('User login', domain='ipa', localedir=None), maxlength=255, normalizer=<lambda>, pattern=u'(?!^[0-9]+$)^[a-zA-Z0-9_.][a-zA-Z0-9_.-]*[a-zA-Z0-9_.$-]?$', pattern_errmsg=u'may only include letters, numbers, _, -, . and $', primary_key=True), Str('givenname', cli_name='first', label=Gettext('First name', domain='ipa', localedir=None)), Str('sn', cli_name='last', label=Gettext('Last name', domain='ipa', localedir=None)), Str('cn', autofill=True, default_from=DefaultFrom('givenname', 'sn'), label=Gettext('Full name', domain='ipa', localedir=None)), Str('displayname?', autofill=True, default_from=DefaultFrom('givenname', 'sn'), label=Gettext('Display name', domain='ipa', localedir=None)), Str('initials?', autofill=True, default_from=DefaultFrom('givenname', 'sn'), label=Gettext('Initials', domain='ipa', localedir=None)), Str('homedirectory?', cli_name='homedir', label=Gettext('Home directory', domain='ipa', localedir=None)), Str('gecos?', autofill=True, default_from=DefaultFrom('givenname', 'sn'), label=Gettext('GECOS', domain='ipa', localedir=None)), Str('loginshell?', cli_name='shell', label=Gettext('Login shell', domain='ipa', localedir=None)), Principal('krbcanonicalname?', validate_realm, flags=[u'no_update', u'no_create', u'no_search', u'no_option'], label=Gettext('Principal name', domain='ipa', localedir=None), normalizer=normalize_user_principal), Principal('krbprincipalname*', validate_realm, autofill=True, cli_name='principal', default_from=DefaultFrom('uid'), label=Gettext('Principal alias', domain='ipa', localedir=None), normalizer=normalize_user_principal), DateTime('krbprincipalexpiration?', cli_name='principal_expiration', label=Gettext('Kerberos principal expiration', domain='ipa', localedir=None)), DateTime('krbpasswordexpiration?', cli_name='password_expiration', label=Gettext('User password expiration', domain='ipa', localedir=None)), Str('mail*', cli_name='email', label=Gettext('Email address', domain='ipa', localedir=None)), Password('userpassword?', cli_name='password', doc=Gettext('Prompt to set the user password', domain='ipa', localedir=None), exclude=[u'webui'], label=Gettext('Password', domain='ipa', localedir=None)), Flag('random?', autofill=True, default=False, doc=Gettext('Generate a random user password', domain='ipa', localedir=None), flags=[u'no_search', u'virtual_attribute']), Str('randompassword?', flags=[u'no_create', u'no_search', u'no_update', u'virtual_attribute'], label=Gettext('Random password', domain='ipa', localedir=None)), Int('uidnumber?', cli_name='uid', doc=Gettext('User ID Number (system will assign one if not provided)', domain='ipa', localedir=None), label=Gettext('UID', domain='ipa', localedir=None), minvalue=1), Int('gidnumber?', doc=Gettext('Group ID Number', domain='ipa', localedir=None), label=Gettext('GID', domain='ipa', localedir=None), minvalue=1), Str('street?', cli_name='street', label=Gettext('Street address', domain='ipa', localedir=None)), Str('l?', cli_name='city', label=Gettext('City', domain='ipa', localedir=None)), Str('st?', cli_name='state', label=Gettext('State/Province', domain='ipa', localedir=None)), Str('postalcode?', label=Gettext('ZIP', domain='ipa', localedir=None)), Str('telephonenumber*', cli_name='phone', label=Gettext('Telephone Number', domain='ipa', localedir=None)), Str('mobile*', label=Gettext('Mobile Telephone Number', domain='ipa', localedir=None)), Str('pager*', label=Gettext('Pager Number', domain='ipa', localedir=None)), Str('facsimiletelephonenumber*', cli_name='fax', label=Gettext('Fax Number', domain='ipa', localedir=None)), Str('ou?', cli_name='orgunit', label=Gettext('Org. Unit', domain='ipa', localedir=None)), Str('title?', label=Gettext('Job Title', domain='ipa', localedir=None)), Str('manager?', label=Gettext('Manager', domain='ipa', localedir=None)), Str('carlicense*', label=Gettext('Car License', domain='ipa', localedir=None)), Str('ipasshpubkey*', validate_sshpubkey, cli_name='sshpubkey', flags=[u'no_search'], label=Gettext('SSH public key', domain='ipa', localedir=None), normalizer=normalize_sshpubkey), Str('sshpubkeyfp*', flags=[u'no_update', u'no_create', u'no_search', u'virtual_attribute'], label=Gettext('SSH public key fingerprint', domain='ipa', localedir=None)), StrEnum('ipauserauthtype*', cli_metavar=u"['password', 'radius', 'otp', 'pkinit', 'hardened', 'idp']", cli_name='user_auth_type', doc=Gettext('Types of supported user authentication', domain='ipa', localedir=None), label=Gettext('User authentication types', domain='ipa', localedir=None), values=[u'password', u'radius', u'otp', u'pkinit', u'hardened', u'idp']), Str('userclass*', cli_name='class', doc=Gettext('User category (semantics placed on this attribute are for local interpretation)', domain='ipa', localedir=None), label=Gettext('Class', domain='ipa', localedir=None)), Str('ipatokenradiusconfiglink?', cli_name='radius', label=Gettext('RADIUS proxy configuration', domain='ipa', localedir=None)), Str('ipatokenradiususername?', cli_name='radius_username', label=Gettext('RADIUS proxy username', domain='ipa', localedir=None)), Str('ipaidpconfiglink?', cli_name='idp', label=Gettext('External IdP configuration', domain='ipa', localedir=None)), Str('ipaidpsub?', cli_name='idp_user_id', doc=Gettext('A string that identifies the user at external IdP', domain='ipa', localedir=None), label=Gettext('External IdP user identifier', domain='ipa', localedir=None)), Str('departmentnumber*', label=Gettext('Department Number', domain='ipa', localedir=None)), Str('employeenumber?', label=Gettext('Employee Number', domain='ipa', localedir=None)), Str('employeetype?', label=Gettext('Employee Type', domain='ipa', localedir=None)), Str('preferredlanguage?', label=Gettext('Preferred Language', domain='ipa', localedir=None), pattern=u'^(([a-zA-Z]{1,8}(-[a-zA-Z]{1,8})?(;q\\=((0(\\.[0-9]{0,3})?)|(1(\\.0{0,3})?)))?(\\s*,\\s*[a-zA-Z]{1,8}(-[a-zA-Z]{1,8})?(;q\\=((0(\\.[0-9]{0,3})?)|(1(\\.0{0,3})?)))?)*)|(\\*))$', pattern_errmsg=u'must match RFC 2068 - 14.4, e.g., "da, en-gb;q=0.8, en;q=0.7"'), Certificate('usercertificate*', cli_name='certificate', doc=Gettext('Base-64 encoded user certificate', domain='ipa', localedir=None), label=Gettext('Certificate', domain='ipa', localedir=None)), Str('ipacertmapdata*', cli_name='certmapdata', doc=Gettext('Certificate mapping data', domain='ipa', localedir=None), flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Certificate mapping data', domain='ipa', localedir=None)), Str('ipantlogonscript?', cli_name='smb_logon_script', flags=[u'no_create'], label=Gettext('SMB logon script path', domain='ipa', localedir=None)), Str('ipantprofilepath?', cli_name='smb_profile_path', flags=[u'no_create'], label=Gettext('SMB profile path', domain='ipa', localedir=None)), Str('ipanthomedirectory?', cli_name='smb_home_dir', flags=[u'no_create'], label=Gettext('SMB Home Directory', domain='ipa', localedir=None)), StrEnum('ipanthomedirectorydrive?', cli_metavar=u"['A:', 'B:', 'C:', 'D:', 'E:', 'F:', 'G:', 'H:', 'I:', 'J:', 'K:', 'L:', 'M:', 'N:', 'O:', 'P:', 'Q:', 'R:', 'S:', 'T:', 'U:', 'V:', 'W:', 'X:', 'Y:', 'Z:']", cli_name='smb_home_drive', flags=[u'no_create'], label=Gettext('SMB Home Directory Drive', domain='ipa', localedir=None), values=[u'A:', u'B:', u'C:', u'D:', u'E:', u'F:', u'G:', u'H:', u'I:', u'J:', u'K:', u'L:', u'M:', u'N:', u'O:', u'P:', u'Q:', u'R:', u'S:', u'T:', u'U:', u'V:', u'W:', u'X:', u'Y:', u'Z:']))
uuid_attribute = 'ipauniqueid'
version = '1'