ipaserver.plugins.config.config¶
- class ipaserver.plugins.config.config(api)[source]¶
Bases:
ipaserver.plugins.baseldap.LDAPObject
IPA configuration object
Public Data Attributes:
Inherited from
LDAPObject
Inherited from
Object
Public Methods:
get_dn
(*keys, **kwargs)Construct an LDAP DN.
update_entry_with_role_config
(role_name, ...)show_servroles_attributes
(entry_attrs, ...)Aggregate all trusted domains into a dict keyed by domain names with values corresponding to domain status (enabled/disabled)
validate_domain_resolution_order
(entry_attrs)Validate domain resolution order, e.g.
Inherited from
LDAPObject
get_dn
(*keys, **kwargs)Construct an LDAP DN.
get_dn_if_exists
(*keys, **kwargs)has_objectclass
(classes, objectclass)convert_attribute_members
(entry_attrs, ...)get_indirect_members
(entry_attrs, attrs_list)get_memberindirect
(group_entry)Get indirect members
get_memberofindirect
(entry)get_password_attributes
(ldap, dn, entry_attrs)Search on the entry to determine if it has a password or keytab set.
handle_not_found
(*keys)Handle NotFound exception
handle_duplicate_entry
(*keys)__json__
()Inherited from
Object
params_minus
(*names)Yield all Param whose name is not in
names
.get_dn
(*keys, **kwargs)Construct an LDAP DN.
This method gets called by HasParam._create_param_namespace().
__json__
()Inherited from
Plugin
__init__
(api)finalize
()Finalize plugin initialization.
Finalize plugin initialization if it has not yet been finalized.
__repr__
()Return 'module_name.class_name()' representation.
Inherited from
ReadOnly
__lock__
()Put this instance into a read-only state.
Return True if instance is locked, otherwise False.
__setattr__
(name, value)If unlocked, set attribute named
name
tovalue
.__delattr__
(name)If unlocked, delete attribute named
name
.Private Data Attributes:
Inherited from
ReadOnly
_ReadOnly__locked
Private Methods:
_validate_single_domain
(attr_name, domain, ...)Validate a single domain from domain resolution order
Inherited from
Object
Do custom finalization.
_Object__get_attrs
(name)Inherited from
HasParam
_get_param_iterable
(name[, verb])Return an iterable of params defined by the attribute named
name
._filter_param_by_context
(name[, env])Filter params on attribute named
name
by environmentenv
._create_param_namespace
(name[, env])Inherited from
Plugin
_Plugin__name_getter
()_Plugin__full_name_getter
()_Plugin__bases_getter
()_Plugin__doc_getter
()_Plugin__summary_getter
()Do custom finalization.
- property Backend¶
- property Command¶
- NO_CLI = False¶
- __annotations__ = {}¶
- __delattr__(name)¶
If unlocked, delete attribute named
name
.If this instance is locked, an AttributeError will be raised.
- Parameters
name – Name of attribute to delete.
- __dict__ = mappingproxy({'__module__': 'ipaserver.plugins.config', '__doc__': '\n IPA configuration object\n ', 'object_name': Gettext('configuration options', domain='ipa', localedir=None), 'default_attributes': ['ipamaxusernamelength', 'ipahomesrootdir', 'ipadefaultloginshell', 'ipadefaultprimarygroup', 'ipadefaultemaildomain', 'ipasearchtimelimit', 'ipasearchrecordslimit', 'ipausersearchfields', 'ipagroupsearchfields', 'ipamigrationenabled', 'ipacertificatesubjectbase', 'ipapwdexpadvnotify', 'ipaselinuxusermaporder', 'ipaselinuxusermapdefault', 'ipaconfigstring', 'ipakrbauthzdata', 'ipauserauthtype', 'ipadomainresolutionorder', 'ipamaxhostnamelength', 'ipauserdefaultsubordinateid'], 'container_dn': ipapython.dn.DN('cn=ipaconfig,cn=etc'), 'permission_filter_objectclasses': ['ipaguiconfig'], 'managed_permissions': {'System: Read Global Configuration': {'replaces_global_anonymous_aci': True, 'ipapermbindruletype': 'all', 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': {'ipahomesrootdir', 'ipacustomfields', 'ipadefaultemaildomain', 'ipasearchtimelimit', 'ipauserobjectclasses', 'ipauserdefaultsubordinateid', 'ipaselinuxusermaporder', 'objectclass', 'ipasearchrecordslimit', 'ipaconfigstring', 'ipadefaultprimarygroup', 'ipamigrationenabled', 'ipausersearchfields', 'ipapwdexpadvnotify', 'ipamaxusernamelength', 'ipadefaultloginshell', 'ipadomainresolutionorder', 'ipauserauthtype', 'ipakrbauthzdata', 'cn', 'ipamaxhostnamelength', 'ipaselinuxusermapdefault', 'ipagroupobjectclasses', 'ipacertificatesubjectbase', 'ipagroupsearchfields'}}}, 'label': Gettext('Configuration', domain='ipa', localedir=None), 'label_singular': Gettext('Configuration', domain='ipa', localedir=None), 'takes_params': (Int('ipamaxusernamelength', cli_name='maxusername', label=Gettext('Maximum username length', domain='ipa', localedir=None), maxvalue=255, minvalue=1), Int('ipamaxhostnamelength', cli_name='maxhostname', label=Gettext('Maximum hostname length', domain='ipa', localedir=None), maxvalue=255, minvalue=64), IA5Str('ipahomesrootdir', cli_name='homedirectory', doc=Gettext('Default location of home directories', domain='ipa', localedir=None), label=Gettext('Home directory base', domain='ipa', localedir=None)), Str('ipadefaultloginshell', cli_name='defaultshell', doc=Gettext('Default shell for new users', domain='ipa', localedir=None), label=Gettext('Default shell', domain='ipa', localedir=None)), Str('ipadefaultprimarygroup', cli_name='defaultgroup', doc=Gettext('Default group for new users', domain='ipa', localedir=None), label=Gettext('Default users group', domain='ipa', localedir=None)), Str('ipadefaultemaildomain?', cli_name='emaildomain', doc=Gettext('Default e-mail domain', domain='ipa', localedir=None), label=Gettext('Default e-mail domain', domain='ipa', localedir=None)), Int('ipasearchtimelimit', cli_name='searchtimelimit', doc=Gettext('Maximum amount of time (seconds) for a search (-1 or 0 is unlimited)', domain='ipa', localedir=None), label=Gettext('Search time limit', domain='ipa', localedir=None), minvalue=-1), Int('ipasearchrecordslimit', validate_search_records_limit, cli_name='searchrecordslimit', doc=Gettext('Maximum number of records to search (-1 or 0 is unlimited)', domain='ipa', localedir=None), label=Gettext('Search size limit', domain='ipa', localedir=None)), IA5Str('ipausersearchfields', cli_name='usersearch', doc=Gettext('A comma-separated list of fields to search in when searching for users', domain='ipa', localedir=None), label=Gettext('User search fields', domain='ipa', localedir=None)), IA5Str('ipagroupsearchfields', cli_name='groupsearch', doc=Gettext('A comma-separated list of fields to search in when searching for groups', domain='ipa', localedir=None), label=Gettext('Group search fields', domain='ipa', localedir=None)), Bool('ipamigrationenabled', cli_name='enable_migration', doc=Gettext('Enable migration mode', domain='ipa', localedir=None), label=Gettext('Enable migration mode', domain='ipa', localedir=None)), DNParam('ipacertificatesubjectbase', cli_name='subject', doc=Gettext('Base for certificate subjects (OU=Test,O=Example)', domain='ipa', localedir=None), flags=[u'no_update'], label=Gettext('Certificate Subject base', domain='ipa', localedir=None)), Str('ipagroupobjectclasses+', cli_name='groupobjectclasses', doc=Gettext('Default group objectclasses (comma-separated list)', domain='ipa', localedir=None), label=Gettext('Default group objectclasses', domain='ipa', localedir=None)), Str('ipauserobjectclasses+', cli_name='userobjectclasses', doc=Gettext('Default user objectclasses (comma-separated list)', domain='ipa', localedir=None), label=Gettext('Default user objectclasses', domain='ipa', localedir=None)), Int('ipapwdexpadvnotify', cli_name='pwdexpnotify', doc=Gettext("Number of days's notice of impending password expiration", domain='ipa', localedir=None), label=Gettext('Password Expiration Notification (days)', domain='ipa', localedir=None), minvalue=0), StrEnum('ipaconfigstring*', cli_metavar=u"['AllowNThash', 'KDC:Disable Last Success', 'KDC:Disable Lockout', 'KDC:Disable Default Preauth for SPNs']", cli_name='ipaconfigstring', doc=Gettext('Extra hashes to generate in password plug-in', domain='ipa', localedir=None), label=Gettext('Password plugin features', domain='ipa', localedir=None), values=[u'AllowNThash', u'KDC:Disable Last Success', u'KDC:Disable Lockout', u'KDC:Disable Default Preauth for SPNs']), Str('ipaselinuxusermaporder', doc=Gettext('Order in increasing priority of SELinux users, delimited by $', domain='ipa', localedir=None), label=Gettext('SELinux user map order', domain='ipa', localedir=None)), Str('ipaselinuxusermapdefault?', doc=Gettext('Default SELinux user when no match is found in SELinux map rule', domain='ipa', localedir=None), label=Gettext('Default SELinux user', domain='ipa', localedir=None)), StrEnum('ipakrbauthzdata*', cli_metavar=u"['MS-PAC', 'PAD', 'nfs:NONE']", cli_name='pac_type', doc=Gettext('Default types of PAC supported for services', domain='ipa', localedir=None), label=Gettext('Default PAC types', domain='ipa', localedir=None), values=[u'MS-PAC', u'PAD', u'nfs:NONE']), StrEnum('ipauserauthtype*', cli_metavar=u"['password', 'radius', 'otp', 'pkinit', 'hardened', 'idp', 'disabled']", cli_name='user_auth_type', doc=Gettext('Default types of supported user authentication', domain='ipa', localedir=None), label=Gettext('Default user authentication types', domain='ipa', localedir=None), values=[u'password', u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'disabled']), Bool('ipauserdefaultsubordinateid?', cli_name='user_default_subid', doc=Gettext('Enable adding subids to new users', domain='ipa', localedir=None), label=Gettext('Enable adding subids to new users', domain='ipa', localedir=None)), Str('ipa_master_server*', doc=Gettext('List of all IPA masters', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('IPA masters', domain='ipa', localedir=None)), Str('ipa_master_hidden_server*', doc=Gettext('List of all hidden IPA masters', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('Hidden IPA masters', domain='ipa', localedir=None)), Str('pkinit_server_server*', doc=Gettext('IPA master which can process PKINIT requests', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('IPA master capable of PKINIT', domain='ipa', localedir=None)), Str('ca_server_server*', doc=Gettext('IPA servers configured as certificate authority', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('IPA CA servers', domain='ipa', localedir=None)), Str('ca_server_hidden_server*', doc=Gettext('Hidden IPA servers configured as certificate authority', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('Hidden IPA CA servers', domain='ipa', localedir=None)), Str('ca_renewal_master_server?', doc=Gettext('Renewal master for IPA certificate authority', domain='ipa', localedir=None), flags=[u'no_create', u'virtual_attribute'], label=Gettext('IPA CA renewal master', domain='ipa', localedir=None)), Str('kra_server_server*', doc=Gettext('IPA servers configured as key recovery agent', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('IPA KRA servers', domain='ipa', localedir=None)), Str('kra_server_hidden_server*', doc=Gettext('Hidden IPA servers configured as key recovery agent', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('Hidden IPA KRA servers', domain='ipa', localedir=None)), Str('ipadomainresolutionorder?', cli_name='domain_resolution_order', doc=Gettext('colon-separated list of domains used for short name qualification', domain='ipa', localedir=None), label=Gettext('Domain resolution order', domain='ipa', localedir=None)), Str('dns_server_server*', doc=Gettext('IPA servers configured as domain name server', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('IPA DNS servers', domain='ipa', localedir=None)), Str('dns_server_hidden_server*', doc=Gettext('Hidden IPA servers configured as domain name server', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('Hidden IPA DNS servers', domain='ipa', localedir=None)), Str('dnssec_key_master_server?', doc=Gettext('DNSec key master', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('IPA DNSSec key master', domain='ipa', localedir=None)), Flag('enable_sid?', autofill=True, default=False, doc=Gettext('New users and groups automatically get a SID assigned', domain='ipa', localedir=None), flags=[u'no_create', u'virtual_attribute'], label=Gettext('Setup SID configuration', domain='ipa', localedir=None)), Flag('add_sids?', autofill=True, default=False, doc=Gettext('Add SIDs for existing users and groups', domain='ipa', localedir=None), flags=[u'no_create', u'virtual_attribute'], label=Gettext('Add SIDs', domain='ipa', localedir=None)), Str('netbios_name?', doc=Gettext('NetBIOS name of the IPA domain', domain='ipa', localedir=None), flags=[u'no_create', u'virtual_attribute'], label=Gettext('NetBIOS name of the IPA domain', domain='ipa', localedir=None))), 'get_dn': <function config.get_dn>, 'update_entry_with_role_config': <function config.update_entry_with_role_config>, 'show_servroles_attributes': <function config.show_servroles_attributes>, 'gather_trusted_domains': <function config.gather_trusted_domains>, '_validate_single_domain': <function config._validate_single_domain>, 'validate_domain_resolution_order': <function config.validate_domain_resolution_order>, '__annotations__': {}})¶
- __init__(api)¶
- __islocked__()¶
Return True if instance is locked, otherwise False.
- __json__()¶
- __lock__()¶
Put this instance into a read-only state.
After the instance has been locked, attempting to set or delete an attribute will raise an AttributeError.
- __module__ = 'ipaserver.plugins.config'¶
- __repr__()¶
Return ‘module_name.class_name()’ representation.
This representation could be used to instantiate this Plugin instance given the appropriate environment.
- __setattr__(name, value)¶
If unlocked, set attribute named
name
tovalue
.If this instance is locked, an AttributeError will be raised.
- Parameters
name – Name of attribute to set.
value – Value to assign to attribute.
- __weakref__¶
list of weak references to the object (if defined)
- _create_param_namespace(name, env=None)¶
- _filter_param_by_context(name, env=None)¶
Filter params on attribute named
name
by environmentenv
.For example:
>>> from ipalib.config import Env >>> class Example(HasParam): ... ... takes_args = ( ... Str('foo_only', include=['foo']), ... Str('not_bar', exclude=['bar']), ... 'both', ... ) ... ... def get_args(self): ... return self._get_param_iterable('args') ... ... >>> eg = Example() >>> foo = Env(context='foo') >>> bar = Env(context='bar') >>> another = Env(context='another') >>> (foo.context, bar.context, another.context) (u'foo', u'bar', u'another') >>> list(eg._filter_param_by_context('args', foo)) [Str('foo_only', include=['foo']), Str('not_bar', exclude=['bar']), Str('both')] >>> list(eg._filter_param_by_context('args', bar)) [Str('both')] >>> list(eg._filter_param_by_context('args', another)) [Str('not_bar', exclude=['bar']), Str('both')]
- _get_param_iterable(name, verb='takes')¶
Return an iterable of params defined by the attribute named
name
.A sequence of params can be defined one of three ways: as a
tuple
; as a callable that returns an iterable; or as a param spec (a Param orstr
instance). This method returns a uniform iterable regardless of how the param sequence was defined.For example, when defined with a tuple:
>>> class ByTuple(HasParam): ... takes_args = (Param('foo'), Param('bar')) ... >>> by_tuple = ByTuple() >>> list(by_tuple._get_param_iterable('args')) [Param('foo'), Param('bar')]
Or you can define your param sequence with a callable when you need to reference attributes on your plugin instance (for validation rules, etc.). For example:
>>> class ByCallable(HasParam): ... def takes_args(self): ... yield Param('foo', self.validate_foo) ... yield Param('bar', self.validate_bar) ... ... def validate_foo(self, _, value, **kw): ... if value != 'Foo': ... return _("must be 'Foo'") ... ... def validate_bar(self, _, value, **kw): ... if value != 'Bar': ... return _("must be 'Bar'") ... >>> by_callable = ByCallable() >>> list(by_callable._get_param_iterable('args')) [Param('foo', validate_foo), Param('bar', validate_bar)]
Lastly, as a convenience for when a param sequence contains a single param, your defining attribute may a param spec (either a Param or an
str
instance). For example:>>> class BySpec(HasParam): ... takes_args = Param('foo') ... takes_options = 'bar?' ... >>> by_spec = BySpec() >>> list(by_spec._get_param_iterable('args')) [Param('foo')] >>> list(by_spec._get_param_iterable('options')) ['bar?']
For information on how an
str
param spec is interpreted, see the create_param() and parse_param_spec() functions in the ipalib.parameters module.Also see HasParam._filter_param_by_context().
- _on_finalize()¶
Do custom finalization.
This method is called from finalize(). Subclasses can override this method in order to add custom finalization.
- _validate_single_domain(attr_name, domain, known_domains)[source]¶
Validate a single domain from domain resolution order
- Parameters
attr_name – name of attribute that holds domain resolution order
domain – domain name
known_domains – dict of domains known to IPA keyed by domain name and valued by boolean value corresponding to domain status (enabled/disabled)
- Raises
ValidationError if the domain name is empty, syntactically invalid or corresponds to a disable domain
NotFound if a syntactically correct domain name unknown to IPA is supplied (not IPA domain and not any of trusted domains)
- allow_rename = False¶
- already_exists_msg = Gettext('%(oname)s with name "%(pkey)s" already exists', domain='ipa', localedir=None)¶
- property api¶
Return API instance passed to __init__().
- attribute_members = {}¶
- backend = None¶
- backend_name = 'ldap2'¶
- bases = (<class 'ipaserver.plugins.baseldap.LDAPObject'>,)¶
- bindable = False¶
- container_dn = ipapython.dn.DN('cn=ipaconfig,cn=etc')¶
- container_not_found_msg = Gettext('container entry (%(container)s) not found', domain='ipa', localedir=None)¶
- property context¶
- convert_attribute_members(entry_attrs, *keys, **options)¶
- default_attributes = ['ipamaxusernamelength', 'ipahomesrootdir', 'ipadefaultloginshell', 'ipadefaultprimarygroup', 'ipadefaultemaildomain', 'ipasearchtimelimit', 'ipasearchrecordslimit', 'ipausersearchfields', 'ipagroupsearchfields', 'ipamigrationenabled', 'ipacertificatesubjectbase', 'ipapwdexpadvnotify', 'ipaselinuxusermaporder', 'ipaselinuxusermapdefault', 'ipaconfigstring', 'ipakrbauthzdata', 'ipauserauthtype', 'ipadomainresolutionorder', 'ipamaxhostnamelength', 'ipauserdefaultsubordinateid']¶
- disallow_object_classes = []¶
- doc = '\n IPA configuration object\n '¶
- ensure_finalized()¶
Finalize plugin initialization if it has not yet been finalized.
- property env¶
- finalize()¶
Finalize plugin initialization.
This method calls _on_finalize() and locks the plugin object.
Subclasses should not override this method. Custom finalization is done in _on_finalize().
- class finalize_attr(name, value=None)¶
Bases:
object
Create a stub object for plugin attribute that isn’t set until the finalization of the plugin initialization.
When the stub object is accessed, it calls ensure_finalized() to make sure the plugin initialization is finalized. The stub object is expected to be replaced with the actual attribute value during the finalization (preferably in _on_finalize()), otherwise an AttributeError is raised.
This is used to implement on-demand finalization of plugin initialization.
- __annotations__ = {}¶
- __get__(obj, cls)¶
- __init__(name, value=None)¶
- __module__ = 'ipalib.plugable'¶
- __slots__ = ('name', 'value')¶
- name¶
- value¶
- full_name = 'config/1'¶
- gather_trusted_domains()[source]¶
Aggregate all trusted domains into a dict keyed by domain names with values corresponding to domain status (enabled/disabled)
- get_ancestor_primary_keys()¶
- get_dn_if_exists(*keys, **kwargs)¶
- get_indirect_members(entry_attrs, attrs_list)¶
- get_memberindirect(group_entry)¶
Get indirect members
- get_memberofindirect(entry)¶
- get_params()¶
This method gets called by HasParam._create_param_namespace().
- get_password_attributes(ldap, dn, entry_attrs)¶
Search on the entry to determine if it has a password or keytab set.
A tuple is used to determine which attribute is set in entry_attrs. The value is set to True/False whether a given password type is set.
- get_primary_key_from_dn(dn)¶
- handle_duplicate_entry(*keys)¶
- handle_not_found(*keys)¶
Handle NotFound exception
Must raise errors.NotFound again.
- has_objectclass(classes, objectclass)¶
- json_friendly_attributes = ('parent_object', 'container_dn', 'object_name', 'object_name_plural', 'object_class', 'object_class_config', 'default_attributes', 'label', 'label_singular', 'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name', 'takes_params', 'rdn_attribute', 'bindable', 'relationships')¶
- label = Gettext('Configuration', domain='ipa', localedir=None)¶
- label_singular = Gettext('Configuration', domain='ipa', localedir=None)¶
- limit_object_classes = []¶
- managed_permissions = {'System: Read Global Configuration': {'ipapermbindruletype': 'all', 'ipapermdefaultattr': {'cn', 'ipacertificatesubjectbase', 'ipaconfigstring', 'ipacustomfields', 'ipadefaultemaildomain', 'ipadefaultloginshell', 'ipadefaultprimarygroup', 'ipadomainresolutionorder', 'ipagroupobjectclasses', 'ipagroupsearchfields', 'ipahomesrootdir', 'ipakrbauthzdata', 'ipamaxhostnamelength', 'ipamaxusernamelength', 'ipamigrationenabled', 'ipapwdexpadvnotify', 'ipasearchrecordslimit', 'ipasearchtimelimit', 'ipaselinuxusermapdefault', 'ipaselinuxusermaporder', 'ipauserauthtype', 'ipauserdefaultsubordinateid', 'ipauserobjectclasses', 'ipausersearchfields', 'objectclass'}, 'ipapermright': {'compare', 'read', 'search'}, 'replaces_global_anonymous_aci': True}}¶
- methods = None¶
- name = 'config'¶
- object_class = []¶
- object_class_config = None¶
- object_name = Gettext('configuration options', domain='ipa', localedir=None)¶
- object_name_plural = Gettext('entries', domain='ipa', localedir=None)¶
- object_not_found_msg = Gettext('%(pkey)s: %(oname)s not found', domain='ipa', localedir=None)¶
- params = None¶
- params_minus(*names)¶
Yield all Param whose name is not in
names
.
- params_minus_pk = None¶
- parent_not_found_msg = Gettext('%(parent)s: %(oname)s not found', domain='ipa', localedir=None)¶
- parent_object = ''¶
- password_attributes = []¶
- permission_filter_objectclasses = ['ipaguiconfig']¶
- possible_objectclasses = []¶
- primary_key = None¶
- rdn_attribute = ''¶
- relationships = {'member': ('Member', '', 'no_'), 'memberindirect': ('Indirect Member', None, 'no_indirect_'), 'membermanager': ('Group membership managed by', 'membermanager_', 'not_membermanager_'), 'memberof': ('Member Of', 'in_', 'not_in_'), 'memberofindirect': ('Indirect Member Of', None, 'not_in_indirect_')}¶
- search_attributes = []¶
- search_attributes_config = None¶
- search_display_attributes = []¶
- summary = 'IPA configuration object'¶
- takes_params = (Int('ipamaxusernamelength', cli_name='maxusername', label=Gettext('Maximum username length', domain='ipa', localedir=None), maxvalue=255, minvalue=1), Int('ipamaxhostnamelength', cli_name='maxhostname', label=Gettext('Maximum hostname length', domain='ipa', localedir=None), maxvalue=255, minvalue=64), IA5Str('ipahomesrootdir', cli_name='homedirectory', doc=Gettext('Default location of home directories', domain='ipa', localedir=None), label=Gettext('Home directory base', domain='ipa', localedir=None)), Str('ipadefaultloginshell', cli_name='defaultshell', doc=Gettext('Default shell for new users', domain='ipa', localedir=None), label=Gettext('Default shell', domain='ipa', localedir=None)), Str('ipadefaultprimarygroup', cli_name='defaultgroup', doc=Gettext('Default group for new users', domain='ipa', localedir=None), label=Gettext('Default users group', domain='ipa', localedir=None)), Str('ipadefaultemaildomain?', cli_name='emaildomain', doc=Gettext('Default e-mail domain', domain='ipa', localedir=None), label=Gettext('Default e-mail domain', domain='ipa', localedir=None)), Int('ipasearchtimelimit', cli_name='searchtimelimit', doc=Gettext('Maximum amount of time (seconds) for a search (-1 or 0 is unlimited)', domain='ipa', localedir=None), label=Gettext('Search time limit', domain='ipa', localedir=None), minvalue=-1), Int('ipasearchrecordslimit', validate_search_records_limit, cli_name='searchrecordslimit', doc=Gettext('Maximum number of records to search (-1 or 0 is unlimited)', domain='ipa', localedir=None), label=Gettext('Search size limit', domain='ipa', localedir=None)), IA5Str('ipausersearchfields', cli_name='usersearch', doc=Gettext('A comma-separated list of fields to search in when searching for users', domain='ipa', localedir=None), label=Gettext('User search fields', domain='ipa', localedir=None)), IA5Str('ipagroupsearchfields', cli_name='groupsearch', doc=Gettext('A comma-separated list of fields to search in when searching for groups', domain='ipa', localedir=None), label=Gettext('Group search fields', domain='ipa', localedir=None)), Bool('ipamigrationenabled', cli_name='enable_migration', doc=Gettext('Enable migration mode', domain='ipa', localedir=None), label=Gettext('Enable migration mode', domain='ipa', localedir=None)), DNParam('ipacertificatesubjectbase', cli_name='subject', doc=Gettext('Base for certificate subjects (OU=Test,O=Example)', domain='ipa', localedir=None), flags=[u'no_update'], label=Gettext('Certificate Subject base', domain='ipa', localedir=None)), Str('ipagroupobjectclasses+', cli_name='groupobjectclasses', doc=Gettext('Default group objectclasses (comma-separated list)', domain='ipa', localedir=None), label=Gettext('Default group objectclasses', domain='ipa', localedir=None)), Str('ipauserobjectclasses+', cli_name='userobjectclasses', doc=Gettext('Default user objectclasses (comma-separated list)', domain='ipa', localedir=None), label=Gettext('Default user objectclasses', domain='ipa', localedir=None)), Int('ipapwdexpadvnotify', cli_name='pwdexpnotify', doc=Gettext("Number of days's notice of impending password expiration", domain='ipa', localedir=None), label=Gettext('Password Expiration Notification (days)', domain='ipa', localedir=None), minvalue=0), StrEnum('ipaconfigstring*', cli_metavar=u"['AllowNThash', 'KDC:Disable Last Success', 'KDC:Disable Lockout', 'KDC:Disable Default Preauth for SPNs']", cli_name='ipaconfigstring', doc=Gettext('Extra hashes to generate in password plug-in', domain='ipa', localedir=None), label=Gettext('Password plugin features', domain='ipa', localedir=None), values=[u'AllowNThash', u'KDC:Disable Last Success', u'KDC:Disable Lockout', u'KDC:Disable Default Preauth for SPNs']), Str('ipaselinuxusermaporder', doc=Gettext('Order in increasing priority of SELinux users, delimited by $', domain='ipa', localedir=None), label=Gettext('SELinux user map order', domain='ipa', localedir=None)), Str('ipaselinuxusermapdefault?', doc=Gettext('Default SELinux user when no match is found in SELinux map rule', domain='ipa', localedir=None), label=Gettext('Default SELinux user', domain='ipa', localedir=None)), StrEnum('ipakrbauthzdata*', cli_metavar=u"['MS-PAC', 'PAD', 'nfs:NONE']", cli_name='pac_type', doc=Gettext('Default types of PAC supported for services', domain='ipa', localedir=None), label=Gettext('Default PAC types', domain='ipa', localedir=None), values=[u'MS-PAC', u'PAD', u'nfs:NONE']), StrEnum('ipauserauthtype*', cli_metavar=u"['password', 'radius', 'otp', 'pkinit', 'hardened', 'idp', 'disabled']", cli_name='user_auth_type', doc=Gettext('Default types of supported user authentication', domain='ipa', localedir=None), label=Gettext('Default user authentication types', domain='ipa', localedir=None), values=[u'password', u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'disabled']), Bool('ipauserdefaultsubordinateid?', cli_name='user_default_subid', doc=Gettext('Enable adding subids to new users', domain='ipa', localedir=None), label=Gettext('Enable adding subids to new users', domain='ipa', localedir=None)), Str('ipa_master_server*', doc=Gettext('List of all IPA masters', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('IPA masters', domain='ipa', localedir=None)), Str('ipa_master_hidden_server*', doc=Gettext('List of all hidden IPA masters', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('Hidden IPA masters', domain='ipa', localedir=None)), Str('pkinit_server_server*', doc=Gettext('IPA master which can process PKINIT requests', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('IPA master capable of PKINIT', domain='ipa', localedir=None)), Str('ca_server_server*', doc=Gettext('IPA servers configured as certificate authority', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('IPA CA servers', domain='ipa', localedir=None)), Str('ca_server_hidden_server*', doc=Gettext('Hidden IPA servers configured as certificate authority', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('Hidden IPA CA servers', domain='ipa', localedir=None)), Str('ca_renewal_master_server?', doc=Gettext('Renewal master for IPA certificate authority', domain='ipa', localedir=None), flags=[u'no_create', u'virtual_attribute'], label=Gettext('IPA CA renewal master', domain='ipa', localedir=None)), Str('kra_server_server*', doc=Gettext('IPA servers configured as key recovery agent', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('IPA KRA servers', domain='ipa', localedir=None)), Str('kra_server_hidden_server*', doc=Gettext('Hidden IPA servers configured as key recovery agent', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('Hidden IPA KRA servers', domain='ipa', localedir=None)), Str('ipadomainresolutionorder?', cli_name='domain_resolution_order', doc=Gettext('colon-separated list of domains used for short name qualification', domain='ipa', localedir=None), label=Gettext('Domain resolution order', domain='ipa', localedir=None)), Str('dns_server_server*', doc=Gettext('IPA servers configured as domain name server', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('IPA DNS servers', domain='ipa', localedir=None)), Str('dns_server_hidden_server*', doc=Gettext('Hidden IPA servers configured as domain name server', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('Hidden IPA DNS servers', domain='ipa', localedir=None)), Str('dnssec_key_master_server?', doc=Gettext('DNSec key master', domain='ipa', localedir=None), flags=[u'no_create', u'no_update', u'virtual_attribute'], label=Gettext('IPA DNSSec key master', domain='ipa', localedir=None)), Flag('enable_sid?', autofill=True, default=False, doc=Gettext('New users and groups automatically get a SID assigned', domain='ipa', localedir=None), flags=[u'no_create', u'virtual_attribute'], label=Gettext('Setup SID configuration', domain='ipa', localedir=None)), Flag('add_sids?', autofill=True, default=False, doc=Gettext('Add SIDs for existing users and groups', domain='ipa', localedir=None), flags=[u'no_create', u'virtual_attribute'], label=Gettext('Add SIDs', domain='ipa', localedir=None)), Str('netbios_name?', doc=Gettext('NetBIOS name of the IPA domain', domain='ipa', localedir=None), flags=[u'no_create', u'virtual_attribute'], label=Gettext('NetBIOS name of the IPA domain', domain='ipa', localedir=None)))¶
- uuid_attribute = ''¶
- validate_domain_resolution_order(entry_attrs)[source]¶
Validate domain resolution order, e.g. split by the delimiter (colon) and check each domain name for non-emptiness, syntactic correctness, and status (enabled/disabled).
supplying empty order (‘:’) bypasses validations and allows to specify empty attribute value.
- version = '1'¶