Hi William ,
Just find out a way to do it .
class UserAccountnsRole(Account):
def __init__(self, instance, dn=None):
super(UserAccountnsRole, self).__init__(instance, dn)
self._rdn_attribute = RDN
self._create_objectclasses = [
'top',
'LDAPsubentry',
'nsRoleDefinition',
'nsComplexRoleDefinition',
'nsFilteredRoleDefinition'
]
user_compare_exclude = [
'nsUniqueId',
'modifyTimestamp',
'createTimestamp',
'entrydn'
]
self._compare_exclude = self._compare_exclude + user_compare_exclude
self._protected = False
def _validate(self, rdn, properties, basedn):
if 'ntUserDomainId' in properties and 'ntUser' not in self._create_objectclasses:
self._create_objectclasses.append('ntUser')
return super(UserAccountnsRole, self)._validate(rdn, properties, basedn)
def create_test_user_nsrole(instance, cn, nsRoleFilter, description, suffix=None):
global test_user_id
if cn is None:
cn = "testuser_" + str(test_user_id)
test_user_id += 1
if suffix is None:
suffix = DEFAULT_SUFFIX
dn = "cn=" + cn + "," + suffix
properties = {
'cn': cn,
"nsRoleFilter": nsRoleFilter,
"description": description,
}
user = UserAccountnsRole(instance, dn)
user.create(properties=properties)
return user
Now just using create_test_user_nsrole we will be able to create entries with nsRoles.
Regards
Anuj Borah
On Mon, Jan 7, 2019 at 2:30 PM William Brown <william@xxxxxxxxxxxxxxxx> wrote:
Hi,
I’ve been speaking to Anuj Borah about a PR they made, and how we can properly represent nsRole.
because nsRoles are an extra objectClass, rather than a standalone one, we need a way to represent this properly.
It’s probably a good idea to use some of pythons composability here, where we could do something like:
class nsFilteredRole(DSLdapObject):
class User(DSldapObject):
class User_nsFilteredRole(User, nsFilteredRole):
Then to have a way to define and have each subclass called, and asserted for correctness. A question is how we would handle:
user = User.create(…)
# How to convert user to User_nsFilteredRole
We could do something like:
User_nsFilteredRole.from(user)
And have a from that does a valid conversion based on types and adds in the required role parts?
This isn’t a common scenario, so I think having a limited set of well understood types that require this type of conversion would be okay.
Thought? *looking at you Simon* :)
PS: It’s good to be back
--
Sincerely,
William
_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________ 389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx
