Skip to content
Browse files

added Privilege and Service classes

  • Loading branch information...
1 parent ce28d8c commit cc3c3118a378c48db0d9634c22cafce29428dea5 @stedolan committed
Showing with 42 additions and 3 deletions.
  1. +13 −1 nd.py
  2. +29 −2 schema
View
14 nd.py
@@ -281,8 +281,16 @@ class Privilege(Group):
'''Groups controlling access to specific services, for instance webspace or
filestorage'''
rdn_attr = 'cn'
+ def check(self):
+ assert 'tcdnetsoc-privilege' in self.objectClass
+class Service(NDObject):
+ rdn_attr = 'cn'
+ def get_password(self):
+ return self.get_attribute("userPassword")
+
+
class IDNumber(NDObject):
"""Allocator for new ID numbers such as UID and GID.
The next ID is stored in the allocator object, and when a new one is requested
@@ -328,7 +336,11 @@ def check(self):
Attribute('gidNumber', int)
Attribute('homeDirectory', str)
Attribute('cn', str)
+Attribute('userPassword', str)
+Attribute('mail', str)
+Attribute('tcdnetsoc_admin_comment', [str])
Attribute('member', [User])
Attribute('memberOf', [Group], backlink='member')
-
+Attribute('tcdnetsoc_service_granted', [Service])
+Attribute('tcdnetsoc_granted_by_privilege', [Privilege], backlink='tcdnetsoc_service_granted')
View
31 schema
@@ -37,6 +37,17 @@ attributetype ( na:4
DESC 'Comment'
EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX directoryString )
+
+attributetype ( na:5
+ NAME 'tcdnetsoc-service-granted'
+ DESC 'Service that a privilege grants access to'
+ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX distinguishedName )
+
+attributetype ( na:6
+ NAME 'tcdnetsoc-granted-by-privilege'
+ DESC 'Privilege sufficient to grant access to a service'
+ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX distinguishedName )
+
# A member or user of Netsoc
# This covers every person in the database. Those who are currently paid-up members
# will have a tcdnetsoc-membership-year attribute storing the current year.
@@ -69,10 +80,26 @@ objectclass ( no:2
MUST ( gidNumber )
MAY ( member ) )
-
objectclass ( no:3
NAME 'tcdnetsoc-idnum'
DESC 'Object to hold an ID number'
SUP top
STRUCTURAL
- MUST ( cn $ serialNumber ) )
+ MUST ( cn $ serialNumber ) )
+
+
+objectclass ( no:4
+ NAME 'tcdnetsoc-privilege'
+ DESC 'Privilege granting access for some users to some services'
+ SUP tcdnetsoc-group
+ STRUCTURAL
+ MAY ( tcdnetsoc-service-granted ) )
+
+# Services also have tcdnetsoc-granted-by-privilege attributes
+# they're not here as they're automatically generated by OpenLDAP
+objectclass ( no:5
+ NAME 'tcdnetsoc-service'
+ DESC 'Service accessible by Netsoc users with the right privileges'
+ STRUCTURAL
+ MUST ( cn ) )
+

0 comments on commit cc3c311

Please sign in to comment.
Something went wrong with that request. Please try again.