Revision 3f1d8342
Added by Marc Dequènes over 14 years ago
- ID 3f1d83424244e287c7398a864f5e9dd1e768691e
| conf/ldap_shadows/shadows/MilkyPond/plugins/aspects/primary_account.rb | ||
|---|---|---|
|
|
||
|
def self.hook_before_create(item)
|
||
|
hook_common(item)
|
||
|
end
|
||
|
|
||
|
def self.hook_before_modify(item)
|
||
|
hook_common(item)
|
||
|
end
|
||
|
|
||
|
def self.hook_common(item)
|
||
|
if item.attribute_present?('allowedServices')
|
||
|
user_services = ActiveLdap::Base.find(:all, :scope => :sub, :filter => "(objectClass=userService)", :attributes => ['cn'])
|
||
|
srv_names = user_services.collect {|srv| srv.cn }
|
||
|
|
||
|
invalid_srv_names = item.allowedServices(true) - (item.allowedServices(true) & srv_names)
|
||
|
unless invalid_srv_names.empty?
|
||
|
raise PreProcessingError, "Invalid User Service(s) name(s): " + invalid_srv_names.join(", ")
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
|
||
| conf/ldap_shadows/shadows/MilkyPond/plugins/objects/secondary_account.rb | ||
|---|---|---|
|
|
||
|
def self.hook_before_create(item)
|
||
|
hook_common(item)
|
||
|
end
|
||
|
|
||
|
def self.hook_before_modify(item)
|
||
|
hook_common(item)
|
||
|
end
|
||
|
|
||
|
def self.hook_common(item)
|
||
|
if item.attribute_present?('allowedServices')
|
||
|
user_services = ActiveLdap::Base.find(:all, :scope => :sub, :filter => "(objectClass=userService)", :attributes => ['cn'])
|
||
|
srv_names = user_services.collect {|srv| srv.cn }
|
||
|
|
||
|
invalid_srv_names = item.allowedServices(true) - (item.allowedServices(true) & srv_names)
|
||
|
unless invalid_srv_names.empty?
|
||
|
raise PreProcessingError, "Invalid User Service(s) name(s): " + invalid_srv_names.join(", ")
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
|
||
| conf/ldap_shadows/shadows/MilkyPond/plugins/objects/system_account.rb | ||
|---|---|---|
|
|
||
|
def self.hook_before_create(item)
|
||
|
hook_common(item)
|
||
|
end
|
||
|
|
||
|
def self.hook_before_modify(item)
|
||
|
hook_common(item)
|
||
|
end
|
||
|
|
||
|
def self.hook_common(item)
|
||
|
if item.attribute_present?('allowedServices')
|
||
|
user_services = ActiveLdap::Base.find(:all, :scope => :sub, :filter => "(objectClass=userService)", :attributes => ['cn'])
|
||
|
srv_names = user_services.collect {|srv| srv.cn }
|
||
|
|
||
|
invalid_srv_names = item.allowedServices(true) - (item.allowedServices(true) & srv_names)
|
||
|
unless invalid_srv_names.empty?
|
||
|
raise PreProcessingError, "Invalid User Service(s) name(s): " + invalid_srv_names.join(", ")
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
|
||
Also available in: Unified diff
[evol] MilkyPond config: enforce proper 'allowedServices' values