summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-04-16 16:23:45 -0400
committerRob Crittenden <rcritten@redhat.com>2010-04-19 10:06:04 -0400
commitcc336cf9c17283684df7b850e010d669122126a5 (patch)
tree07aeb20fc52c199da272d5c2a33b390fdd901e49
parent70049496e3cfe0db01a58bcc51c7ea13e6caac24 (diff)
downloadfreeipa-cc336cf9c17283684df7b850e010d669122126a5.tar.gz
freeipa-cc336cf9c17283684df7b850e010d669122126a5.tar.xz
freeipa-cc336cf9c17283684df7b850e010d669122126a5.zip
Use escapes in DNs instead of quoting.
Based on initial patch from Pavel Zuna.
-rw-r--r--install/share/bootstrap-template.ldif4
-rw-r--r--ipalib/plugins/pwpolicy.py43
-rw-r--r--ipaserver/install/dsinstance.py5
-rw-r--r--ipaserver/install/ldapupdate.py3
4 files changed, 37 insertions, 18 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index b1922d992..bde1f20a0 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -190,7 +190,7 @@ objectclass: top
objectclass: nsContainer
cn: cosTemplates
-dn: cn="cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX", cn=cosTemplates,cn=accounts,$SUFFIX
+dn: cn=cn\=inactivated\,cn\=account inactivation\,cn\=accounts\,$ESCAPED_SUFFIX,cn=cosTemplates,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: cosTemplate
@@ -203,7 +203,7 @@ changetype: add
objectclass: top
objectclass: groupofnames
-dn: cn="cn=activated,cn=account inactivation,cn=accounts,$SUFFIX", cn=cosTemplates,cn=accounts,$SUFFIX
+dn: cn=cn\=activated\,cn\=account inactivation\,cn\=accounts\,$ESCAPED_SUFFIX,cn=cosTemplates,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: cosTemplate
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py
index f3338ecf9..bf8abcf82 100644
--- a/ipalib/plugins/pwpolicy.py
+++ b/ipalib/plugins/pwpolicy.py
@@ -76,6 +76,7 @@ def make_cos_entry(group, cospriority=None):
cos_dn = DN of the new CoS entry
cos_entry = entry representing this new object
"""
+ ldap = api.Backend.ldap2
groupdn = find_group_dn(group)
@@ -83,7 +84,9 @@ def make_cos_entry(group, cospriority=None):
if cospriority:
cos_entry['cospriority'] = cospriority
cos_entry['objectclass'] = ['top', 'costemplate', 'extensibleobject', 'krbcontainer']
- cos_dn = 'cn=\"%s\", cn=cosTemplates, cn=accounts, %s' % (groupdn, api.env.basedn)
+ cos_dn = ldap.make_dn_from_attr(
+ 'cn', groupdn, 'cn=cosTemplates,%s' % api.env.container_accounts
+ )
return (cos_dn, cos_entry)
@@ -146,7 +149,7 @@ def unique_priority(ldap, priority):
try:
(entries, truncated) = ldap.find_entries(
- attr_filter, attrs, 'cn=cosTemplates,%s' % (api.env.container_accounts), scope=ldap.SCOPE_ONELEVEL
+ attr_filter, attrs, 'cn=cosTemplates,%s' % api.env.container_accounts, scope=ldap.SCOPE_ONELEVEL
)
return False
except errors.NotFound:
@@ -248,8 +251,8 @@ class pwpolicy_add(crud.Create):
# Link the two entries together
cos_entry['krbpwdpolicyreference'] = policy_dn
- ldap.add_entry(policy_dn, policy_entry, normalize=False)
- ldap.add_entry(cos_dn, cos_entry, normalize=False)
+ ldap.add_entry(policy_dn, policy_entry)
+ ldap.add_entry(cos_dn, cos_entry)
# The policy is what is interesting, return that
(dn, entry_attrs) = ldap.get_entry(policy_dn, policy_entry.keys())
@@ -308,9 +311,11 @@ class pwpolicy_mod(crud.Update):
if not unique_priority(ldap, options['cospriority']):
raise errors.ValidationError(name='priority', error=_('Priority must be a unique value.'))
groupdn = find_group_dn(group_cn)
- cos_dn = 'cn="%s", cn=cosTemplates, cn=accounts, %s' % (groupdn, api.env.basedn)
- self.log.debug('%s' % cos_dn)
- ldap.update_entry(cos_dn, dict(cospriority = options['cospriority']), normalize=False)
+ cos_dn = ldap.make_dn_from_attr(
+ 'cn', groupdn,
+ 'cn=cosTemplates,%s' % self.api.env.container_accounts
+ )
+ ldap.update_entry(cos_dn, dict(cospriority = options['cospriority']))
cospriority = options['cospriority']
del options['cospriority']
entry_attrs = self.args_options_2_entry(*args, **options)
@@ -358,12 +363,14 @@ class pwpolicy_del(crud.Delete):
# Ok, perhaps the group was deleted, try to make the group DN
rdn = ldap.make_rdn_from_attr('cn', group_cn)
group_dn = ldap.make_dn_from_rdn(rdn, api.env.container_group)
- cos_dn = 'cn=\"%s\", cn=cosTemplates, cn=accounts, %s' % (group_dn, api.env.basedn)
+ cos_dn = ldap.make_dn_from_attr(
+ 'cn', group_dn,
+ 'cn=cosTemplates,%s' % self.api.env.container_accounts
+ )
policy_entry = self.args_options_2_entry(*args, **options)
(policy_dn, policy_entry) = make_policy_entry(group_cn, policy_entry)
-
- ldap.delete_entry(policy_dn, normalize=False)
- ldap.delete_entry(cos_dn, normalize=False)
+ ldap.delete_entry(policy_dn)
+ ldap.delete_entry(cos_dn)
return dict(
result=True,
value=group_cn,
@@ -424,8 +431,11 @@ class pwpolicy_show(Method):
if 'group' in options:
groupdn = find_group_dn(options['group'])
- cos_dn = 'cn="%s", cn=cosTemplates, cn=accounts, %s' % (groupdn, api.env.basedn)
- (dn, cos_attrs) = ldap.get_entry(cos_dn, normalize=False)
+ cos_dn = ldap.make_dn_from_attr(
+ 'cn', groupdn,
+ 'cn=cosTemplates,%s' % self.api.env.container_accounts
+ )
+ (dn, cos_attrs) = ldap.get_entry(cos_dn)
entry_attrs['cospriority'] = cos_attrs['cospriority']
else:
entry_attrs['cn'] = _global
@@ -462,8 +472,11 @@ class pwpolicy_find(Method):
_convert_time_for_output(e[1])
e[1]['dn'] = e[0]
groupdn = find_group_dn(e[1]['cn'][0])
- cos_dn = 'cn="%s", cn=cosTemplates, cn=accounts, %s' % (groupdn, api.env.basedn)
- (dn, cos_attrs) = ldap.get_entry(cos_dn, normalize=False)
+ cos_dn = ldap.make_dn_from_attr(
+ 'cn', groupdn,
+ 'cn=cosTemplates,%s' % self.api.env.container_accounts
+ )
+ (dn, cos_attrs) = ldap.get_entry(cos_dn)
e[1]['cospriority'] = cos_attrs['cospriority']
entries = tuple(e for (dn, e) in entries)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index f535b7ba8..61887dde8 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -34,6 +34,7 @@ import service
import installutils
import certs
import ldap
+from ldap.dn import escape_dn_chars
from ipaserver import ipaldap
from ipaserver.install import ldapupdate
from ipaserver.install import httpinstance
@@ -209,7 +210,9 @@ class DsInstance(service.Service):
REALM=self.realm_name, USER=self.ds_user,
SERVER_ROOT=server_root, DOMAIN=self.domain,
TIME=int(time.time()), UIDSTART=self.uidstart,
- GIDSTART=self.gidstart, HOST=self.host_name)
+ GIDSTART=self.gidstart, HOST=self.host_name,
+ ESCAPED_SUFFIX= escape_dn_chars(self.suffix.lower()),
+ )
def __create_ds_user(self):
user_exists = True
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index c03459187..dff94783c 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -31,6 +31,7 @@ from ipapython import entity, ipautil
from ipalib import util, uuid
from ipalib import errors
import ldap
+from ldap.dn import escape_dn_chars
import logging
import krbV
import platform
@@ -76,6 +77,8 @@ class LDAPUpdate:
self.sub_dict["DOMAIN"] = domain
if not self.sub_dict.get("SUFFIX"):
self.sub_dict["SUFFIX"] = suffix
+ if not self.sub_dict.get("ESCAPED_SUFFIX"):
+ self.sub_dict["ESCAPED_SUFFIX"] = escape_dn_chars(suffix)
if not self.sub_dict.get("LIBARCH"):
self.sub_dict["LIBARCH"] = libarch
if not self.sub_dict.get("TIME"):