summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2013-10-31 16:53:44 +0000
committerPetr Viktorin <pviktori@redhat.com>2013-12-16 14:44:19 +0100
commitbc3f3381c6bf0b4941889b775025a60f56318551 (patch)
tree1bb64b48ed61420276beec92bb3f20bf38afa758
parentacede580e1f617af3f5205a490184781dd35b481 (diff)
downloadfreeipa-bc3f3381c6bf0b4941889b775025a60f56318551.tar.gz
freeipa-bc3f3381c6bf0b4941889b775025a60f56318551.tar.xz
freeipa-bc3f3381c6bf0b4941889b775025a60f56318551.zip
Convert remaining backend code to LDAPEntry API.
-rw-r--r--ipapython/ipaldap.py6
-rw-r--r--ipaserver/plugins/dogtag.py4
-rw-r--r--ipaserver/plugins/ldap2.py39
-rw-r--r--ipaserver/rpcserver.py2
4 files changed, 24 insertions, 27 deletions
diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
index 39d0edb1c..a48879f0a 100644
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@@ -1521,14 +1521,14 @@ class LDAPClient(object):
assert isinstance(dn, DN)
- (entry, truncated) = self.find_entries(
+ (entries, truncated) = self.find_entries(
None, attrs_list, dn, self.SCOPE_BASE, time_limit=time_limit,
size_limit=size_limit
)
if truncated:
raise errors.LimitsExceeded()
- return entry[0]
+ return entries[0]
def _get_dn_and_attrs(self, entry_or_dn, entry_attrs):
"""Helper for legacy calling style for {add,update}_entry
@@ -1577,7 +1577,7 @@ class LDAPClient(object):
assert isinstance(dn, DN)
# get original entry
- dn, entry_attrs_old = self.get_entry(dn, entry_attrs.keys())
+ entry_attrs_old = self.get_entry(dn, entry_attrs.keys())
# generate modlist
# for multi value attributes: no MOD_REPLACE to handle simultaneous
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index e5a8d3b17..123c2d54a 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1303,9 +1303,7 @@ class ra(rabase.rabase):
ent, trunc = ldap2.find_entries(filter=filter, base_dn=base_dn)
if len(ent):
entry = random.choice(ent)
- dn = entry[0]
- assert isinstance(dn, DN)
- return dn[1].value
+ return entry.dn[1].value
except Exception, e:
pass
return None
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index fa58b2244..97f26ec77 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -277,13 +277,13 @@ class ldap2(LDAPClient, CrudBackend):
# Not in our context yet
pass
try:
- (entry, truncated) = self.find_entries(
+ (entries, truncated) = self.find_entries(
None, attrs_list, base_dn=dn, scope=self.SCOPE_BASE,
time_limit=2, size_limit=10
)
if truncated:
raise errors.LimitsExceeded()
- config_entry = entry[0]
+ config_entry = entries[0]
except errors.NotFound:
config_entry = self.make_entry(dn)
for a in self.config_defaults:
@@ -304,15 +304,15 @@ class ldap2(LDAPClient, CrudBackend):
upg_entry = self.conn.search_s(upg_dn, _ldap.SCOPE_BASE,
attrlist=['*'])[0]
disable_attr = '(objectclass=disable)'
- if 'originfilter' in upg_entry[1]:
- org_filter = upg_entry[1]['originfilter']
+ if 'originfilter' in upg_entry:
+ org_filter = upg_entry['originfilter']
return not bool(re.search(r'%s' % disable_attr, org_filter[0]))
else:
return False
except _ldap.NO_SUCH_OBJECT, e:
return False
- def get_effective_rights(self, dn, entry_attrs):
+ def get_effective_rights(self, dn, attrs_list):
"""Returns the rights the currently bound user has for the given DN.
Returns 2 attributes, the attributeLevelRights for the given list of
@@ -322,15 +322,14 @@ class ldap2(LDAPClient, CrudBackend):
assert isinstance(dn, DN)
principal = getattr(context, 'principal')
- (binddn, attrs) = self.find_entry_by_attr("krbprincipalname", principal,
+ entry = self.find_entry_by_attr("krbprincipalname", principal,
"krbPrincipalAux", base_dn=api.env.basedn)
- assert isinstance(binddn, DN)
- sctrl = [GetEffectiveRightsControl(True, "dn: " + str(binddn))]
+ sctrl = [GetEffectiveRightsControl(True, "dn: " + str(entry.dn))]
self.conn.set_option(_ldap.OPT_SERVER_CONTROLS, sctrl)
- (dn, attrs) = self.get_entry(dn, entry_attrs)
+ entry = self.get_entry(dn, attrs_list)
# remove the control so subsequent operations don't include GER
self.conn.set_option(_ldap.OPT_SERVER_CONTROLS, [])
- return (dn, attrs)
+ return entry
def can_write(self, dn, attr):
"""Returns True/False if the currently bound user has write permissions
@@ -339,7 +338,7 @@ class ldap2(LDAPClient, CrudBackend):
assert isinstance(dn, DN)
- (dn, attrs) = self.get_effective_rights(dn, [attr])
+ attrs = self.get_effective_rights(dn, [attr])
if 'attributelevelrights' in attrs:
attr_rights = attrs.get('attributelevelrights')[0].decode('UTF-8')
(attr, rights) = attr_rights.split(':')
@@ -354,7 +353,7 @@ class ldap2(LDAPClient, CrudBackend):
"""
assert isinstance(dn, DN)
- (dn, attrs) = self.get_effective_rights(dn, [attr])
+ attrs = self.get_effective_rights(dn, [attr])
if 'attributelevelrights' in attrs:
attr_rights = attrs.get('attributelevelrights')[0].decode('UTF-8')
(attr, rights) = attr_rights.split(':')
@@ -379,7 +378,7 @@ class ldap2(LDAPClient, CrudBackend):
assert isinstance(dn, DN)
- (dn, attrs) = self.get_effective_rights(dn, ["*"])
+ attrs = self.get_effective_rights(dn, ["*"])
if 'entrylevelrights' in attrs:
entry_rights = attrs['entrylevelrights'][0].decode('UTF-8')
if 'd' in entry_rights:
@@ -392,7 +391,7 @@ class ldap2(LDAPClient, CrudBackend):
on the entry.
"""
assert isinstance(dn, DN)
- (dn, attrs) = self.get_effective_rights(dn, ["*"])
+ attrs = self.get_effective_rights(dn, ["*"])
if 'entrylevelrights' in attrs:
entry_rights = attrs['entrylevelrights'][0].decode('UTF-8')
if 'a' in entry_rights:
@@ -478,7 +477,7 @@ class ldap2(LDAPClient, CrudBackend):
assert isinstance(active, bool)
# get the entry in question
- (dn, entry_attrs) = self.get_entry(dn, ['nsaccountlock'])
+ entry_attrs = self.get_entry(dn, ['nsaccountlock'])
# check nsAccountLock attribute
account_lock_attr = entry_attrs.get('nsaccountlock', ['false'])
@@ -495,7 +494,7 @@ class ldap2(LDAPClient, CrudBackend):
account_lock_attr = str(not active).upper()
entry_attrs['nsaccountlock'] = account_lock_attr
- self.update_entry(dn, entry_attrs)
+ self.update_entry(entry_attrs)
def activate_entry(self, dn):
"""Mark entry active."""
@@ -529,7 +528,7 @@ class ldap2(LDAPClient, CrudBackend):
assert isinstance(dn, DN)
- (dn, entry_attrs) = self.get_entry(dn, attrs_list)
+ entry_attrs = self.get_entry(dn, attrs_list)
return entry_attrs
def create(self, **kw):
@@ -542,7 +541,7 @@ class ldap2(LDAPClient, CrudBackend):
dn = kw['dn']
assert isinstance(dn, DN)
del kw['dn']
- self.add_entry(dn, kw)
+ self.add_entry(self.make_entry(dn, kw))
return self._get_normalized_entry_for_crud(dn)
def retrieve(self, primary_key, attributes):
@@ -559,7 +558,7 @@ class ldap2(LDAPClient, CrudBackend):
Extends CrudBackend.update.
"""
- self.update_entry(primary_key, kw)
+ self.update_entry(self.make_entry(primary_key, kw))
return self._get_normalized_entry_for_crud(primary_key)
def delete(self, primary_key):
@@ -604,7 +603,7 @@ class ldap2(LDAPClient, CrudBackend):
(entries, truncated) = self.find_entries(
filter, attrs_list, base_dn, scope
)
- for (dn, entry_attrs) in entries:
+ for entry_attrs in entries:
output.append(entry_attrs)
if truncated:
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
index a37d3cd0f..92ab17dfc 100644
--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@@ -923,7 +923,7 @@ class login_password(Backend, KerberosSession, HTTP_Status):
conn.connect(bind_dn=dn, bind_pw=password)
# password is ok, must be expired, lets double-check
- (userdn, entry_attrs) = conn.get_entry(dn,
+ entry_attrs = conn.get_entry(dn,
['krbpasswordexpiration'])
if 'krbpasswordexpiration' in entry_attrs:
expiration = entry_attrs['krbpasswordexpiration'][0]