summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-10-13 13:07:49 -0400
committerMartin Kosek <mkosek@priserak.(none)>2011-10-13 21:38:03 +0200
commit197b1acfe4ca40fe9570231d4c74db2ce1048ca6 (patch)
treec5052eea1d191d3dfeec25f67d71ddcdb4e16c97
parent8baec8d06b51717e9835b90deef7e2b47a01d6e3 (diff)
downloadfreeipa-197b1acfe4ca40fe9570231d4c74db2ce1048ca6.zip
freeipa-197b1acfe4ca40fe9570231d4c74db2ce1048ca6.tar.gz
freeipa-197b1acfe4ca40fe9570231d4c74db2ce1048ca6.tar.xz
Fix has_upg() to work with relocated managed entries configuration.
https://fedorahosted.org/freeipa/ticket/1964
-rw-r--r--ipaserver/plugins/ldap2.py35
1 files changed, 17 insertions, 18 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 6eeab56..5c40182 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -33,6 +33,7 @@ import string
import shutil
import tempfile
import time
+import re
import krbV
import logging
@@ -192,9 +193,6 @@ def get_schema(url, conn=None):
# Global schema
_schema = None
-# The UPG setting will be cached the first time a module checks it
-_upg = None
-
class ldap2(CrudBackend, Encoder):
"""
LDAP Backend Take 2.
@@ -707,23 +705,24 @@ class ldap2(CrudBackend, Encoder):
def has_upg(self):
"""Returns True/False whether User-Private Groups are enabled.
This is determined based on whether the UPG Template exists.
- We determine this at module load so we don't have to test for
- it every time.
"""
- global _upg
- if _upg is None:
- try:
- upg_entry = self.conn.search_s(
- 'cn=UPG Template,cn=etc,%s' % api.env.basedn,
- _ldap.SCOPE_BASE,
- attrlist=['*']
- )[0]
- _upg = True
- except _ldap.NO_SUCH_OBJECT, e:
- _upg = False
-
- return _upg
+ upg_dn = str(DN('cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc', api.env.basedn))
+
+ try:
+ upg_entry = self.conn.search_s(
+ upg_dn,
+ _ldap.SCOPE_BASE,
+ attrlist=['*']
+ )[0]
+ disable_attr = '(objectclass=disable)'
+ if 'originfilter' in upg_entry[1]:
+ org_filter = upg_entry[1]['originfilter']
+ return not bool(re.search(r'%s' % disable_attr, org_filter[0]))
+ else:
+ return False
+ except _ldap.NO_SUCH_OBJECT, e:
+ return False
@encode_args(1, 2)
def get_effective_rights(self, dn, entry_attrs):