summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2013-10-31 16:54:49 +0000
committerPetr Viktorin <pviktori@redhat.com>2014-01-24 20:29:31 +0100
commit08051f16516a3978494ae94032d55cc8b1426df9 (patch)
treeef986eeac49cc666cb3ef5e140da8ef349b8ae58
parenta5f322cb7b9b4d999a6394197c3730062896780c (diff)
downloadfreeipa-08051f16516a3978494ae94032d55cc8b1426df9.zip
freeipa-08051f16516a3978494ae94032d55cc8b1426df9.tar.gz
freeipa-08051f16516a3978494ae94032d55cc8b1426df9.tar.xz
Convert remaining installer code to LDAPEntry API.
-rw-r--r--install/certmonger/dogtag-ipa-retrieve-agent-submit2
-rw-r--r--install/restart_scripts/renew_ca_cert12
-rw-r--r--install/restart_scripts/renew_ra_cert12
-rwxr-xr-xinstall/tools/ipa-adtrust-install12
-rwxr-xr-xinstall/tools/ipa-compat-manage10
-rwxr-xr-xinstall/tools/ipa-nis-manage16
-rwxr-xr-xinstall/tools/ipa-server-install6
-rwxr-xr-xinstall/tools/ipactl2
-rw-r--r--ipaserver/install/adtrustinstance.py6
-rw-r--r--ipaserver/install/cainstance.py35
-rw-r--r--ipaserver/install/ipa_replica_prepare.py2
11 files changed, 59 insertions, 56 deletions
diff --git a/install/certmonger/dogtag-ipa-retrieve-agent-submit b/install/certmonger/dogtag-ipa-retrieve-agent-submit
index 973af26..7267901 100644
--- a/install/certmonger/dogtag-ipa-retrieve-agent-submit
+++ b/install/certmonger/dogtag-ipa-retrieve-agent-submit
@@ -62,7 +62,7 @@ try:
conn.connect(ccache=ccache)
try:
syslog.syslog(syslog.LOG_NOTICE, "Updating certificate for %s" % nickname)
- (entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate'])
+ entry_attrs = conn.get_entry(dn, ['usercertificate'])
cert = entry_attrs['usercertificate'][0]
cert = base64.b64encode(cert)
print x509.make_pem(cert)
diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert
index da2253b..09acfc2 100644
--- a/install/restart_scripts/renew_ca_cert
+++ b/install/restart_scripts/renew_ca_cert
@@ -69,13 +69,15 @@ try:
conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri)
conn.connect(ccache=ccache)
try:
- (entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate'])
+ entry_attrs = conn.get_entry(dn, ['usercertificate'])
entry_attrs['usercertificate'] = cert
- conn.update_entry(dn, entry_attrs)
+ conn.update_entry(entry_attrs)
except errors.NotFound:
- entry_attrs = dict(objectclass=['top', 'pkiuser', 'nscontainer'],
- usercertificate=cert)
- conn.add_entry(dn, entry_attrs)
+ entry_attrs = conn.make_entry(
+ dn,
+ objectclass=['top', 'pkiuser', 'nscontainer'],
+ usercertificate=[cert])
+ conn.add_entry(entry_attrs)
except errors.EmptyModlist:
pass
conn.disconnect()
diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert
index 919f8fc..cb3e368 100644
--- a/install/restart_scripts/renew_ra_cert
+++ b/install/restart_scripts/renew_ra_cert
@@ -58,13 +58,15 @@ while attempts < 10:
conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri)
conn.connect(ccache=ccache)
try:
- (entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate'])
+ entry_attrs = conn.get_entry(dn, ['usercertificate'])
entry_attrs['usercertificate'] = dercert
- conn.update_entry(dn, entry_attrs)
+ conn.update_entry(entry_attrs)
except errors.NotFound:
- entry_attrs = dict(objectclass=['top', 'pkiuser', 'nscontainer'],
- usercertificate=dercert)
- conn.add_entry(dn, entry_attrs)
+ entry_attrs = conn.make_entry(
+ dn,
+ objectclass=['top', 'pkiuser', 'nscontainer'],
+ usercertificate=[dercert])
+ conn.add_entry(entry_attrs)
except errors.EmptyModlist:
pass
updated = True
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index e81d0ec..3af6936 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -118,13 +118,13 @@ def set_and_check_netbios_name(netbios_name, unattended):
cur_netbios_name = None
gen_netbios_name = None
reset_netbios_name = False
- dom_dn = None
+ entry = None
try:
- (dom_dn, entry) = api.Backend.ldap2.get_entry(DN(('cn', api.env.domain),
- api.env.container_cifsdomains,
- ipautil.realm_to_suffix(api.env.realm)),
- [flat_name_attr])
+ entry = api.Backend.ldap2.get_entry(
+ DN(('cn', api.env.domain), api.env.container_cifsdomains,
+ ipautil.realm_to_suffix(api.env.realm)),
+ [flat_name_attr])
except errors.NotFound:
# trust not configured
pass
@@ -160,7 +160,7 @@ def set_and_check_netbios_name(netbios_name, unattended):
if not netbios_name:
gen_netbios_name = adtrustinstance.make_netbios_name(api.env.domain)
- if dom_dn:
+ if entry is not None:
# Fix existing trust configuration
print "Trust is configured but no NetBIOS domain name found, " \
"setting it now."
diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage
index bdfb718..3cd75e2 100755
--- a/install/tools/ipa-compat-manage
+++ b/install/tools/ipa-compat-manage
@@ -73,7 +73,7 @@ def get_entry(dn, conn):
"""
entry = None
try:
- (dn, entry) = conn.get_entry(dn)
+ entry = conn.get_entry(dn)
except errors.NotFound:
pass
return entry
@@ -143,8 +143,8 @@ def main():
print "Updating Directory Server failed."
retval = 1
else:
- mod = {'nsslapd-pluginenabled': 'on'}
- conn.update_entry(compat_dn, mod)
+ entry['nsslapd-pluginenabled'] = ['on']
+ conn.update_entry(entry)
except errors.ExecutionError, lde:
print "An error occurred while talking to the server."
print lde
@@ -174,8 +174,8 @@ def main():
else:
print "Disabling plugin"
- mod = {'nsslapd-pluginenabled': 'off'}
- conn.update_entry(compat_dn, mod)
+ entry['nsslapd-pluginenabled'] = ['off']
+ conn.update_entry(entry)
except errors.DatabaseError, dbe:
print "An error occurred while talking to the server."
print dbe
diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage
index 3320be7..229b6b0 100755
--- a/install/tools/ipa-nis-manage
+++ b/install/tools/ipa-nis-manage
@@ -75,7 +75,7 @@ def get_entry(dn, conn):
"""
entry = None
try:
- (dn, entry) = conn.get_entry(dn)
+ entry = conn.get_entry(dn)
except errors.NotFound:
pass
return entry
@@ -165,20 +165,18 @@ def main():
elif entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
print "Enabling plugin"
# Already configured, just enable the plugin
- mod = {'nsslapd-pluginenabled': 'on'}
- conn.update_entry(nis_config_dn, mod)
+ entry['nsslapd-pluginenabled'] = ['on']
+ conn.update_entry(entry)
else:
print "Plugin already Enabled"
retval = 2
elif args[0] == "disable":
try:
- mod = {'nsslapd-pluginenabled': 'off'}
- conn.update_entry(nis_config_dn, mod)
- except errors.NotFound:
- print "Plugin is already disabled"
- retval = 2
- except errors.EmptyModlist:
+ entry = conn.get_entry(nis_config_dn, ['nsslapd-pluginenabled'])
+ entry['nsslapd-pluginenabled'] = ['off']
+ conn.update_entry(entry)
+ except (errors.NotFound, errors.EmptyModlist):
print "Plugin is already disabled"
retval = 2
except errors.LDAPError, lde:
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index dcf0bce..63710d0 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -561,10 +561,10 @@ def set_subject_in_config(realm_name, dm_password, suffix, subject_base):
except errors.ExecutionError, e:
root_logger.critical("Could not connect to the Directory Server on %s" % realm_name)
raise e
- (dn, entry_attrs) = conn.get_ipa_config()
+ entry_attrs = conn.get_ipa_config()
if 'ipacertificatesubjectbase' not in entry_attrs:
- mod = {'ipacertificatesubjectbase': str(subject_base)}
- conn.update_entry(dn, mod)
+ entry_attrs['ipacertificatesubjectbase'] = [str(subject_base)]
+ conn.update_entry(entry_attrs)
conn.disconnect()
diff --git a/install/tools/ipactl b/install/tools/ipactl
index 3b42b92..fd1e5e6 100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -137,7 +137,7 @@ def get_config(dirsrv):
except Exception, e:
masters_list.append("No master found because of error: %s" % str(e))
else:
- for dn, master_entry in entries:
+ for master_entry in entries:
masters_list.append(master_entry.single_value['cn'])
masters = "\n".join(masters_list)
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index 5eb6157..6c74418 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -472,7 +472,7 @@ class ADTRUSTInstance(service.Service):
members = current.get('memberPrincipal', [])
if not(self.cifs_principal in members):
current["memberPrincipal"] = members + [self.cifs_principal]
- self.admin_conn.update_entry(targets_dn, current)
+ self.admin_conn.update_entry(current)
else:
self.print_msg('cifs principal already targeted, nothing to do.')
except errors.NotFound:
@@ -503,7 +503,7 @@ class ADTRUSTInstance(service.Service):
members = current.get('member', [])
if not(self.cifs_agent in members):
current["member"] = members + [self.cifs_agent]
- self.admin_conn.update_entry(self.smb_dn, current)
+ self.admin_conn.update_entry(current)
except errors.NotFound:
entry = self.admin_conn.make_entry(
self.smb_dn,
@@ -723,7 +723,7 @@ class ADTRUSTInstance(service.Service):
lookup_nsswitch = current.get(lookup_nsswitch_name, [])
if not(config[1] in lookup_nsswitch):
current[lookup_nsswitch_name] = [config[1]]
- self.admin_conn.update_entry(entry_dn, current)
+ self.admin_conn.update_entry(current)
except Exception, e:
root_logger.critical("Enabling nsswitch support in slapi-nis failed with error '%s'" % e)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 52c91b6..5e7cab8 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -930,21 +930,22 @@ class CAInstance(service.Service):
decoded = base64.b64decode(self.ra_cert)
entry_dn = DN(('uid', "ipara"), ('ou', 'People'), self.basedn)
- entry = [
- ('objectClass', ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'cmsuser']),
- ('uid', "ipara"),
- ('sn', "ipara"),
- ('cn', "ipara"),
- ('usertype', "agentType"),
- ('userstate', "1"),
- ('userCertificate', decoded),
- ('description', '2;%s;%s;%s' % \
- (str(self.requestId),
- DN(('CN', 'Certificate Authority'), self.subject_base),
- DN(('CN', 'IPA RA'), self.subject_base))),
- ]
-
- conn.add_entry(entry_dn, entry)
+ entry = conn.make_entry(
+ entry_dn,
+ objectClass=['top', 'person', 'organizationalPerson',
+ 'inetOrgPerson', 'cmsuser'],
+ uid=["ipara"],
+ sn=["ipara"],
+ cn=["ipara"],
+ usertype=["agentType"],
+ userstate=["1"],
+ userCertificate=[decoded],
+ description=['2;%s;%s;%s' % (
+ str(self.requestId),
+ DN(('CN', 'Certificate Authority'), self.subject_base),
+ DN(('CN', 'IPA RA'), self.subject_base))])
+
+ conn.add_entry(entry)
dn = DN(('cn', 'Certificate Manager Agents'), ('ou', 'groups'), self.basedn)
modlist = [(0, 'uniqueMember', '%s' % entry_dn)]
@@ -1764,11 +1765,11 @@ def update_people_entry(uid, dercert):
conn = ldap2.ldap2(shared_instance=False, ldap_uri=dogtag_uri)
conn.connect(bind_dn=DN(('cn', 'directory manager')),
bind_pw=dm_password)
- (entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate'])
+ entry_attrs = conn.get_entry(dn, ['usercertificate'])
entry_attrs['usercertificate'].append(dercert)
entry_attrs['description'] = '2;%d;%s;%s' % (serial_number, issuer,
subject)
- conn.update_entry(dn, entry_attrs)
+ conn.update_entry(entry_attrs)
updated = True
break
except errors.NetworkError:
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index 36d078a..bd5244d 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -162,7 +162,7 @@ class ReplicaPrepare(admintool.AdminTool):
conn = ldap2(shared_instance=False, base_dn=suffix)
conn.connect(bind_dn=DN(('cn', 'directory manager')),
bind_pw=self.dirman_password)
- dn, entry_attrs = conn.get_ipa_config()
+ entry_attrs = conn.get_ipa_config()
conn.disconnect()
except errors.ACIError:
raise admintool.ScriptError("The password provided is incorrect "