diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-10-13 13:07:49 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@priserak.(none)> | 2011-10-13 21:38:03 +0200 |
commit | 197b1acfe4ca40fe9570231d4c74db2ce1048ca6 (patch) | |
tree | c5052eea1d191d3dfeec25f67d71ddcdb4e16c97 | |
parent | 8baec8d06b51717e9835b90deef7e2b47a01d6e3 (diff) | |
download | freeipa-197b1acfe4ca40fe9570231d4c74db2ce1048ca6.tar.gz freeipa-197b1acfe4ca40fe9570231d4c74db2ce1048ca6.tar.xz freeipa-197b1acfe4ca40fe9570231d4c74db2ce1048ca6.zip |
Fix has_upg() to work with relocated managed entries configuration.
https://fedorahosted.org/freeipa/ticket/1964
-rw-r--r-- | ipaserver/plugins/ldap2.py | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 6eeab56a8..5c4018293 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -33,6 +33,7 @@ import string import shutil import tempfile import time +import re import krbV import logging @@ -192,9 +193,6 @@ def get_schema(url, conn=None): # Global schema _schema = None -# The UPG setting will be cached the first time a module checks it -_upg = None - class ldap2(CrudBackend, Encoder): """ LDAP Backend Take 2. @@ -707,23 +705,24 @@ class ldap2(CrudBackend, Encoder): def has_upg(self): """Returns True/False whether User-Private Groups are enabled. This is determined based on whether the UPG Template exists. - We determine this at module load so we don't have to test for - it every time. """ - global _upg - if _upg is None: - try: - upg_entry = self.conn.search_s( - 'cn=UPG Template,cn=etc,%s' % api.env.basedn, - _ldap.SCOPE_BASE, - attrlist=['*'] - )[0] - _upg = True - except _ldap.NO_SUCH_OBJECT, e: - _upg = False - - return _upg + upg_dn = str(DN('cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc', api.env.basedn)) + + try: + upg_entry = self.conn.search_s( + upg_dn, + _ldap.SCOPE_BASE, + attrlist=['*'] + )[0] + disable_attr = '(objectclass=disable)' + if 'originfilter' in upg_entry[1]: + org_filter = upg_entry[1]['originfilter'] + return not bool(re.search(r'%s' % disable_attr, org_filter[0])) + else: + return False + except _ldap.NO_SUCH_OBJECT, e: + return False @encode_args(1, 2) def get_effective_rights(self, dn, entry_attrs): |