diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-01-31 11:19:13 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-03-01 16:59:46 +0100 |
commit | bb36683c8480a68d54ef632daa0a4d6df9802187 (patch) | |
tree | 00c9652ad120eb4d3a0c3807025615ecbb0d03f1 | |
parent | 982b78277755a301e3baa1d4f2bd7e1663fb88a5 (diff) | |
download | freeipa-bb36683c8480a68d54ef632daa0a4d6df9802187.tar.gz freeipa-bb36683c8480a68d54ef632daa0a4d6df9802187.tar.xz freeipa-bb36683c8480a68d54ef632daa0a4d6df9802187.zip |
Use the dn attribute of LDAPEntry to set/get DNs of entries.
Convert all code that uses the 'dn' key of LDAPEntry for this to use the dn
attribute instead.
-rw-r--r-- | install/tools/ipa-compliance | 10 | ||||
-rwxr-xr-x | install/tools/ipa-replica-install | 2 | ||||
-rw-r--r-- | ipalib/plugins/automember.py | 9 | ||||
-rw-r--r-- | ipalib/plugins/baseldap.py | 58 | ||||
-rw-r--r-- | ipalib/plugins/krbtpolicy.py | 6 | ||||
-rw-r--r-- | ipalib/plugins/permission.py | 6 | ||||
-rw-r--r-- | ipalib/plugins/sudorule.py | 8 | ||||
-rw-r--r-- | ipalib/plugins/trust.py | 2 | ||||
-rw-r--r-- | ipalib/plugins/user.py | 9 | ||||
-rw-r--r-- | ipaserver/ipaldap.py | 4 | ||||
-rw-r--r-- | ipaserver/plugins/ldap2.py | 2 |
11 files changed, 73 insertions, 43 deletions
diff --git a/install/tools/ipa-compliance b/install/tools/ipa-compliance index c82e4151f..9b34350b4 100644 --- a/install/tools/ipa-compliance +++ b/install/tools/ipa-compliance @@ -116,7 +116,7 @@ def check_compliance(tmpdir, debug=False): hostcount = 0 # Get the hosts first try: - (entries, truncated) = conn.find_entries('(krblastpwdchange=*)', ['dn'], + (entries, truncated) = conn.find_entries('(krblastpwdchange=*)', [], DN(api.env.container_host, api.env.basedn), conn.SCOPE_ONELEVEL, size_limit = -1) @@ -136,10 +136,10 @@ def check_compliance(tmpdir, debug=False): available = 0 try: (entries, truncated) = conn.find_entries('(objectclass=ipaentitlement)', - ['dn', 'userCertificate'], - DN(api.env.container_entitlements, api.env.basedn), - conn.SCOPE_ONELEVEL, - size_limit = -1) + ['userCertificate'], + DN(api.env.container_entitlements, api.env.basedn), + conn.SCOPE_ONELEVEL, + size_limit = -1) for entry in entries: (dn, attrs) = entry diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 13c32607a..846122db3 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -572,7 +572,7 @@ def main(): config.dirman_password) found = False try: - entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'], DN(api.env.container_host, api.env.basedn)) + entry = conn.find_entries(u'fqdn=%s' % host, ['fqdn'], DN(api.env.container_host, api.env.basedn)) print "The host %s already exists on the master server.\nYou should remove it before proceeding:" % host print " %% ipa host-del %s" % host found = True diff --git a/ipalib/plugins/automember.py b/ipalib/plugins/automember.py index af39f6aac..520f8a03c 100644 --- a/ipalib/plugins/automember.py +++ b/ipalib/plugins/automember.py @@ -316,10 +316,12 @@ class automember_add_condition(LDAPUpdate): except errors.NotFound: failed['failed'][attr].append(regex) + entry_attrs = entry_to_dict(entry_attrs, **options) + # Set failed and completed to they can be harvested in the execute super setattr(context, 'failed', failed) setattr(context, 'completed', completed) - setattr(context, 'entry_attrs', dict(entry_attrs)) + setattr(context, 'entry_attrs', entry_attrs) # Make sure to returned the failed results if there is nothing to remove if completed == 0: @@ -406,10 +408,13 @@ class automember_remove_condition(LDAPUpdate): else: failed['failed'][attr].append(regex) entry_attrs[attr] = old_entry + + entry_attrs = entry_to_dict(entry_attrs, **options) + # Set failed and completed to they can be harvested in the execute super setattr(context, 'failed', failed) setattr(context, 'completed', completed) - setattr(context, 'entry_attrs', dict(entry_attrs)) + setattr(context, 'entry_attrs', entry_attrs) # Make sure to returned the failed results if there is nothing to remove if completed == 0: diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index b34c92e6d..da89ad6f3 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -229,6 +229,12 @@ def entry_from_entry(entry, newentry): for e in newentry.keys(): entry[e] = newentry[e] +def entry_to_dict(entry, **options): + result = dict(entry) + if options.get('all', False): + result['dn'] = entry.dn + return result + def wait_for_value(ldap, dn, attr, value): """ 389-ds postoperation plugins are executed after the data has been @@ -978,6 +984,7 @@ class LDAPCreate(BaseLDAPCommand, crud.Create): ldap = self.obj.backend entry_attrs = self.args_options_2_entry(*keys, **options) + entry_attrs = ldap.make_entry(DN(), entry_attrs) self.process_attr_options(entry_attrs, None, keys, options) @@ -1063,13 +1070,15 @@ class LDAPCreate(BaseLDAPCommand, crud.Create): for callback in self.get_callbacks('post'): dn = callback(self, ldap, dn, entry_attrs, *keys, **options) + self.obj.convert_attribute_members(entry_attrs, *keys, **options) + assert isinstance(dn, DN) + entry_attrs = entry_to_dict(entry_attrs, **options) entry_attrs['dn'] = dn - self.obj.convert_attribute_members(entry_attrs, *keys, **options) if self.obj.primary_key and keys[-1] is not None: - return dict(result=dict(entry_attrs), value=keys[-1]) - return dict(result=dict(entry_attrs), value=u'') + return dict(result=entry_attrs, value=keys[-1]) + return dict(result=entry_attrs, value=u'') def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) @@ -1190,11 +1199,14 @@ class LDAPRetrieve(LDAPQuery): assert isinstance(dn, DN) self.obj.convert_attribute_members(entry_attrs, *keys, **options) + assert isinstance(dn, DN) + entry_attrs = entry_to_dict(entry_attrs, **options) entry_attrs['dn'] = dn + if self.obj.primary_key and keys[-1] is not None: - return dict(result=dict(entry_attrs), value=keys[-1]) - return dict(result=dict(entry_attrs), value=u'') + return dict(result=entry_attrs, value=keys[-1]) + return dict(result=entry_attrs, value=u'') def pre_callback(self, ldap, dn, attrs_list, *keys, **options): assert isinstance(dn, DN) @@ -1253,6 +1265,7 @@ class LDAPUpdate(LDAPQuery, crud.Update): assert isinstance(dn, DN) entry_attrs = self.args_options_2_entry(**options) + entry_attrs = ldap.make_entry(dn, entry_attrs) self.process_attr_options(entry_attrs, dn, keys, options) @@ -1321,9 +1334,12 @@ class LDAPUpdate(LDAPQuery, crud.Update): assert isinstance(dn, DN) self.obj.convert_attribute_members(entry_attrs, *keys, **options) + + entry_attrs = entry_to_dict(entry_attrs, **options) + if self.obj.primary_key and keys[-1] is not None: - return dict(result=dict(entry_attrs), value=keys[-1]) - return dict(result=dict(entry_attrs), value=u'') + return dict(result=entry_attrs, value=keys[-1]) + return dict(result=entry_attrs, value=u'') def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) @@ -1544,13 +1560,16 @@ class LDAPAddMember(LDAPModMember): **options) assert isinstance(dn, DN) + self.obj.convert_attribute_members(entry_attrs, *keys, **options) + assert isinstance(dn, DN) + entry_attrs = entry_to_dict(entry_attrs, **options) entry_attrs['dn'] = dn - self.obj.convert_attribute_members(entry_attrs, *keys, **options) + return dict( completed=completed, failed=failed, - result=dict(entry_attrs), + result=entry_attrs, ) def pre_callback(self, ldap, dn, found, not_found, *keys, **options): @@ -1642,14 +1661,16 @@ class LDAPRemoveMember(LDAPModMember): **options) assert isinstance(dn, DN) + self.obj.convert_attribute_members(entry_attrs, *keys, **options) + assert isinstance(dn, DN) + entry_attrs = entry_to_dict(entry_attrs, **options) entry_attrs['dn'] = dn - self.obj.convert_attribute_members(entry_attrs, *keys, **options) return dict( completed=completed, failed=failed, - result=dict(entry_attrs), + result=entry_attrs, ) def pre_callback(self, ldap, dn, found, not_found, *keys, **options): @@ -1856,10 +1877,9 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): for e in entries: self.obj.convert_attribute_members(e[1], *args, **options) - for e in entries: - assert isinstance(e[0], DN) - e[1]['dn'] = e[0] - entries = [dict(e) for (dn, e) in entries] + for (i, e) in enumerate(entries): + entries[i] = entry_to_dict(e, **options) + entries[i]['dn'] = e.dn return dict( result=entries, @@ -1994,11 +2014,13 @@ class LDAPAddReverseMember(LDAPModReverseMember): assert isinstance(dn, DN) assert isinstance(dn, DN) + entry_attrs = entry_to_dict(entry_attrs, **options) entry_attrs['dn'] = dn + return dict( completed=completed, failed=failed, - result=dict(entry_attrs), + result=entry_attrs, ) def pre_callback(self, ldap, dn, *keys, **options): @@ -2094,11 +2116,13 @@ class LDAPRemoveReverseMember(LDAPModReverseMember): assert isinstance(dn, DN) assert isinstance(dn, DN) + entry_attrs = entry_to_dict(entry_attrs, **options) entry_attrs['dn'] = dn + return dict( completed=completed, failed=failed, - result=dict(entry_attrs), + result=entry_attrs, ) def pre_callback(self, ldap, dn, *keys, **options): diff --git a/ipalib/plugins/krbtpolicy.py b/ipalib/plugins/krbtpolicy.py index 07e3148db..976f92b3c 100644 --- a/ipalib/plugins/krbtpolicy.py +++ b/ipalib/plugins/krbtpolicy.py @@ -176,8 +176,10 @@ class krbtpolicy_reset(LDAPQuery): dn = self.obj.get_dn(None) (dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes) + entry_attrs = entry_to_dict(entry_attrs, **options) + if keys[-1] is not None: - return dict(result=dict(entry_attrs), value=keys[-1]) - return dict(result=dict(entry_attrs), value=u'') + return dict(result=entry_attrs, value=keys[-1]) + return dict(result=entry_attrs, value=u'') api.register(krbtpolicy_reset) diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 2af1fad7b..7f9bbad79 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -474,10 +474,10 @@ class permission_find(LDAPSearch): dn = permission['dn'] del permission['dn'] if pkey_only: - new_entry = (dn, {self.obj.primary_key.name: \ - permission[self.obj.primary_key.name]}) + pk = self.obj.primary_key.name + new_entry = ldap.make_entry(dn, {pk: permission[pk]}) else: - new_entry = (dn, permission) + new_entry = ldap.make_entry(dn, permission) if (dn, permission) not in entries: if len(entries) < max_entries: diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index a453dcabf..8eea77322 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -642,7 +642,9 @@ class sudorule_add_option(LDAPQuery): dn, attrs_list, normalize=self.obj.normalize_dn ) - return dict(result=dict(entry_attrs)) + entry_attrs = entry_to_dict(entry_attrs, **options) + + return dict(result=entry_attrs) def output_for_cli(self, textui, result, cn, **options): textui.print_dashed(_('Added option "%(option)s" to Sudo Rule "%(rule)s"') % \ @@ -697,7 +699,9 @@ class sudorule_remove_option(LDAPQuery): dn, attrs_list, normalize=self.obj.normalize_dn ) - return dict(result=dict(entry_attrs)) + entry_attrs = entry_to_dict(entry_attrs, **options) + + return dict(result=entry_attrs) def output_for_cli(self, textui, result, cn, **options): textui.print_dashed(_('Removed option "%(option)s" from Sudo Rule "%(rule)s"') % \ diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index 78a6d98f7..2d772130e 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -311,7 +311,7 @@ sides. base_dn = DN(api.env.container_trusts, api.env.basedn), filter = trust_filter) - result['result'] = dict(trusts[0][1]) + result['result'] = entry_to_dict(trusts[0][1], **options) result['result']['trusttype'] = [trust_type_string(result['result']['ipanttrusttype'][0])] result['result']['trustdirection'] = [trust_direction_string(result['result']['ipanttrustdirection'][0])] result['result']['truststatus'] = [trust_status_string(result['verified'])] diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 80bdc39e2..979ade1a7 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -838,15 +838,14 @@ class user_status(LDAPQuery): other_ldap.connect(ccache=os.environ['KRB5CCNAME']) except Exception, e: self.error("user_status: Connecting to %s failed with %s" % (host, str(e))) - newresult = dict() - newresult['dn'] = dn + newresult = ldap.make_entry(dn) newresult['server'] = _("%(host)s failed: %(error)s") % dict(host=host, error=str(e)) entries.append(newresult) count += 1 continue try: entry = other_ldap.get_entry(dn, attr_list) - newresult = dict() + newresult = ldap.make_entry(dn) for attr in ['krblastsuccessfulauth', 'krblastfailedauth']: newresult[attr] = entry[1].get(attr, [u'N/A']) newresult['krbloginfailedcount'] = entry[1].get('krbloginfailedcount', u'0') @@ -860,7 +859,6 @@ class user_status(LDAPQuery): except Exception, e: self.debug("time conversion failed with %s" % str(e)) pass - newresult['dn'] = dn newresult['server'] = host if options.get('raw', False): time_format = '%Y%m%d%H%M%SZ' @@ -876,8 +874,7 @@ class user_status(LDAPQuery): self.obj.handle_not_found(*keys) except Exception, e: self.error("user_status: Retrieving status for %s failed with %s" % (dn, str(e))) - newresult = dict() - newresult['dn'] = dn + newresult = ldap.make_entry(dn) newresult['server'] = _("%(host)s failed") % dict(host=host) entries.append(newresult) count += 1 diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index 1162cbabb..5904836da 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -1244,7 +1244,7 @@ class LDAPClient(object): return ([], []) search_entry_dn = ldap.filter.escape_filter_chars(str(entry_dn)) - attr_list = ["dn", "memberof"] + attr_list = ["memberof"] searchfilter = "(|(member=%s)(memberhost=%s)(memberuser=%s))" % ( search_entry_dn, search_entry_dn, search_entry_dn) @@ -1358,7 +1358,7 @@ class LDAPClient(object): return entries dn, group = self.get_entry( - group_dn, ['dn', 'member'], + group_dn, ['member'], size_limit=size_limit, time_limit=time_limit) real_members = group.get('member', []) diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 295eddd72..360e6e2e2 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -476,7 +476,6 @@ class ldap2(LDAPClient, CrudBackend): assert isinstance(dn, DN) (dn, entry_attrs) = self.get_entry(dn, attrs_list) - entry_attrs['dn'] = dn return entry_attrs def create(self, **kw): @@ -552,7 +551,6 @@ class ldap2(LDAPClient, CrudBackend): filter, attrs_list, base_dn, scope ) for (dn, entry_attrs) in entries: - entry_attrs['dn'] = [dn] output.append(entry_attrs) if truncated: |