Ensure that the Apache server is in forked mode

Add ability to update existing users
Try to prevent fetching and setting empty strings

1 files changed, 20 insertions, 0 deletions

diff --git a/ipa-server/ipaserver/ipaldap.py b/ipa-server/ipaserver/ipaldap.py
index 7268594a9..08113b4c8 100644
--- a/ipa-server/ipaserver/ipaldap.py
+++ b/ipa-server/ipaserver/ipaldap.py
@@ -35,6 +35,7 @@ import time
 import operator
 import struct
 from ldap.controls import LDAPControl,DecodeControlTuples,EncodeControlTuples
+from ldap.modlist import modifyModlist
 
 from ldap.ldapobject import SimpleLDAPObject
 
@@ -307,6 +308,25 @@ class IPAdmin(SimpleLDAPObject):
             raise e
         return "Success"
 
+    def updateEntry(self,dn,olduser,newuser):
+        """This wraps the mod function. It assumes that the entry is already
+           populated with all of the desired objectclasses and attributes"""
+
+        sctrl = self.__get_server_controls__()
+
+        # find the differences but don't remove attributes that are missing
+        # from the update
+        modlist = modifyModlist(olduser, newuser, None, 1)
+
+        try:
+            self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
+            self.modify_s(dn, modlist)
+        except ldap.ALREADY_EXISTS:
+            raise ldap.ALREADY_EXISTS
+        except ldap.LDAPError, e:
+            raise e
+        return "Success"
+
     def __wrapmethods(self):
         """This wraps all methods of SimpleLDAPObject, so that we can intercept
         the methods that deal with entries.  Instead of using a raw list of tuples