summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2012-11-15 21:38:26 -0500
committerMartin Kosek <mkosek@redhat.com>2012-11-21 14:55:12 +0100
commitf1f1b4e7f2e9c1838ad7ec76002b78ca0c2a3c46 (patch)
tree7c563571ef9e8ac8599cd81a5b17422d79eb2f59 /ipalib/plugins
parent2093007d4d2b3183b65a07d421954b3e8a12e93b (diff)
downloadfreeipa-f1f1b4e7f2e9c1838ad7ec76002b78ca0c2a3c46.tar.gz
freeipa-f1f1b4e7f2e9c1838ad7ec76002b78ca0c2a3c46.tar.xz
freeipa-f1f1b4e7f2e9c1838ad7ec76002b78ca0c2a3c46.zip
Enable transactions by default, make password and modrdn TXN-aware
The password and modrdn plugins needed to be made transaction aware for the pre and post operations. Remove the reverse member hoop jumping. Just fetch the entry once and all the memberof data is there (plus objectclass). Fix some unit tests that are failing because we actually get the data now due to transactions. Add small bit of code in user plugin to retrieve the user again ala wait_for_attr but in the case of transactions we need do it only once. Deprecate wait_for_attr code. Add a memberof fixup task for roles. https://fedorahosted.org/freeipa/ticket/1263 https://fedorahosted.org/freeipa/ticket/1891 https://fedorahosted.org/freeipa/ticket/2056 https://fedorahosted.org/freeipa/ticket/3043 https://fedorahosted.org/freeipa/ticket/3191 https://fedorahosted.org/freeipa/ticket/3046
Diffstat (limited to 'ipalib/plugins')
-rw-r--r--ipalib/plugins/baseldap.py60
-rw-r--r--ipalib/plugins/permission.py1
-rw-r--r--ipalib/plugins/user.py12
3 files changed, 12 insertions, 61 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index a55a23244..85e2bec36 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -231,50 +231,6 @@ def entry_from_entry(entry, newentry):
for e in newentry:
entry[e] = newentry[e]
-def wait_for_memberof(keys, entry_start, completed, show_command, adding=True):
- """
- When adding or removing reverse members we are faking an update to
- object A by updating the member attribute in object B. The memberof
- plugin makes this work by adding or removing the memberof attribute
- to/from object A, it just takes a little bit of time.
-
- This will loop for 6+ seconds, retrieving object A so we can see
- if all the memberof attributes have been updated.
- """
- if completed == 0:
- # nothing to do
- return api.Command[show_command](keys[-1])['result']
-
- if 'memberof' in entry_start:
- starting_memberof = len(entry_start['memberof'])
- else:
- starting_memberof = 0
-
- # Loop a few times to give the memberof plugin a chance to add the
- # entries. Don't sleep for more than 6 seconds.
- memberof = 0
- x = 0
- while x < 20:
- # sleep first because the first search, even on a quiet system,
- # almost always fails to have memberof set.
- time.sleep(.3)
- x = x + 1
-
- # FIXME: put a try/except around here? I think it is probably better
- # to just let the exception filter up to the caller.
- entry_attrs = api.Command[show_command](keys[-1])['result']
- if 'memberof' in entry_attrs:
- memberof = len(entry_attrs['memberof'])
-
- if adding:
- if starting_memberof + completed >= memberof:
- break
- else:
- if starting_memberof + completed <= memberof:
- break
-
- return entry_attrs
-
def wait_for_value(ldap, dn, attr, value):
"""
389-ds postoperation plugins are executed after the data has been
@@ -2029,11 +1985,9 @@ class LDAPAddReverseMember(LDAPModReverseMember):
except errors.PublicError, e:
failed['member'][self.reverse_attr].append((attr, unicode(msg)))
- # Wait for the memberof plugin to update the entry
- try:
- entry_attrs = wait_for_memberof(keys, entry_start, completed, self.show_command, adding=True)
- except Exception, e:
- raise errors.ReverseMemberError(verb=_('added'), exc=str(e))
+ # Update the member data.
+ (dn, entry_attrs) = ldap.get_entry(dn, ['*'])
+ self.obj.convert_attribute_members(entry_attrs, *keys, **options)
for callback in self.get_callbacks('post'):
(completed, dn) = callback(
@@ -2131,11 +2085,9 @@ class LDAPRemoveReverseMember(LDAPModReverseMember):
except errors.PublicError, e:
failed['member'][self.reverse_attr].append((attr, unicode(msg)))
- # Wait for the memberof plugin to update the entry
- try:
- entry_attrs = wait_for_memberof(keys, entry_start, completed, self.show_command, adding=False)
- except Exception, e:
- raise errors.ReverseMemberError(verb=_('removed'), exc=str(e))
+ # Update the member data.
+ (dn, entry_attrs) = ldap.get_entry(dn, ['*'])
+ self.obj.convert_attribute_members(entry_attrs, *keys, **options)
for callback in self.get_callbacks('post'):
(completed, dn) = callback(
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 80c6bc068..1fbf9e018 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -115,6 +115,7 @@ class permission(LDAPObject):
]
attribute_members = {
'member': ['privilege'],
+ 'memberindirect': ['role'],
}
rdn_is_primary_key = True
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 5d667dc94..80bdc39e2 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -547,9 +547,6 @@ class user_add(LDAPCreate):
except errors.AlreadyGroupMember:
pass
- if self.api.env.wait_for_attr:
- newentry = wait_for_value(ldap, dn, 'memberOf', def_primary_group)
- entry_from_entry(entry_attrs, newentry)
self.obj._convert_manager(entry_attrs, **options)
# delete description attribute NO_UPG_MAGIC if present
if options.get('noprivate', False):
@@ -563,10 +560,11 @@ class user_add(LDAPCreate):
self.api.Command['user_mod'](keys[-1], **kw)
except (errors.EmptyModlist, errors.NotFound):
pass
- else:
- if self.api.env.wait_for_attr:
- newentry = wait_for_value(ldap, dn, 'objectclass', 'mepOriginEntry')
- entry_from_entry(entry_attrs, newentry)
+
+ # Fetch the entry again to update memberof, mep data, etc updated
+ # at the end of the transaction.
+ (newdn, newentry) = ldap.get_entry(dn, ['*'])
+ entry_attrs.update(newentry)
if options.get('random', False):
try: