diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2013-01-17 08:31:23 -0500 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-03-01 16:59:43 +0100 |
| commit | 08276c24febf392bbf67cd4917ce65c77e371aef (patch) | |
| tree | 75b45a8ff3c3b81af4f4338ab36de15c38f5319f /ipaserver/plugins/ldap2.py | |
| parent | 49a0e3ac01e3abef2be324bc3689d1296762265a (diff) | |
| download | freeipa-08276c24febf392bbf67cd4917ce65c77e371aef.tar.gz freeipa-08276c24febf392bbf67cd4917ce65c77e371aef.tar.xz freeipa-08276c24febf392bbf67cd4917ce65c77e371aef.zip | |
Remove connection-creating code from ShemaCache
The connection code depends on the api object. If we want to use
the cache in installer code, where the api object is not always
available, the dependency must be removed.
Luckily, SchemaCache.get_schema is currently always given a connection.
Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
Diffstat (limited to 'ipaserver/plugins/ldap2.py')
| -rw-r--r-- | ipaserver/plugins/ldap2.py | 37 |
1 files changed, 3 insertions, 34 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 16e7e55e2..d27d2de07 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -127,7 +127,7 @@ class SchemaCache(object): self.log = log_mgr.get_logger(self) self.servers = {} - def get_schema(self, url, conn=None, force_update=False): + def get_schema(self, url, conn, force_update=False): ''' Return schema belonging to a specific LDAP server. @@ -154,7 +154,7 @@ class SchemaCache(object): except KeyError: pass - def _retrieve_schema_from_server(self, url, conn=None): + def _retrieve_schema_from_server(self, url, conn): """ Retrieve the LDAP schema from the provided url and determine if User-Private Groups (upg) are configured. @@ -168,41 +168,12 @@ class SchemaCache(object): used. The connection is not closed when the request is done. """ tmpdir = None - has_conn = conn is not None + assert conn is not None self.log.debug( 'retrieving schema for SchemaCache url=%s conn=%s', url, conn) try: - if api.env.context == 'server' and conn is None: - # FIXME: is this really what we want to do? - # This seems like this logic is in the wrong place and may conflict with other state. - try: - # Create a new credentials cache for this Apache process - tmpdir = tempfile.mkdtemp(prefix = "tmp-") - ccache_file = 'FILE:%s/ccache' % tmpdir - krbcontext = krbV.default_context() - principal = str('HTTP/%s@%s' % (api.env.host, api.env.realm)) - keytab = krbV.Keytab(name='/etc/httpd/conf/ipa.keytab', context=krbcontext) - principal = krbV.Principal(name=principal, context=krbcontext) - prev_ccache = os.environ.get('KRB5CCNAME') - os.environ['KRB5CCNAME'] = ccache_file - ccache = krbV.CCache(name=ccache_file, context=krbcontext, primary_principal=principal) - ccache.init(principal) - ccache.init_creds_keytab(keytab=keytab, principal=principal) - except krbV.Krb5Error, e: - raise StandardError('Unable to retrieve LDAP schema. Error initializing principal %s in %s: %s' % (principal.name, '/etc/httpd/conf/ipa.keytab', str(e))) - finally: - if prev_ccache is not None: - os.environ['KRB5CCNAME'] = prev_ccache - - - if conn is None: - conn = IPASimpleLDAPObject(url) - if url.startswith('ldapi://'): - conn.set_option(_ldap.OPT_HOST_NAME, api.env.host) - conn.sasl_interactive_bind_s(None, SASL_AUTH) - try: schema_entry = conn.search_s('cn=schema', _ldap.SCOPE_BASE, attrlist=['attributetypes', 'objectclasses'])[0] @@ -212,8 +183,6 @@ class SchemaCache(object): self.log.debug('cn=schema not found, fallback to cn=subschema') schema_entry = conn.search_s('cn=subschema', _ldap.SCOPE_BASE, attrlist=['attributetypes', 'objectclasses'])[0] - if not has_conn: - conn.unbind_s() except _ldap.SERVER_DOWN: raise NetworkError(uri=url, error=u'LDAP Server Down, unable to retrieve LDAP schema') |