Remove some uses of raw python-ldap

Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
author: Petr Viktorin <pviktori@redhat.com> 2013-01-30 09:51:08 -0500
committer: Martin Kosek <mkosek@redhat.com> 2013-03-01 16:59:46 +0100
commit: 982b78277755a301e3baa1d4f2bd7e1663fb88a5 (patch)
tree: 1fc9a5c53663f98dd62ec759cc9d16a76ce2fd2b /ipaserver
parent: 29a02a3530214d2e72667e98c5ecc25ebf5fad48 (diff)
download: freeipa-982b78277755a301e3baa1d4f2bd7e1663fb88a5.tar.gz
freeipa-982b78277755a301e3baa1d4f2bd7e1663fb88a5.tar.xz
freeipa-982b78277755a301e3baa1d4f2bd7e1663fb88a5.zip
4 files changed, 32 insertions, 25 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 4d91dd6ff..51c542734 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -37,8 +37,6 @@ from ipapython.dn import DN
 from ipaserver.install import replication
 from ipaserver.install import dsinstance
 
-import ldap
-
 import pyasn1.codec.ber.decoder
 import struct
 
@@ -260,7 +258,7 @@ class KrbInstance(service.Service):
         try:
             res = self.admin_conn.get_entries(
                 DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')),
-                ldap.SCOPE_ONELEVEL,
+                self.admin_conn.SCOPE_ONELEVEL,
                 "(objectclass=nsSaslMapping)")
             for r in res:
                 try:
@@ -360,8 +358,8 @@ class KrbInstance(service.Service):
 
     def __write_stash_from_ds(self):
         try:
-            entries = self.admin_conn.get_entries(self.get_realm_suffix(),
-                                                  ldap.SCOPE_SUBTREE)
+            entries = self.admin_conn.get_entries(
+                self.get_realm_suffix(), self.admin_conn.SCOPE_SUBTREE)
             # TODO: Ensure we got only one entry
             entry = entries[0]
         except errors.NotFound, e:
diff --git a/ipaserver/install/plugins/rename_managed.py b/ipaserver/install/plugins/rename_managed.py
index c83e8a8a2..206e0a0da 100644
--- a/ipaserver/install/plugins/rename_managed.py
+++ b/ipaserver/install/plugins/rename_managed.py
@@ -22,7 +22,6 @@ from ipaserver.install.plugins.baseupdate import PreUpdate, PostUpdate
 from ipalib import api, errors
 from ipapython import ipautil
 from ipapython.dn import DN, EditableDN
-import ldap as _ldap
 
 def entry_to_update(entry):
     """
@@ -66,9 +65,9 @@ class GenerateUpdateMixin(object):
 
         # If the old entries don't exist the server has already been updated.
         try:
-            (definitions_managed_entries, truncated) = ldap.find_entries(
-                searchfilter, ['*'], old_definition_container, _ldap.SCOPE_ONELEVEL, normalize=False
-            )
+            definitions_managed_entries, truncated = ldap.find_entries(
+                searchfilter, ['*'], old_definition_container,
+                ldap.SCOPE_ONELEVEL, normalize=False)
         except errors.NotFound, e:
             return (False, update_list)
 
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index cc5bb877f..633287e20 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -24,8 +24,6 @@ import pwd
 import time
 import datetime
 
-import ldap
-
 from ipapython import sysrestore
 from ipapython import ipautil
 from ipapython import dogtag
@@ -249,10 +247,12 @@ class Service(object):
             self.ldap_disconnect()
         self.ldap_connect()
 
-        dn = DN(('krbprincipalname', self.principal), ('cn', 'services'), ('cn', 'accounts'), self.suffix)
-        mod = [(ldap.MOD_ADD, 'userCertificate', self.dercert)]
+        dn = DN(('krbprincipalname', self.principal), ('cn', 'services'),
+                ('cn', 'accounts'), self.suffix)
+        entry = self.admin_conn.get_entry(dn)
+        entry.setdefault('userCertificate', []).append(self.dercert)
         try:
-            self.admin_conn.modify_s(dn, mod)
+            self.admin_conn.update_entry(entry)
         except Exception, e:
             root_logger.critical("Could not add certificate to service %s entry: %s" % (self.principal, str(e)))
 
@@ -387,7 +387,7 @@ class Service(object):
 
         try:
             self.admin_conn.add_entry(entry)
-        except (ldap.ALREADY_EXISTS, errors.DuplicateEntry), e:
+        except (errors.DuplicateEntry), e:
             root_logger.debug("failed to add %s Service startup entry" % name)
             raise e
 
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index 343368c99..054a29b40 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -237,12 +237,10 @@ digits and nothing else follows.
 '''
 
 from lxml import etree
-import urllib
 import urllib2
 import datetime
 import time
 from ipapython.dn import DN
-from ldap.filter import escape_filter_chars
 import ipapython.dogtag
 from ipapython import ipautil
 
@@ -1267,11 +1265,17 @@ class ra(rabase.rabase):
 
         Check if a specified host is a master for a specified service.
         """
-        base_dn = DN(('cn', host), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
-        filter = '(&(objectClass=ipaConfigObject)(cn=%s)(ipaConfigString=enabledService))' % escape_filter_chars(service)
+        ldap2 = self.api.Backend.ldap2
+        base_dn = DN(('cn', host), ('cn', 'masters'), ('cn', 'ipa'),
+                     ('cn', 'etc'), api.env.basedn)
+        filter_attrs = {
+            'objectClass': 'ipaConfigObject',
+            'cn': service,
+            'ipaConfigString': 'enabledService',
+        }
+        filter = ldap2.make_filter(filter_attrs, rules='&')
         try:
-            ldap2 = self.api.Backend.ldap2
-            ent,trunc = ldap2.find_entries(filter=filter, base_dn=base_dn)
+            ent, trunc = ldap2.find_entries(filter=filter, base_dn=base_dn)
             if len(ent):
                 return True
         except Exception, e:
@@ -1286,11 +1290,17 @@ class ra(rabase.rabase):
 
         Select any host which is a master for a specified service.
         """
-        base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
-        filter = '(&(objectClass=ipaConfigObject)(cn=%s)(ipaConfigString=enabledService))' % escape_filter_chars(service)
+        ldap2 = self.api.Backend.ldap2
+        base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
+                     api.env.basedn)
+        filter_attrs = {
+            'objectClass': 'ipaConfigObject',
+            'cn': service,
+            'ipaConfigString': 'enabledService',
+        }
+        filter = ldap2.make_filter(filter_attrs, rules='&')
         try:
-            ldap2 = self.api.Backend.ldap2
-            ent,trunc = ldap2.find_entries(filter=filter, base_dn=base_dn)
+            ent, trunc = ldap2.find_entries(filter=filter, base_dn=base_dn)
             if len(ent):
                 entry = random.choice(ent)
                 dn = entry[0]
author	Petr Viktorin <pviktori@redhat.com>	2013-01-30 09:51:08 -0500
committer	Martin Kosek <mkosek@redhat.com>	2013-03-01 16:59:46 +0100
commit	982b78277755a301e3baa1d4f2bd7e1663fb88a5 (patch)
tree	1fc9a5c53663f98dd62ec759cc9d16a76ce2fd2b /ipaserver
parent	29a02a3530214d2e72667e98c5ecc25ebf5fad48 (diff)
download	freeipa-982b78277755a301e3baa1d4f2bd7e1663fb88a5.tar.gz freeipa-982b78277755a301e3baa1d4f2bd7e1663fb88a5.tar.xz freeipa-982b78277755a301e3baa1d4f2bd7e1663fb88a5.zip