diff options
-rw-r--r-- | ipaserver/install/cainstance.py | 3 | ||||
-rw-r--r-- | ipaserver/ipaldap.py | 3 | ||||
-rw-r--r-- | ipaserver/plugins/ldap2.py | 28 |
3 files changed, 25 insertions, 9 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index a5cfc6fb3..d29f6746c 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1752,7 +1752,8 @@ def replica_ca_install_check(config, master_ds_port): objectclass = 'ipaObject' root_logger.debug('Checking if IPA schema is present in %s', ca_ldap_url) try: - connection = ldap2.IPASimpleLDAPObject(ca_ldap_url) + connection = ldap2.IPASimpleLDAPObject( + ca_ldap_url, force_schema_updates=False) connection.start_tls_s() connection.simple_bind_s(DN(('cn', 'Directory Manager')), config.dirman_password) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index ddf34cd3d..49b387725 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -41,8 +41,11 @@ from ipaserver.plugins.ldap2 import IPASimpleLDAPObject SASL_AUTH = ldap.sasl.sasl({}, 'GSSAPI') DEFAULT_TIMEOUT = 10 + class IPAEntryLDAPObject(IPASimpleLDAPObject): + # FIXME: class for backwards compatibility only def __init__(self, *args, **kwds): + kwds.setdefault('force_schema_updates', True) IPASimpleLDAPObject.__init__(self, *args, **kwds) def result(self, msgid=ldap.RES_ANY, all=1, timeout=None): diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index d27d2de07..a8dd03a46 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -277,19 +277,28 @@ class IPASimpleLDAPObject(object): 'originscope': DN_SYNTAX_OID, # DN }) - def __init__(self, uri): + def __init__(self, uri, force_schema_updates): + """An internal LDAP connection object + + :param uri: The LDAP URI to connect to + :param force_schema_updates: + If true, this object will always request a new schema from the + server. If false, a cached schema will be reused if it exists. + + Generally, it should be true if the API context is 'installer' or + 'updates', but it must be given explicitly since the API object + is not always available + """ self.log = log_mgr.get_logger(self) self.uri = uri self.conn = SimpleLDAPObject(uri) self._schema = None + self._force_schema_updates = force_schema_updates def _get_schema(self): if self._schema is None: - # The schema may be updated during install or during - # updates, make sure we have a current version of the - # schema, not an out of date cached version. - force_update = api.env.context in ('installer', 'updates') - self._schema = schema_cache.get_schema(self.uri, self.conn, force_update=force_update) + self._schema = schema_cache.get_schema( + self.uri, self.conn, force_update=self._force_schema_updates) return self._schema schema = property(_get_schema, None, None, 'schema associated with this LDAP server') @@ -775,7 +784,9 @@ class ldap2(CrudBackend): _ldap.set_option(_ldap.OPT_DEBUG_LEVEL, debug_level) try: - conn = IPASimpleLDAPObject(self.ldap_uri) + force_updates = api.env.context in ('installer', 'updates') + conn = IPASimpleLDAPObject( + self.ldap_uri, force_schema_updates=force_updates) if self.ldap_uri.startswith('ldapi://') and ccache: conn.set_option(_ldap.OPT_HOST_NAME, api.env.host) minssf = conn.get_option(_ldap.OPT_X_SASL_SSF_MIN) @@ -1409,7 +1420,8 @@ class ldap2(CrudBackend): # so we'll do a simple bind to validate it. if old_pass != '': try: - conn = IPASimpleLDAPObject(self.ldap_uri) + conn = IPASimpleLDAPObject( + self.ldap_uri, force_schema_updates=False) conn.simple_bind_s(dn, old_pass) conn.unbind() except _ldap.LDAPError, e: |