summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ipalib/plugins/aci.py13
-rw-r--r--ipalib/plugins/automember.py18
-rw-r--r--ipalib/plugins/automount.py10
-rw-r--r--ipalib/plugins/baseldap.py169
-rw-r--r--ipalib/plugins/config.py6
-rw-r--r--ipalib/plugins/dns.py70
-rw-r--r--ipalib/plugins/group.py26
-rw-r--r--ipalib/plugins/hbacrule.py42
-rw-r--r--ipalib/plugins/hbactest.py2
-rw-r--r--ipalib/plugins/host.py35
-rw-r--r--ipalib/plugins/hostgroup.py3
-rw-r--r--ipalib/plugins/idrange.py10
-rw-r--r--ipalib/plugins/krbtpolicy.py6
-rw-r--r--ipalib/plugins/migration.py77
-rw-r--r--ipalib/plugins/netgroup.py5
-rw-r--r--ipalib/plugins/passwd.py6
-rw-r--r--ipalib/plugins/permission.py2
-rw-r--r--ipalib/plugins/pkinit.py5
-rw-r--r--ipalib/plugins/pwpolicy.py10
-rw-r--r--ipalib/plugins/realmdomains.py6
-rw-r--r--ipalib/plugins/selinuxusermap.py41
-rw-r--r--ipalib/plugins/service.py15
-rw-r--r--ipalib/plugins/sudocmd.py8
-rw-r--r--ipalib/plugins/sudorule.py48
-rw-r--r--ipalib/plugins/trust.py10
-rw-r--r--ipalib/plugins/user.py45
-rw-r--r--ipalib/util.py2
-rw-r--r--ipaserver/dcerpc.py18
28 files changed, 364 insertions, 344 deletions
diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py
index a4c386654..45900b357 100644
--- a/ipalib/plugins/aci.py
+++ b/ipalib/plugins/aci.py
@@ -367,17 +367,16 @@ def _aci_to_kw(ldap, a, test=False, pkey_only=False):
groupdn = DN(groupdn)
if len(groupdn) and groupdn[0].attr == 'cn':
dn = DN()
- entry = {}
+ entry = ldap.make_entry(dn)
try:
entry = ldap.get_entry(groupdn, ['cn'])
- dn = entry.dn
except errors.NotFound, e:
# FIXME, use real name here
if test:
dn = DN(('cn', 'test'), api.env.container_permission,
api.env.basedn)
- entry = {'cn': [u'test']}
- if api.env.container_permission in dn:
+ entry = ldap.make_entry(dn, {'cn': [u'test']})
+ if api.env.container_permission in entry.dn:
kw['permission'] = entry['cn'][0]
else:
if 'cn' in entry:
@@ -539,7 +538,6 @@ class aci_add(crud.Create):
newaci = _make_aci(ldap, None, aciname, kw)
entry = ldap.get_entry(self.api.env.basedn, ['aci'])
- dn = entry.dn
acis = _convert_strings_to_acis(entry.get('aci', []))
for a in acis:
@@ -584,7 +582,6 @@ class aci_del(crud.Delete):
ldap = self.api.Backend.ldap2
entry = ldap.get_entry(self.api.env.basedn, ['aci'])
- dn = entry.dn
acistrs = entry.get('aci', [])
acis = _convert_strings_to_acis(acistrs)
@@ -704,7 +701,6 @@ class aci_find(crud.Search):
ldap = self.api.Backend.ldap2
entry = ldap.get_entry(self.api.env.basedn, ['aci'])
- dn = entry.dn
acis = _convert_strings_to_acis(entry.get('aci', []))
results = []
@@ -754,7 +750,8 @@ class aci_find(crud.Search):
pass
else:
for a in acis:
- if a.bindrule['expression'] != ('ldap:///%s' % dn):
+ uri = 'ldap:///%s' % entry.dn
+ if a.bindrule['expression'] != uri:
results.remove(a)
acis = list(results)
diff --git a/ipalib/plugins/automember.py b/ipalib/plugins/automember.py
index 71f9a8324..a12bfb525 100644
--- a/ipalib/plugins/automember.py
+++ b/ipalib/plugins/automember.py
@@ -300,7 +300,7 @@ class automember_add_condition(LDAPUpdate):
assert isinstance(dn, DN)
# Check to see if the automember rule exists
try:
- (tdn, test_attrs) = ldap.get_entry(dn, [])
+ dn = ldap.get_entry(dn, []).dn
except errors.NotFound:
raise errors.NotFound(reason=_(u'Auto member rule: %s not found!') % keys[0])
# Define container key
@@ -318,7 +318,7 @@ class automember_add_condition(LDAPUpdate):
entry_attrs[attr] = [key + condition for condition in options[attr]]
completed += len(entry_attrs[attr])
try:
- (dn, old_entry) = ldap.get_entry(dn, [attr])
+ old_entry = ldap.get_entry(dn, [attr])
for regex in old_entry.keys():
if not isinstance(entry_attrs[regex], (list, tuple)):
entry_attrs[regex] = [entry_attrs[regex]]
@@ -339,7 +339,7 @@ class automember_add_condition(LDAPUpdate):
# Make sure to returned the failed results if there is nothing to remove
if completed == 0:
- (dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
+ ldap.get_entry(dn, attrs_list)
raise errors.EmptyModlist
return dn
@@ -386,7 +386,7 @@ class automember_remove_condition(LDAPUpdate):
assert isinstance(dn, DN)
# Check to see if the automember rule exists
try:
- (tdn, test_attrs) = ldap.get_entry(dn, [])
+ ldap.get_entry(dn, [])
except errors.NotFound:
raise errors.NotFound(reason=_(u'Auto member rule: %s not found!') % keys[0])
@@ -402,13 +402,13 @@ class automember_remove_condition(LDAPUpdate):
failed = {'failed': {}}
# Check to see if there are existing exclusive conditions present.
- (dn, exclude_present) = ldap.get_entry(dn, [EXCLUDE_RE])
+ dn = ldap.get_entry(dn, [EXCLUDE_RE]).dn
for attr in (INCLUDE_RE, EXCLUDE_RE):
failed['failed'][attr] = []
if attr in options and options[attr]:
entry_attrs[attr] = [key + condition for condition in options[attr]]
- (dn, entry_attrs_) = ldap.get_entry(dn, [attr])
+ entry_attrs_ = ldap.get_entry(dn, [attr])
old_entry = entry_attrs_.get(attr, [])
for regex in entry_attrs[attr]:
if regex in old_entry:
@@ -427,7 +427,7 @@ class automember_remove_condition(LDAPUpdate):
# Make sure to returned the failed results if there is nothing to remove
if completed == 0:
- (dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
+ ldap.get_entry(dn, attrs_list)
raise errors.EmptyModlist
return dn
@@ -557,13 +557,13 @@ class automember_default_group_remove(LDAPUpdate):
api.env.basedn)
attr = 'automemberdefaultgroup'
- (dn, entry_attrs_) = ldap.get_entry(dn, [attr])
+ entry_attrs_ = ldap.get_entry(dn, [attr])
if attr not in entry_attrs_:
raise errors.NotFound(reason=_(u'No default (fallback) group set'))
else:
entry_attrs[attr] = []
- return dn
+ return entry_attrs_.dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
diff --git a/ipalib/plugins/automount.py b/ipalib/plugins/automount.py
index a7596b475..4b94a5957 100644
--- a/ipalib/plugins/automount.py
+++ b/ipalib/plugins/automount.py
@@ -603,11 +603,11 @@ class automountmap_del(LDAPDelete):
assert isinstance(dn, DN)
# delete optional parental connection (direct maps may not have this)
try:
- (dn_, entry_attrs) = ldap.find_entry_by_attr(
+ entry_attrs = ldap.find_entry_by_attr(
'automountinformation', keys[0], 'automount',
base_dn=DN(self.obj.container_dn, api.env.basedn)
)
- ldap.delete_entry(dn_)
+ ldap.delete_entry(entry_attrs)
except errors.NotFound:
pass
return True
@@ -715,7 +715,7 @@ class automountkey(LDAPObject):
# First we look with the information given, then try to search for
# the right entry.
try:
- (dn, entry_attrs) = ldap.get_entry(dn, ['*'])
+ dn = ldap.get_entry(dn, ['*']).dn
except errors.NotFound:
if kwargs.get('automountinformation', False):
sfilter = '(&(automountkey=%s)(automountinformation=%s))' % \
@@ -732,7 +732,7 @@ class automountkey(LDAPObject):
raise errors.NotFound(reason=_('More than one entry with key %(key)s found, use --info to select specific entry.') % dict(key=pkey))
if truncated:
raise errors.LimitsExceeded()
- dn = entries[0][0]
+ dn = entries[0].dn
return dn
@@ -955,7 +955,7 @@ class automountkey_mod(LDAPUpdate):
# automountinformation attribute of existing LDAP object needs
# to be retrieved so that RDN can be generated
dn = self.obj.get_dn(*keys, **options)
- (dn_, entry_attrs_) = ldap.get_entry(dn, ['automountinformation'])
+ entry_attrs_ = ldap.get_entry(dn, ['automountinformation'])
new_info = entry_attrs_.get('automountinformation', [])[0]
# automounkey attribute cannot be overwritten so that get_dn()
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index c59f5fa21..1d26c9859 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -203,8 +203,8 @@ def get_effective_rights(ldap, dn, attrs=None):
attrs = ['*', 'nsaccountlock', 'cospriority']
rights = ldap.get_effective_rights(dn, attrs)
rdict = {}
- if 'attributelevelrights' in rights[1]:
- rights = rights[1]['attributelevelrights']
+ if 'attributelevelrights' in rights:
+ rights = rights['attributelevelrights']
rights = rights[0].split(', ')
for r in rights:
(k,v) = r.split(':')
@@ -262,7 +262,7 @@ def wait_for_value(ldap, dn, attr, value):
# FIXME: put a try/except around here? I think it is probably better
# to just let the exception filter up to the caller.
- (dn, entry_attrs) = ldap.get_entry( dn, ['*'])
+ entry_attrs = ldap.get_entry(dn, ['*'])
if attr in entry_attrs:
if isinstance(entry_attrs[attr], (list, tuple)):
values = map(lambda y:y.lower(), entry_attrs[attr])
@@ -332,8 +332,8 @@ def add_external_post_callback(memberattr, membertype, externalattr, ldap, compl
# Sift through the failures. We assume that these are all
# entries that aren't stored in IPA, aka external entries.
if memberattr in failed and membertype in failed[memberattr]:
- (dn, entry_attrs_) = ldap.get_entry(dn, [externalattr])
- assert isinstance(dn, DN)
+ entry_attrs_ = ldap.get_entry(dn, [externalattr])
+ dn = entry_attrs_.dn
members = entry_attrs.get(memberattr, [])
external_entries = entry_attrs_.get(externalattr, [])
lc_external_entries = set(e.lower() for e in external_entries)
@@ -364,8 +364,9 @@ def add_external_post_callback(memberattr, membertype, externalattr, ldap, compl
failed_entries.append(membername)
if completed_external:
+ entry_attrs_[externalattr] = external_entries
try:
- ldap.update_entry(dn, {externalattr: external_entries})
+ ldap.update_entry(entry_attrs_)
except errors.EmptyModlist:
pass
failed[memberattr][membertype] = failed_entries
@@ -378,7 +379,8 @@ def remove_external_post_callback(memberattr, membertype, externalattr, ldap, co
# Run through the failures and gracefully remove any member defined
# as an external member.
if memberattr in failed and membertype in failed[memberattr]:
- (dn, entry_attrs_) = ldap.get_entry(dn, [externalattr])
+ entry_attrs_ = ldap.get_entry(dn, [externalattr])
+ dn = entry_attrs_.dn
external_entries = entry_attrs_.get(externalattr, [])
failed_entries = []
completed_external = 0
@@ -398,8 +400,9 @@ def remove_external_post_callback(memberattr, membertype, externalattr, ldap, co
failed_entries.append(membername)
if completed_external:
+ entry_attrs_[externalattr] = external_entries
try:
- ldap.update_entry(dn, {externalattr: external_entries})
+ ldap.update_entry(entry_attrs_)
except errors.EmptyModlist:
pass
failed[memberattr][membertype] = failed_entries
@@ -415,7 +418,7 @@ def host_is_master(ldap, fqdn):
"""
master_dn = DN(('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
try:
- (dn, entry_attrs) = ldap.get_entry(master_dn, ['objectclass'])
+ ldap.get_entry(master_dn, ['objectclass'])
raise errors.ValidationError(name='hostname', error=_('An IPA master host cannot be deleted or disabled'))
except errors.NotFound:
# Good, not a master
@@ -478,14 +481,14 @@ class LDAPObject(Object):
parent_dn = DN(self.container_dn, api.env.basedn)
if self.rdn_attribute:
try:
- (dn, entry_attrs) = self.backend.find_entry_by_attr(
+ entry_attrs = self.backend.find_entry_by_attr(
self.primary_key.name, keys[-1], self.object_class, [''],
DN(self.container_dn, api.env.basedn)
)
except errors.NotFound:
pass
else:
- return dn
+ return entry_attrs.dn
if self.primary_key and keys[-1] is not None:
return self.backend.make_dn_from_attr(
self.primary_key.name, keys[-1], parent_dn
@@ -502,7 +505,7 @@ class LDAPObject(Object):
assert isinstance(dn, DN)
try:
if self.rdn_attribute:
- (dn, entry_attrs) = self.backend.get_entry(
+ entry_attrs = self.backend.get_entry(
dn, [self.primary_key.name]
)
try:
@@ -609,7 +612,7 @@ class LDAPObject(Object):
json_dict['primary_key'] = self.primary_key.name
objectclasses = self.object_class
if self.object_class_config:
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
objectclasses = config.get(
self.object_class_config, objectclasses
)
@@ -872,7 +875,7 @@ last, after all sets and adds."""),
if needldapattrs:
try:
- (dn, old_entry) = self._exc_wrapper(keys, options, ldap.get_entry)(
+ old_entry = self._exc_wrapper(keys, options, ldap.get_entry)(
dn, needldapattrs
)
except errors.NotFound:
@@ -1004,15 +1007,16 @@ class LDAPCreate(BaseLDAPCommand, crud.Create):
def execute(self, *keys, **options):
ldap = self.obj.backend
- entry_attrs = self.args_options_2_entry(*keys, **options)
- entry_attrs = ldap.make_entry(DN(), entry_attrs)
+ dn = self.obj.get_dn(*keys, **options)
+ entry_attrs = ldap.make_entry(
+ dn, self.args_options_2_entry(*keys, **options))
self.process_attr_options(entry_attrs, None, keys, options)
entry_attrs['objectclass'] = deepcopy(self.obj.object_class)
if self.obj.object_class_config:
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
entry_attrs['objectclass'] = config.get(
self.obj.object_class_config, entry_attrs['objectclass']
)
@@ -1020,8 +1024,6 @@ class LDAPCreate(BaseLDAPCommand, crud.Create):
if self.obj.uuid_attribute:
entry_attrs[self.obj.uuid_attribute] = 'autogenerate'
- dn = self.obj.get_dn(*keys, **options)
- assert isinstance(dn, DN)
if self.obj.rdn_attribute:
try:
dn_attr = dn[0].attr
@@ -1029,10 +1031,9 @@ class LDAPCreate(BaseLDAPCommand, crud.Create):
dn_attr = None
if dn_attr != self.obj.primary_key.name:
self.obj.handle_duplicate_entry(*keys)
- dn = ldap.make_dn(
+ entry_attrs.dn = ldap.make_dn(
entry_attrs, self.obj.rdn_attribute,
- DN(self.obj.container_dn, api.env.basedn)
- )
+ DN(self.obj.container_dn, api.env.basedn))
if options.get('all', False):
attrs_list = ['*'] + self.obj.default_attributes
@@ -1044,16 +1045,16 @@ class LDAPCreate(BaseLDAPCommand, crud.Create):
attrs_list = list(attrs_list)
for callback in self.get_callbacks('pre'):
- dn = callback(
- self, ldap, dn, entry_attrs, attrs_list, *keys, **options)
- assert isinstance(dn, DN)
+ entry_attrs.dn = callback(
+ self, ldap, entry_attrs.dn, entry_attrs, attrs_list,
+ *keys, **options)
_check_single_value_attrs(self.params, entry_attrs)
_check_limit_object_class(self.api.Backend.ldap2.schema.attribute_types(self.obj.limit_object_classes), entry_attrs.keys(), allow_only=True)
_check_limit_object_class(self.api.Backend.ldap2.schema.attribute_types(self.obj.disallow_object_classes), entry_attrs.keys(), allow_only=False)
try:
- self._exc_wrapper(keys, options, ldap.add_entry)(dn, entry_attrs)
+ self._exc_wrapper(keys, options, ldap.add_entry)(entry_attrs)
except errors.NotFound:
parent = self.obj.parent_object
if parent:
@@ -1078,25 +1079,23 @@ class LDAPCreate(BaseLDAPCommand, crud.Create):
object_class = self.obj.object_class
else:
object_class = None
- (dn, entry_attrs) = self._exc_wrapper(keys, options, ldap.find_entry_by_attr)(
+ entry_attrs = self._exc_wrapper(keys, options, ldap.find_entry_by_attr)(
self.obj.primary_key.name, keys[-1], object_class, attrs_list,
DN(self.obj.container_dn, api.env.basedn)
)
- assert isinstance(dn, DN)
else:
- (dn, entry_attrs) = self._exc_wrapper(keys, options, ldap.get_entry)(
- dn, attrs_list
- )
- assert isinstance(dn, DN)
+ entry_attrs = self._exc_wrapper(keys, options, ldap.get_entry)(
+ entry_attrs.dn, attrs_list)
except errors.NotFound:
self.obj.handle_not_found(*keys)
for callback in self.get_callbacks('post'):
- dn = callback(self, ldap, dn, entry_attrs, *keys, **options)
+ entry_attrs.dn = callback(
+ self, ldap, entry_attrs.dn, entry_attrs, *keys, **options)
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
- assert isinstance(dn, DN)
+ dn = entry_attrs.dn
entry_attrs = entry_to_dict(entry_attrs, **options)
entry_attrs['dn'] = dn
@@ -1204,23 +1203,23 @@ class LDAPRetrieve(LDAPQuery):
assert isinstance(dn, DN)
try:
- (dn, entry_attrs) = self._exc_wrapper(keys, options, ldap.get_entry)(
+ entry_attrs = self._exc_wrapper(keys, options, ldap.get_entry)(
dn, attrs_list
)
- assert isinstance(dn, DN)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if options.get('rights', False) and options.get('all', False):
- entry_attrs['attributelevelrights'] = get_effective_rights(ldap, dn)
+ entry_attrs['attributelevelrights'] = get_effective_rights(
+ ldap, entry_attrs.dn)
for callback in self.get_callbacks('post'):
- dn = callback(self, ldap, dn, entry_attrs, *keys, **options)
- assert isinstance(dn, DN)
+ entry_attrs.dn = callback(
+ self, ldap, entry_attrs.dn, entry_attrs, *keys, **options)
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
- assert isinstance(dn, DN)
+ dn = entry_attrs.dn
entry_attrs = entry_to_dict(entry_attrs, **options)
entry_attrs['dn'] = dn
@@ -1282,10 +1281,7 @@ class LDAPUpdate(LDAPQuery, crud.Update):
raise errors.EmptyModlist()
dn = self.obj.get_dn(*keys, **options)
- assert isinstance(dn, DN)
-
- entry_attrs = self.args_options_2_entry(**options)
- entry_attrs = ldap.make_entry(dn, entry_attrs)
+ entry_attrs = ldap.make_entry(dn, self.args_options_2_entry(**options))
self.process_attr_options(entry_attrs, dn, keys, options)
@@ -1302,9 +1298,9 @@ class LDAPUpdate(LDAPQuery, crud.Update):
_check_empty_attrs(self.obj.params, entry_attrs)
for callback in self.get_callbacks('pre'):
- dn = callback(
- self, ldap, dn, entry_attrs, attrs_list, *keys, **options)
- assert isinstance(dn, DN)
+ entry_attrs.dn = callback(
+ self, ldap, entry_attrs.dn, entry_attrs, attrs_list,
+ *keys, **options)
_check_limit_object_class(self.api.Backend.ldap2.schema.attribute_types(self.obj.limit_object_classes), entry_attrs.keys(), allow_only=True)
_check_limit_object_class(self.api.Backend.ldap2.schema.attribute_types(self.obj.disallow_object_classes), entry_attrs.keys(), allow_only=False)
@@ -1318,11 +1314,12 @@ class LDAPUpdate(LDAPQuery, crud.Update):
if self.obj.rdn_is_primary_key and self.obj.primary_key.name in entry_attrs:
# RDN change
- self._exc_wrapper(keys, options, ldap.update_entry_rdn)(dn,
- RDN((self.obj.primary_key.name, entry_attrs[self.obj.primary_key.name])))
+ self._exc_wrapper(keys, options, ldap.update_entry_rdn)(
+ entry_attrs.dn,
+ RDN((self.obj.primary_key.name,
+ entry_attrs[self.obj.primary_key.name])))
rdnkeys = keys[:-1] + (entry_attrs[self.obj.primary_key.name], )
- dn = self.obj.get_dn(*rdnkeys)
- assert isinstance(dn, DN)
+ entry_attrs.dn = self.obj.get_dn(*rdnkeys)
del entry_attrs[self.obj.primary_key.name]
options['rdnupdate'] = True
rdnupdate = True
@@ -1331,10 +1328,8 @@ class LDAPUpdate(LDAPQuery, crud.Update):
# to decide what to do. An EmptyModlist in this context doesn't
# mean an error occurred, just that there were no other updates to
# perform.
- assert isinstance(dn, DN)
-
update = self._exc_wrapper(keys, options, ldap.get_entry)(
- dn, entry_attrs.keys())
+ entry_attrs.dn, entry_attrs.keys())
update.update(entry_attrs)
self._exc_wrapper(keys, options, ldap.update_entry)(update)
@@ -1345,20 +1340,20 @@ class LDAPUpdate(LDAPQuery, crud.Update):
self.obj.handle_not_found(*keys)
try:
- (dn, entry_attrs) = self._exc_wrapper(keys, options, ldap.get_entry)(
- dn, attrs_list
- )
+ entry_attrs = self._exc_wrapper(keys, options, ldap.get_entry)(
+ entry_attrs.dn, attrs_list)
except errors.NotFound:
raise errors.MidairCollision(
format=_('the entry was deleted while being modified')
)
if options.get('rights', False) and options.get('all', False):
- entry_attrs['attributelevelrights'] = get_effective_rights(ldap, dn)
+ entry_attrs['attributelevelrights'] = get_effective_rights(
+ ldap, entry_attrs.dn)
for callback in self.get_callbacks('post'):
- dn = callback(self, ldap, dn, entry_attrs, *keys, **options)
- assert isinstance(dn, DN)
+ entry_attrs.dn = callback(
+ self, ldap, entry_attrs.dn, entry_attrs, *keys, **options)
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
@@ -1414,8 +1409,8 @@ class LDAPDelete(LDAPMultiQuery):
except errors.NotFound:
break
else:
- for (dn_, entry_attrs) in subentries:
- delete_subtree(dn_)
+ for entry_attrs in subentries:
+ delete_subtree(entry_attrs.dn)
try:
self._exc_wrapper(nkeys, options, ldap.delete_entry)(base_dn)
except errors.NotFound:
@@ -1577,21 +1572,20 @@ class LDAPAddMember(LDAPModMember):
attrs_list = list(attrs_list)
try:
- (dn, entry_attrs) = self._exc_wrapper(keys, options, ldap.get_entry)(
+ entry_attrs = self._exc_wrapper(keys, options, ldap.get_entry)(
dn, attrs_list
)
except errors.NotFound:
self.obj.handle_not_found(*keys)
for callback in self.get_callbacks('post'):
- (completed, dn) = callback(
- self, ldap, completed, failed, dn, entry_attrs, *keys,
- **options)
- assert isinstance(dn, DN)
+ (completed, entry_attrs.dn) = callback(
+ self, ldap, completed, failed, entry_attrs.dn, entry_attrs,
+ *keys, **options)
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
- assert isinstance(dn, DN)
+ dn = entry_attrs.dn
entry_attrs = entry_to_dict(entry_attrs, **options)
entry_attrs['dn'] = dn
@@ -1680,21 +1674,20 @@ class LDAPRemoveMember(LDAPModMember):
time.sleep(.3)
try:
- (dn, entry_attrs) = self._exc_wrapper(keys, options, ldap.get_entry)(
+ entry_attrs = self._exc_wrapper(keys, options, ldap.get_entry)(
dn, attrs_list
)
except errors.NotFound:
self.obj.handle_not_found(*keys)
for callback in self.get_callbacks('post'):
- (completed, dn) = callback(
- self, ldap, completed, failed, dn, entry_attrs, *keys,
- **options)
- assert isinstance(dn, DN)
+ (completed, entry_attrs.dn) = callback(
+ self, ldap, completed, failed, entry_attrs.dn, entry_attrs,
+ *keys, **options)
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
- assert isinstance(dn, DN)
+ dn = entry_attrs.dn
entry_attrs = entry_to_dict(entry_attrs, **options)
entry_attrs['dn'] = dn
@@ -1857,7 +1850,7 @@ class LDAPSearch(BaseLDAPCommand, crud.Search):
else:
search_attrs = self.obj.default_attributes
if self.obj.search_attributes_config:
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
config_attrs = config.get(
self.obj.search_attributes_config, [])
if len(config_attrs) == 1 and (
@@ -1899,12 +1892,12 @@ class LDAPSearch(BaseLDAPCommand, crud.Search):
if self.sort_result_entries:
if self.obj.primary_key:
def sort_key(x):
- return x[1][self.obj.primary_key.name][0].lower()
+ return x[self.obj.primary_key.name][0].lower()
entries.sort(key=sort_key)
if not options.get('raw', False):
for e in entries:
- self.obj.convert_attribute_members(e[1], *args, **options)
+ self.obj.convert_attribute_members(e, *args, **options)
for (i, e) in enumerate(entries):
entries[i] = entry_to_dict(e, **options)
@@ -2036,16 +2029,15 @@ class LDAPAddReverseMember(LDAPModReverseMember):
failed['member'][self.reverse_attr].append((attr, unicode(msg)))
# Update the member data.
- (dn, entry_attrs) = ldap.get_entry(dn, ['*'])
+ entry_attrs = ldap.get_entry(dn, ['*'])
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
for callback in self.get_callbacks('post'):
- (completed, dn) = callback(
- self, ldap, completed, failed, dn, entry_attrs, *keys,
- **options)
- assert isinstance(dn, DN)
+ (completed, entry_attrs.dn) = callback(
+ self, ldap, completed, failed, entry_attrs.dn, entry_attrs,
+ *keys, **options)
- assert isinstance(dn, DN)
+ dn = entry_attrs.dn
entry_attrs = entry_to_dict(entry_attrs, **options)
entry_attrs['dn'] = dn
@@ -2141,16 +2133,15 @@ class LDAPRemoveReverseMember(LDAPModReverseMember):
failed['member'][self.reverse_attr].append((attr, unicode(msg)))
# Update the member data.
- (dn, entry_attrs) = ldap.get_entry(dn, ['*'])
+ entry_attrs = ldap.get_entry(dn, ['*'])
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
for callback in self.get_callbacks('post'):
- (completed, dn) = callback(
- self, ldap, completed, failed, dn, entry_attrs, *keys,
- **options)
- assert isinstance(dn, DN)
+ (completed, entry_attrs.dn) = callback(
+ self, ldap, completed, failed, entry_attrs.dn, entry_attrs,
+ *keys, **options)
- assert isinstance(dn, DN)
+ dn = entry_attrs.dn
entry_attrs = entry_to_dict(entry_attrs, **options)
entry_attrs['dn'] = dn
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index e38254cd3..05369be4e 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -232,7 +232,7 @@ class config_mod(LDAPUpdate):
if kw:
config = ldap.get_ipa_config(kw.values())
for (k, v) in kw.iteritems():
- allowed_attrs = ldap.get_allowed_attributes(config[1][v])
+ allowed_attrs = ldap.get_allowed_attributes(config[v])
fields = entry_attrs[k].split(',')
for a in fields:
a = a.strip()
@@ -285,7 +285,7 @@ class config_mod(LDAPUpdate):
error=error_message)
else:
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
defaultuser = config.get('ipaselinuxusermapdefault', [None])[0]
if 'ipaselinuxusermaporder' in entry_attrs:
@@ -307,7 +307,7 @@ class config_mod(LDAPUpdate):
error=error_message)
else:
if not config:
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
order = config['ipaselinuxusermaporder']
userlist = order[0].split('$')
if defaultuser and defaultuser not in userlist:
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 7538d282d..57322e9bb 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -1716,7 +1716,7 @@ class dnszone(LDAPObject):
test_dn = super(dnszone, self).get_dn(zone, **options)
try:
- (dn, entry_attrs) = self.backend.get_entry(test_dn, [''])
+ dn = self.backend.get_entry(test_dn, ['']).dn
except errors.NotFound:
pass
@@ -1982,9 +1982,12 @@ class dnszone_disable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(*keys, **options)
+ entry = ldap.get_entry(dn, ['idnszoneactive'])
+
+ entry['idnszoneactive'] = ['FALSE']
try:
- ldap.update_entry(dn, {'idnszoneactive': 'FALSE'})
+ ldap.update_entry(entry)
except errors.EmptyModlist:
pass
@@ -2003,9 +2006,12 @@ class dnszone_enable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(*keys, **options)
+ entry = ldap.get_entry(dn, ['idnszoneactive'])
+
+ entry['idnszoneactive'] = ['TRUE']
try:
- ldap.update_entry(dn, {'idnszoneactive': 'TRUE'})
+ ldap.update_entry(entry)
except errors.EmptyModlist:
pass
@@ -2024,7 +2030,7 @@ class dnszone_add_permission(LDAPQuery):
dn = self.obj.get_dn(*keys, **options)
try:
- (dn_, entry_attrs) = ldap.get_entry(dn, ['objectclass'])
+ entry_attrs = ldap.get_entry(dn, ['objectclass'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -2033,14 +2039,16 @@ class dnszone_add_permission(LDAPQuery):
ipapermissiontype=u'SYSTEM'
)['result']
- update = {}
dnszone_ocs = entry_attrs.get('objectclass')
if dnszone_ocs:
- dnszone_ocs.append('ipadnszone')
- update['objectclass'] = list(set(dnszone_ocs))
+ for oc in dnszone_ocs:
+ if oc.lower() == 'ipadnszone':
+ break
+ else:
+ dnszone_ocs.append('ipadnszone')
- update['managedby'] = [permission['dn']]
- ldap.update_entry(dn, update)
+ entry_attrs['managedby'] = [permission['dn']]
+ ldap.update_entry(entry_attrs)
return dict(
result=True,
@@ -2058,11 +2066,15 @@ class dnszone_remove_permission(LDAPQuery):
def execute(self, *keys, **options):
ldap = self.obj.backend
dn = self.obj.get_dn(*keys, **options)
-
try:
- ldap.update_entry(dn, {'managedby': None})
+ entry = ldap.get_entry(dn, ['managedby'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
+
+ entry['managedby'] = None
+
+ try:
+ ldap.update_entry(entry)
except errors.EmptyModlist:
# managedBy attribute is clean, lets make sure there is also no
# dangling DNS zone permission
@@ -2177,7 +2189,7 @@ class dnsrecord(LDAPObject):
# zone must exist
ldap = self.api.Backend.ldap2
try:
- (dn_, zone) = ldap.get_entry(dn, [])
+ ldap.get_entry(dn, [])
except errors.NotFound:
self.api.Object['dnszone'].handle_not_found(keys[-2])
return self.api.Object[self.parent_object].get_dn(*keys[:-1], **options)
@@ -2200,10 +2212,8 @@ class dnsrecord(LDAPObject):
entries = ldap.find_entries(filter=ldap_filter, base_dn=base_dn)[0]
for entry in entries:
- master_dn = entry[0]
- assert isinstance(master_dn, DN)
try:
- master = master_dn[1]['cn']
+ master = entry.dn[1]['cn']
dns_masters.append(master)
except (IndexError, KeyError):
pass
@@ -2227,8 +2237,11 @@ class dnsrecord(LDAPObject):
raise errors.OptionError(no_option_msg)
def get_record_entry_attrs(self, entry_attrs):
- return dict((attr, val) for attr,val in entry_attrs.iteritems() \
- if attr in self.params and not self.params[attr].primary_key)
+ entry_attrs = entry_attrs.copy()
+ for attr in entry_attrs.keys():
+ if attr not in self.params or self.params[attr].primary_key:
+ del entry_attrs[attr]
+ return entry_attrs
def postprocess_record(self, record, **options):
if options.get('structured', False):
@@ -2498,7 +2511,7 @@ class dnsrecord_add(LDAPCreate):
# We always want to retrieve all DNS record attributes to test for
# record type collisions (#2601)
try:
- (dn_, old_entry) = ldap.get_entry(dn, _record_attributes)
+ old_entry = ldap.get_entry(dn, _record_attributes)
except errors.NotFound:
old_entry = None
else:
@@ -2523,9 +2536,10 @@ class dnsrecord_add(LDAPCreate):
# Update can be safely run as old record values has been
# already merged in pre_callback
ldap = self.obj.backend
- dn = call_args[0]
- entry_attrs = self.obj.get_record_entry_attrs(call_args[1])
- ldap.update_entry(dn, entry_attrs, **call_kwargs)
+ entry_attrs = self.obj.get_record_entry_attrs(call_args[0])
+ update = ldap.get_entry(entry_attrs.dn, entry_attrs.keys())
+ update.update(entry_attrs)
+ ldap.update_entry(update, **call_kwargs)
return
raise exc
@@ -2592,7 +2606,7 @@ class dnsrecord_mod(LDAPUpdate):
# current entry is needed in case of per-dns-record-part updates and
# for record type collision check
try:
- (dn_, old_entry) = ldap.get_entry(dn, _record_attributes)
+ old_entry = ldap.get_entry(dn, _record_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -2627,7 +2641,7 @@ class dnsrecord_mod(LDAPUpdate):
keys = keys[:-1] + (rename,)
dn = self.obj.get_dn(*keys, **options)
ldap = self.obj.backend
- (dn_, old_entry) = ldap.get_entry(dn, _record_attributes)
+ old_entry = ldap.get_entry(dn, _record_attributes)
del_all = True
for attr in old_entry.keys():
@@ -2744,7 +2758,7 @@ class dnsrecord_del(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
try:
- (dn_, old_entry) = ldap.get_entry(dn, _record_attributes)
+ old_entry = ldap.get_entry(dn, _record_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -2910,10 +2924,10 @@ class dnsrecord_find(LDAPSearch):
if entries:
zone_obj = self.api.Object[self.obj.parent_object]
zone_dn = zone_obj.get_dn(args[0])
- if entries[0][0] == zone_dn:
- entries[0][1][zone_obj.primary_key.name] = [_dns_zone_record]
+ if entries[0].dn == zone_dn:
+ entries[0][zone_obj.primary_key.name] = [_dns_zone_record]
for entry in entries:
- self.obj.postprocess_record(entry[1], **options)
+ self.obj.postprocess_record(entry, **options)
return truncated
@@ -3016,7 +3030,7 @@ class dnsconfig(LDAPObject):
return DN(api.env.container_dns, api.env.basedn)
def get_dnsconfig(self, ldap):
- (dn, entry) = ldap.get_entry(self.get_dn(), None)
+ entry = ldap.get_entry(self.get_dn(), None)
return entry
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py
index dac55003e..93b0410fd 100644
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -217,7 +217,7 @@ class group_del(LDAPDelete):
def pre_callback(self, ldap, dn, *keys, **options):
assert isinstance(dn, DN)
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
def_primary_group = config.get('ipadefaultprimarygroup', '')
def_primary_group_dn = group_dn = self.obj.get_dn(def_primary_group)
if dn == def_primary_group_dn:
@@ -272,7 +272,8 @@ class group_mod(LDAPUpdate):
reason=u'Cannot be renamed')
if ('posix' in options and options['posix']) or 'gidnumber' in options:
- (dn, old_entry_attrs) = ldap.get_entry(dn, ['objectclass'])
+ old_entry_attrs = ldap.get_entry(dn, ['objectclass'])
+ dn = old_entry_attrs.dn
if 'ipaexternalgroup' in old_entry_attrs['objectclass']:
raise errors.ExternalGroupViolation()
if 'posixgroup' in old_entry_attrs['objectclass']:
@@ -288,7 +289,8 @@ class group_mod(LDAPUpdate):
if is_protected_group:
raise errors.ProtectedEntryError(label=u'group', key=keys[-1],
reason=u'Cannot support external non-IPA members')
- (dn, old_entry_attrs) = ldap.get_entry(dn, ['objectclass'])
+ old_entry_attrs = ldap.get_entry(dn, ['objectclass'])
+ dn = old_entry_attrs.dn
if 'posixgroup' in old_entry_attrs['objectclass']:
raise errors.PosixGroupViolation()
if 'ipaexternalgroup' in old_entry_attrs['objectclass']:
@@ -367,7 +369,7 @@ class group_find(LDAPSearch):
# filter based on 'criteria' argument
search_kw = {}
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
attrs = config.get(self.obj.search_attributes_config, [])
if len(attrs) == 1 and isinstance(attrs[0], basestring):
search_attrs = attrs[0].split(',')
@@ -520,7 +522,7 @@ class group_detach(LDAPQuery):
user_dn = self.api.Object['user'].get_dn(*keys)
try:
- (user_dn, user_attrs) = ldap.get_entry(user_dn)
+ user_attrs = ldap.get_entry(user_dn)
except errors.NotFound:
self.obj.handle_not_found(*keys)
is_managed = self.obj.has_objectclass(user_attrs['objectclass'], 'mepmanagedentry')
@@ -528,7 +530,7 @@ class group_detach(LDAPQuery):
not (ldap.can_write(user_dn, "mepManagedEntry")) and is_managed):
raise errors.ACIError(info=_('not allowed to modify user entries'))
- (group_dn, group_attrs) = ldap.get_entry(group_dn)
+ group_attrs = ldap.get_entry(group_dn)
is_managed = self.obj.has_objectclass(group_attrs['objectclass'], 'mepmanagedby')
if (not ldap.can_write(group_dn, "objectclass") or
not (ldap.can_write(group_dn, "mepManagedBy")) and is_managed):
@@ -538,14 +540,14 @@ class group_detach(LDAPQuery):
try:
i = objectclasses.index('mepOriginEntry')
del objectclasses[i]
- update_attrs = {'objectclass': objectclasses, 'mepManagedEntry': None}
- ldap.update_entry(user_dn, update_attrs)
+ user_attrs['mepManagedEntry'] = None
+ ldap.update_entry(user_attrs)
except ValueError:
# Somehow the user isn't managed, let it pass for now. We'll
# let the group throw "Not managed".
pass
- (group_dn, group_attrs) = ldap.get_entry(group_dn)
+ group_attrs = ldap.get_entry(group_dn)
objectclasses = group_attrs['objectclass']
try:
i = objectclasses.index('mepManagedEntry')
@@ -555,14 +557,14 @@ class group_detach(LDAPQuery):
del objectclasses[i]
# Make sure the resulting group has the default group objectclasses
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
def_objectclass = config.get(
self.obj.object_class_config, objectclasses
)
objectclasses = list(set(def_objectclass + objectclasses))
- update_attrs = {'objectclass': objectclasses, 'mepManagedBy': None}
- ldap.update_entry(group_dn, update_attrs)
+ group_attrs['mepManagedBy'] = None
+ ldap.update_entry(group_attrs)
return dict(
result=True,
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py
index 5cc8bc1a3..0f0fef002 100644
--- a/ipalib/plugins/hbacrule.py
+++ b/ipalib/plugins/hbacrule.py
@@ -253,7 +253,8 @@ class hbacrule_mod(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
try:
- (dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
+ entry_attrs = ldap.get_entry(dn, attrs_list)
+ dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -294,14 +295,17 @@ class hbacrule_enable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(cn)
- entry_attrs = {'ipaenabledflag': 'TRUE'}
+ try:
+ entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
+ except errors.NotFound:
+ self.obj.handle_not_found(cn)
+
+ entry_attrs['ipaenabledflag'] = ['TRUE']
try:
- ldap.update_entry(dn, entry_attrs)
+ ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
pass
- except errors.NotFound:
- self.obj.handle_not_found(cn)
return dict(
result=True,
@@ -321,14 +325,17 @@ class hbacrule_disable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(cn)
- entry_attrs = {'ipaenabledflag': 'FALSE'}
+ try:
+ entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
+ except errors.NotFound:
+ self.obj.handle_not_found(cn)
+
+ entry_attrs['ipaenabledflag'] = ['FALSE']
try:
- ldap.update_entry(dn, entry_attrs)
+ ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
pass
- except errors.NotFound:
- self.obj.handle_not_found(cn)
return dict(
result=True,
@@ -355,12 +362,12 @@ class hbacrule_add_accesstime(LDAPQuery):
dn = self.obj.get_dn(cn)
- (dn, entry_attrs) = ldap.get_entry(dn, ['accesstime'])
+ entry_attrs = ldap.get_entry(dn, ['accesstime'])
entry_attrs.setdefault('accesstime', []).append(
options['accesstime']
)
try:
- ldap.update_entry(dn, entry_attrs)
+ ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
pass
except errors.NotFound:
@@ -395,12 +402,12 @@ class hbacrule_remove_accesstime(LDAPQuery):
dn = self.obj.get_dn(cn)
- (dn, entry_attrs) = ldap.get_entry(dn, ['accesstime'])
+ entry_attrs = ldap.get_entry(dn, ['accesstime'])
try:
entry_attrs.setdefault('accesstime', []).remove(
options['accesstime']
)
- ldap.update_entry(dn, entry_attrs)
+ ldap.update_entry(entry_attrs)
except (ValueError, errors.EmptyModlist):
pass
except errors.NotFound:
@@ -428,7 +435,8 @@ class hbacrule_add_user(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
- (dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
+ entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
+ dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
if 'usercategory' in entry_attrs and \
@@ -458,7 +466,8 @@ class hbacrule_add_host(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
- (dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
+ entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
+ dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
if 'hostcategory' in entry_attrs and \
@@ -512,7 +521,8 @@ class hbacrule_add_service(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
- (dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
+ entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
+ dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
if 'servicecategory' in entry_attrs and \
diff --git a/ipalib/plugins/hbactest.py b/ipalib/plugins/hbactest.py
index cc18890ce..6fbf1fbe2 100644
--- a/ipalib/plugins/hbactest.py
+++ b/ipalib/plugins/hbactest.py
@@ -405,7 +405,7 @@ class hbactest(Command):
request.user.groups = []
else:
groups = []
- for dn, entry in entries:
+ for entry in entries:
memberof_dns = entry.get('memberof', [])
for memberof_dn in memberof_dns:
if memberof_dn.endswith(group_container):
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 27b692a9e..039764928 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -340,9 +340,10 @@ class host(LDAPObject):
self.backend.get_entry(dn, [''])
except errors.NotFound:
try:
- (dn, entry_attrs) = self.backend.find_entry_by_attr(
+ entry_attrs = self.backend.find_entry_by_attr(
'serverhostname', hostname, self.object_class, [''],
DN(self.container_dn, api.env.basedn))
+ dn = entry_attrs.dn
except errors.NotFound:
pass
return dn
@@ -359,7 +360,7 @@ class host(LDAPObject):
filter=host_filter, attrs_list=host_attrs)
for host in hosts:
- managed_hosts.append(host[0])
+ managed_hosts.append(host.dn)
except errors.NotFound:
return []
@@ -581,7 +582,7 @@ class host_del(LDAPDelete):
if self.api.env.enable_ra:
try:
- (dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate'])
+ entry_attrs = ldap.get_entry(dn, ['usercertificate'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
cert = entry_attrs.single_value.get('usercertificate')
@@ -651,7 +652,7 @@ class host_mod(LDAPUpdate):
if 'locality' in entry_attrs:
entry_attrs['l'] = entry_attrs['locality']
if 'krbprincipalname' in entry_attrs:
- (dn, entry_attrs_old) = ldap.get_entry(
+ entry_attrs_old = ldap.get_entry(
dn, ['objectclass', 'krbprincipalname']
)
if 'krbprincipalname' in entry_attrs_old:
@@ -665,7 +666,7 @@ class host_mod(LDAPUpdate):
if cert:
if self.api.env.enable_ra:
x509.verify_cert_subject(ldap, keys[-1], cert)
- (dn, entry_attrs_old) = ldap.get_entry(dn, ['usercertificate'])
+ entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
oldcert = entry_attrs_old.single_value.get('usercertificate')
if oldcert:
oldcert = x509.normalize_certificate(oldcert)
@@ -703,9 +704,7 @@ class host_mod(LDAPUpdate):
if 'objectclass' in entry_attrs:
obj_classes = entry_attrs['objectclass']
else:
- (_dn, _entry_attrs) = ldap.get_entry(
- dn, ['objectclass']
- )
+ _entry_attrs = ldap.get_entry(dn, ['objectclass'])
obj_classes = _entry_attrs['objectclass']
if 'ieee802device' not in obj_classes:
obj_classes.append('ieee802device')
@@ -725,7 +724,7 @@ class host_mod(LDAPUpdate):
if 'objectclass' in entry_attrs:
obj_classes = entry_attrs['objectclass']
else:
- (_dn, _entry_attrs) = ldap.get_entry(dn, ['objectclass'])
+ _entry_attrs = ldap.get_entry(dn, ['objectclass'])
obj_classes = entry_attrs['objectclass'] = _entry_attrs['objectclass']
if 'ipasshhost' not in obj_classes:
obj_classes.append('ipasshhost')
@@ -792,7 +791,7 @@ class host_find(LDAPSearch):
for pkey in options.get('man_host', []):
dn = self.obj.get_dn(pkey)
try:
- (dn, entry_attrs) = ldap.get_entry(dn, ['managedby'])
+ entry_attrs = ldap.get_entry(dn, ['managedby'])
except errors.NotFound:
self.obj.handle_not_found(pkey)
hosts.append(set(entry_attrs.get('managedby', '')))
@@ -809,7 +808,7 @@ class host_find(LDAPSearch):
for pkey in options.get('not_man_host', []):
dn = self.obj.get_dn(pkey)
try:
- (dn, entry_attrs) = ldap.get_entry(dn, ['managedby'])
+ entry_attrs = ldap.get_entry(dn, ['managedby'])
except errors.NotFound:
self.obj.handle_not_found(pkey)
not_hosts += entry_attrs.get('managedby', [])
@@ -830,11 +829,10 @@ class host_find(LDAPSearch):
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return truncated
- for entry in entries:
- (dn, entry_attrs) = entry
+ for entry_attrs in entries:
set_certificate_attrs(entry_attrs)
set_kerberos_attrs(entry_attrs, options)
- self.obj.get_password_attributes(ldap, dn, entry_attrs)
+ self.obj.get_password_attributes(ldap, entry_attrs.dn, entry_attrs)
self.obj.suppress_netgroup_memberof(ldap, entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
@@ -842,9 +840,9 @@ class host_find(LDAPSearch):
entry_attrs['has_keytab'] = False
if options.get('all', False):
- entry_attrs['managing'] = self.obj.get_managed_hosts(entry[0])
+ entry_attrs['managing'] = self.obj.get_managed_hosts(entry_attrs.dn)
- convert_sshpubkey_post(ldap, dn, entry_attrs)
+ convert_sshpubkey_post(ldap, entry_attrs.dn, entry_attrs)
return truncated
@@ -941,7 +939,7 @@ class host_disable(LDAPQuery):
dn = self.obj.get_dn(*keys, **options)
try:
- (dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate'])
+ entry_attrs = ldap.get_entry(dn, ['usercertificate'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
cert = entry_attrs.single_value.get('usercertificate')
@@ -972,7 +970,8 @@ class host_disable(LDAPQuery):
raise nsprerr
# Remove the usercertificate altogether
- ldap.update_entry(dn, {'usercertificate': None})
+ entry_attrs['usercertificate'] = None
+ ldap.update_entry(entry_attrs)
done_work = True
self.obj.get_password_attributes(ldap, dn, entry_attrs)
diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py
index 8a4957309..4b8702b09 100644
--- a/ipalib/plugins/hostgroup.py
+++ b/ipalib/plugins/hostgroup.py
@@ -188,8 +188,7 @@ class hostgroup_find(LDAPSearch):
if options.get('pkey_only', False):
return truncated
for entry in entries:
- (dn, entry_attrs) = entry
- self.obj.suppress_netgroup_memberof(ldap, dn, entry_attrs)
+ self.obj.suppress_netgroup_memberof(ldap, entry.dn, entry)
return truncated
api.register(hostgroup_find)
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index cf74a75ff..3a92d9898 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -551,9 +551,9 @@ class idrange_del(LDAPDelete):
def pre_callback(self, ldap, dn, *keys, **options):
try:
- (old_dn, old_attrs) = ldap.get_entry(dn, ['ipabaseid',
- 'ipaidrangesize',
- 'ipanttrusteddomainsid'])
+ old_attrs = ldap.get_entry(dn, ['ipabaseid',
+ 'ipaidrangesize',
+ 'ipanttrusteddomainsid'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -595,7 +595,7 @@ class idrange_find(LDAPSearch):
return (filters, base_dn, ldap.SCOPE_ONELEVEL)
def post_callback(self, ldap, entries, truncated, *args, **options):
- for dn, entry in entries:
+ for entry in entries:
self.obj.handle_iparangetype(entry, options)
return truncated
@@ -629,7 +629,7 @@ class idrange_mod(LDAPUpdate):
attrs_list.append('objectclass')
try:
- (old_dn, old_attrs) = ldap.get_entry(dn, ['*'])
+ old_attrs = ldap.get_entry(dn, ['*'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
diff --git a/ipalib/plugins/krbtpolicy.py b/ipalib/plugins/krbtpolicy.py
index a383d6845..a05583dfb 100644
--- a/ipalib/plugins/krbtpolicy.py
+++ b/ipalib/plugins/krbtpolicy.py
@@ -166,15 +166,17 @@ class krbtpolicy_reset(LDAPQuery):
else:
def_values = _default_values
+ entry = ldap.get_entry(dn, def_values.keys())
+ entry.update(def_values)
try:
- ldap.update_entry(dn, def_values)
+ ldap.update_entry(entry)
except errors.EmptyModlist:
pass
if keys[-1] is not None:
# policy for user was deleted, retrieve global policy
dn = self.obj.get_dn(None)
- (dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
+ entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
entry_attrs = entry_to_dict(entry_attrs, **options)
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index a89e944c9..772bba279 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -158,7 +158,7 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs
% (entry_attrs['gidnumber'][0], pkey))
elif entry_attrs['gidnumber'][0] not in valid_gids:
try:
- (remote_dn, remote_entry) = ds_ldap.find_entry_by_attr(
+ remote_entry = ds_ldap.find_entry_by_attr(
'gidnumber', entry_attrs['gidnumber'][0], 'posixgroup',
[''], search_bases['group']
)
@@ -238,7 +238,7 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs
pkey, value, type(value), attr, e)
continue
try:
- (remote_dn, remote_entry) = ds_ldap.get_entry(value, [api.Object.user.primary_key.name, api.Object.group.primary_key.name])
+ remote_entry = ds_ldap.get_entry(value, [api.Object.user.primary_key.name, api.Object.group.primary_key.name])
except errors.NotFound:
api.log.warn('%s: attribute %s refers to non-existent entry %s' % (pkey, attr, value))
continue
@@ -270,9 +270,10 @@ def _post_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx):
if 'description' in entry_attrs and NO_UPG_MAGIC in entry_attrs['description']:
entry_attrs['description'].remove(NO_UPG_MAGIC)
- update_attrs = dict(description = entry_attrs['description'])
try:
- ldap.update_entry(dn, update_attrs)
+ update_attrs = ldap.get_entry(dn, ['description'])
+ update_attrs['description'] = entry_attrs['description']
+ ldap.update_entry(update_attrs)
except (errors.EmptyModlist, errors.NotFound):
pass
@@ -292,17 +293,17 @@ def _update_default_group(ldap, pkey, config, ctx, force):
except errors.NotFound:
return
new_members = []
- (group_dn, group_entry_attrs) = ldap.get_entry(group_dn, ['member'])
+ group_entry_attrs = ldap.get_entry(group_dn, ['member'])
for m in result:
- if m[0] not in group_entry_attrs.get('member', []):
- new_members.append(m[0])
+ if m.dn not in group_entry_attrs.get('member', []):
+ new_members.append(m.dn)
if len(new_members) > 0:
members = group_entry_attrs.get('member', [])
members.extend(new_members)
group_entry_attrs['member'] = members
try:
- ldap.update_entry(group_dn, group_entry_attrs)
+ ldap.update_entry(group_entry_attrs)
except errors.EmptyModlist:
pass
@@ -406,8 +407,9 @@ def _group_exc_callback(ldap, dn, entry_attrs, exc, options):
if options.get('groupoverwritegid', False) and \
entry_attrs.get('gidnumber') is not None:
try:
- new_entry_attrs = {'gidnumber':entry_attrs['gidnumber']}
- ldap.update_entry(dn, new_entry_attrs)
+ new_entry_attrs = ldap.get_entry(dn, ['gidnumber'])
+ new_entry_attrs['gidnumber'] = entry_attrs['gidnumber']
+ ldap.update_entry(new_entry_attrs)
except errors.EmptyModlist:
# no change to the GID
pass
@@ -747,7 +749,7 @@ can use their Kerberos accounts.''')
def_group = config.get('ipadefaultprimarygroup')
context['def_group_dn'] = api.Object.group.get_dn(def_group)
try:
- (g_dn, g_attrs) = ldap.get_entry(context['def_group_dn'], ['gidnumber', 'cn'])
+ g_attrs = ldap.get_entry(context['def_group_dn'], ['gidnumber', 'cn'])
except errors.NotFound:
error_msg = _('Default group for new users not found')
raise errors.NotFound(reason=error_msg)
@@ -760,20 +762,11 @@ can use their Kerberos accounts.''')
invalid_gids = []
migrate_cnt = 0
context['migrate_cnt'] = 0
- for (dn, entry_attrs) in entries:
+ for entry_attrs in entries:
context['migrate_cnt'] = migrate_cnt
s = datetime.datetime.now()
- if dn is None: # LDAP search reference
- failed[ldap_obj_name][entry_attrs[0]] = unicode(_ref_err_msg)
- continue
- try:
- dn = DN(dn)
- except ValueError:
- failed[ldap_obj_name][dn] = unicode(_dn_err_msg)
- continue
-
- ava = dn[0][0]
+ ava = entry_attrs.dn[0][0]
if ava.attr == ldap_obj.primary_key.name:
# In case if pkey attribute is in the migrated object DN
# and the original LDAP is multivalued, make sure that
@@ -785,8 +778,7 @@ can use their Kerberos accounts.''')
if pkey in exclude:
continue
- dn = ldap_obj.get_dn(pkey)
- assert isinstance(dn, DN)
+ entry_attrs.dn = ldap_obj.get_dn(pkey)
entry_attrs['objectclass'] = list(
set(
config.get(
@@ -799,28 +791,29 @@ can use their Kerberos accounts.''')
callback = self.migrate_objects[ldap_obj_name]['pre_callback']
if callable(callback):
try:
- dn = callback(
- ldap, pkey, dn, entry_attrs, failed[ldap_obj_name],
- config, context, schema = options['schema'],
- search_bases = search_bases,
- valid_gids = valid_gids,
- invalid_gids = invalid_gids,
+ entry_attrs.dn = callback(
+ ldap, pkey, entry_attrs.dn, entry_attrs,
+ failed[ldap_obj_name], config, context,
+ schema=options['schema'],
+ search_bases=search_bases,
+ valid_gids=valid_gids,
+ invalid_gids=invalid_gids,
**blacklists
)
- assert isinstance(dn, DN)
- if not dn:
+ if not entry_attrs.dn:
continue
except errors.NotFound, e:
failed[ldap_obj_name][pkey] = unicode(e.reason)
continue
try:
- ldap.add_entry(dn, entry_attrs)
+ ldap.add_entry(entry_attrs)
except errors.ExecutionError, e:
callback = self.migrate_objects[ldap_obj_name]['exc_callback']
if callable(callback):
try:
- callback(ldap, dn, entry_attrs, e, options)
+ callback(
+ ldap, entry_attrs.dn, entry_attrs, e, options)
except errors.ExecutionError, e:
failed[ldap_obj_name][pkey] = unicode(e)
continue
@@ -833,9 +826,8 @@ can use their Kerberos accounts.''')
callback = self.migrate_objects[ldap_obj_name]['post_callback']
if callable(callback):
callback(
- ldap, pkey, dn, entry_attrs, failed[ldap_obj_name],
- config, context,
- )
+ ldap, pkey, entry_attrs.dn, entry_attrs,
+ failed[ldap_obj_name], config, context)
e = datetime.datetime.now()
d = e - s
total_dur = e - migration_start
@@ -851,7 +843,7 @@ can use their Kerberos accounts.''')
def execute(self, ldapuri, bindpw, **options):
ldap = self.api.Backend.ldap2
self.normalize_options(options)
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
ds_base_dn = options.get('basedn')
if ds_base_dn is not None:
@@ -881,8 +873,7 @@ can use their Kerberos accounts.''')
#check whether the compat plugin is enabled
if not options.get('compat'):
try:
- (dn,check_compat) = ldap.get_entry(_compat_dn)
- assert isinstance(dn, DN)
+ check_compat = ldap.get_entry(_compat_dn)
if check_compat is not None and \
check_compat.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
return dict(result={}, failed={}, enabled=True, compat=False)
@@ -895,12 +886,12 @@ can use their Kerberos accounts.''')
'', ['namingcontexts', 'defaultnamingcontext'], DN(''),
ds_ldap.SCOPE_BASE, size_limit=-1, time_limit=0,
)
- if 'defaultnamingcontext' in entries[0][1]:
- ds_base_dn = DN(entries[0][1]['defaultnamingcontext'][0])
+ if 'defaultnamingcontext' in entries[0]:
+ ds_base_dn = DN(entries[0]['defaultnamingcontext'][0])
assert isinstance(ds_base_dn, DN)
else:
try:
- ds_base_dn = DN(entries[0][1]['namingcontexts'][0])
+ ds_base_dn = DN(entries[0]['namingcontexts'][0])
assert isinstance(ds_base_dn, DN)
except (IndexError, KeyError), e:
raise StandardError(str(e))
diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py
index 84bc74981..e454b9aa3 100644
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@@ -167,7 +167,7 @@ class netgroup_add(LDAPCreate):
try:
test_dn = self.obj.get_dn(keys[-1])
- (test_dn_, netgroup) = ldap.get_entry(test_dn, ['objectclass'])
+ netgroup = ldap.get_entry(test_dn, ['objectclass'])
if 'mepManagedEntry' in netgroup.get('objectclass', []):
raise errors.DuplicateEntry(message=unicode(self.msg_collision % keys[-1]))
else:
@@ -206,7 +206,8 @@ class netgroup_mod(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
try:
- (dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
+ entry_attrs = ldap.get_entry(dn, attrs_list)
+ dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(options, 'usercategory') and 'memberuser' in entry_attrs:
diff --git a/ipalib/plugins/passwd.py b/ipalib/plugins/passwd.py
index 280517cd9..2581a46ee 100644
--- a/ipalib/plugins/passwd.py
+++ b/ipalib/plugins/passwd.py
@@ -103,7 +103,7 @@ class passwd(Command):
"""
ldap = self.api.Backend.ldap2
- (dn, entry_attrs) = ldap.find_entry_by_attr(
+ entry_attrs = ldap.find_entry_by_attr(
'krbprincipalname', principal, 'posixaccount', [''],
DN(api.env.container_user, api.env.basedn)
)
@@ -115,9 +115,9 @@ class passwd(Command):
raise errors.ACIError(info=_('Invalid credentials'))
if current_password == MAGIC_VALUE:
- ldap.modify_password(dn, password)
+ ldap.modify_password(entry_attrs.dn, password)
else:
- ldap.modify_password(dn, password, current_password)
+ ldap.modify_password(entry_attrs.dn, password, current_password)
return dict(
result=True,
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 16d5fc9cf..66aab459e 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -875,7 +875,7 @@ class permission_find(baseldap.LDAPSearch):
if 'sizelimit' in options:
max_entries = options['sizelimit']
else:
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
max_entries = int(config.single_value['ipasearchrecordslimit'])
filters = ['(objectclass=ipaPermission)',
diff --git a/ipalib/plugins/pkinit.py b/ipalib/plugins/pkinit.py
index 981e411df..30c9120e8 100644
--- a/ipalib/plugins/pkinit.py
+++ b/ipalib/plugins/pkinit.py
@@ -79,7 +79,7 @@ class pkinit_anonymous(Command):
set_lock = False
lock = None
- (dn, entry_attrs) = ldap.get_entry(self.default_dn, ['nsaccountlock'])
+ entry_attrs = ldap.get_entry(self.default_dn, ['nsaccountlock'])
if 'nsaccountlock' in entry_attrs:
lock = entry_attrs['nsaccountlock'][0].lower()
@@ -94,7 +94,8 @@ class pkinit_anonymous(Command):
lock = 'TRUE'
if set_lock:
- ldap.update_entry(dn, {'nsaccountlock':lock})
+ entry_attrs['nsaccountlock'] = lock
+ ldap.update_entry(entry_attrs)
return dict(result=True)
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py
index da24f7c49..46e839a70 100644
--- a/ipalib/plugins/pwpolicy.py
+++ b/ipalib/plugins/pwpolicy.py
@@ -478,13 +478,13 @@ class pwpolicy_find(LDAPSearch):
returns a pair: (is_global, priority)
"""
# global policy will be always last in the output
- if entry[1]['cn'][0] == global_policy_name:
+ if entry['cn'][0] == global_policy_name:
return True, 0
else:
# policies with higher priority (lower number) will be at the
# beginning of the list
try:
- cospriority = int(entry[1]['cospriority'][0])
+ cospriority = int(entry['cospriority'][0])
except KeyError:
# if cospriority is not present in the entry, rather return 0
# than crash
@@ -496,9 +496,9 @@ class pwpolicy_find(LDAPSearch):
# When pkey_only flag is on, entries should contain only a cn.
# Add a cospriority attribute that will be used for sorting.
# Attribute rights are not allowed for pwpolicy_find.
- self.obj.add_cospriority(e[1], e[1]['cn'][0], rights=False)
+ self.obj.add_cospriority(e, e['cn'][0], rights=False)
- self.obj.convert_time_for_output(e[1], **options)
+ self.obj.convert_time_for_output(e, **options)
# do custom entry sorting by its cospriority
entries.sort(key=self.priority_sort_key)
@@ -507,7 +507,7 @@ class pwpolicy_find(LDAPSearch):
# remove cospriority that was used for sorting
for e in entries:
try:
- del e[1]['cospriority']
+ del e['cospriority']
except KeyError:
pass
diff --git a/ipalib/plugins/realmdomains.py b/ipalib/plugins/realmdomains.py
index cff193f20..1928e4805 100644
--- a/ipalib/plugins/realmdomains.py
+++ b/ipalib/plugins/realmdomains.py
@@ -120,7 +120,7 @@ class realmdomains_mod(LDAPUpdate):
# If --add-domain or --del-domain options were provided, read
# the curent list from LDAP, modify it, and write the changes back
- domains = ldap.get_entry(dn)[1]['associateddomain']
+ domains = ldap.get_entry(dn)['associateddomain']
if add_domain:
if not force and not has_soa_or_ns_record(add_domain):
@@ -144,9 +144,9 @@ class realmdomains_mod(LDAPUpdate):
dn = self.obj.get_dn(*keys, **options)
ldap = self.obj.backend
- domains_old = set(ldap.get_entry(dn)[1]['associateddomain'])
+ domains_old = set(ldap.get_entry(dn)['associateddomain'])
result = super(realmdomains_mod, self).execute(*keys, **options)
- domains_new = set(ldap.get_entry(dn)[1]['associateddomain'])
+ domains_new = set(ldap.get_entry(dn)['associateddomain'])
domains_added = domains_new - domains_old
domains_deleted = domains_old - domains_new
diff --git a/ipalib/plugins/selinuxusermap.py b/ipalib/plugins/selinuxusermap.py
index e0e995ee4..3f26b16d0 100644
--- a/ipalib/plugins/selinuxusermap.py
+++ b/ipalib/plugins/selinuxusermap.py
@@ -112,7 +112,7 @@ def validate_selinuxuser_inlist(ldap, user):
Returns nothing if the user is found, raises an exception otherwise.
"""
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
item = config.get('ipaselinuxusermaporder', [])
if len(item) != 1:
raise errors.NotFound(reason=_('SELinux user map list not '
@@ -217,13 +217,13 @@ class selinuxusermap(LDAPObject):
return str(dn)
except ValueError:
try:
- (dn, entry_attrs) = self.backend.find_entry_by_attr(
+ entry_attrs = self.backend.find_entry_by_attr(
self.api.Object['hbacrule'].primary_key.name,
seealso,
self.api.Object['hbacrule'].object_class,
[''],
DN(self.api.Object['hbacrule'].container_dn, api.env.basedn))
- seealso = dn
+ seealso = entry_attrs.dn
except errors.NotFound:
raise errors.NotFound(reason=_('HBAC rule %(rule)s not found') % dict(rule=seealso))
@@ -237,7 +237,7 @@ class selinuxusermap(LDAPObject):
return
if 'seealso' in entry_attrs:
- (hbac_dn, hbac_attrs) = ldap.get_entry(entry_attrs['seealso'][0], ['cn'])
+ hbac_attrs = ldap.get_entry(entry_attrs['seealso'][0], ['cn'])
entry_attrs['seealso'] = hbac_attrs['cn'][0]
api.register(selinuxusermap)
@@ -296,7 +296,7 @@ class selinuxusermap_mod(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
try:
- (_dn, _entry_attrs) = ldap.get_entry(dn, attrs_list)
+ _entry_attrs = ldap.get_entry(dn, attrs_list)
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -369,8 +369,7 @@ all=True)['result']
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return truncated
- for entry in entries:
- (dn, attrs) = entry
+ for attrs in entries:
self.obj._convert_seealso(ldap, attrs, **options)
return truncated
@@ -398,14 +397,17 @@ class selinuxusermap_enable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(cn)
- entry_attrs = {'ipaenabledflag': 'TRUE'}
+ try:
+ entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
+ except errors.NotFound:
+ self.obj.handle_not_found(cn)
+
+ entry_attrs['ipaenabledflag'] = ['TRUE']
try:
- ldap.update_entry(dn, entry_attrs)
+ ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
raise errors.AlreadyActive()
- except errors.NotFound:
- self.obj.handle_not_found(cn)
return dict(
result=True,
@@ -425,14 +427,17 @@ class selinuxusermap_disable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(cn)
- entry_attrs = {'ipaenabledflag': 'FALSE'}
+ try:
+ entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
+ except errors.NotFound:
+ self.obj.handle_not_found(cn)
+
+ entry_attrs['ipaenabledflag'] = ['FALSE']
try:
- ldap.update_entry(dn, entry_attrs)
+ ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
raise errors.AlreadyInactive()
- except errors.NotFound:
- self.obj.handle_not_found(cn)
return dict(
result=True,
@@ -451,7 +456,8 @@ class selinuxusermap_add_user(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
- (dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
+ entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
+ dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
if 'usercategory' in entry_attrs and \
@@ -483,7 +489,8 @@ class selinuxusermap_add_host(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
- (dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
+ entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
+ dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
if 'hostcategory' in entry_attrs and \
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index 50dfbb9e3..67fbea678 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -434,7 +434,7 @@ class service_del(LDAPDelete):
check_required_principal(ldap, hostname, service)
if self.api.env.enable_ra:
try:
- (dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate'])
+ entry_attrs = ldap.get_entry(dn, ['usercertificate'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
cert = entry_attrs.get('usercertificate')
@@ -486,8 +486,7 @@ class service_mod(LDAPUpdate):
dercert = x509.normalize_certificate(cert)
x509.verify_cert_subject(ldap, hostname, dercert)
try:
- (dn, entry_attrs_old) = ldap.get_entry(
- dn, ['usercertificate'])
+ entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
if 'usercertificate' in entry_attrs_old:
@@ -541,9 +540,8 @@ class service_find(LDAPSearch):
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return truncated
- for entry in entries:
- (dn, entry_attrs) = entry
- self.obj.get_password_attributes(ldap, dn, entry_attrs)
+ for entry_attrs in entries:
+ self.obj.get_password_attributes(ldap, entry_attrs.dn, entry_attrs)
set_certificate_attrs(entry_attrs)
set_kerberos_attrs(entry_attrs, options)
return truncated
@@ -615,7 +613,7 @@ class service_disable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(*keys, **options)
- (dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate'])
+ entry_attrs = ldap.get_entry(dn, ['usercertificate'])
(service, hostname, realm) = split_principal(keys[-1])
check_required_principal(ldap, hostname, service)
@@ -648,7 +646,8 @@ class service_disable(LDAPQuery):
raise nsprerr
# Remove the usercertificate altogether
- ldap.update_entry(dn, {'usercertificate': None})
+ entry_attrs['usercertificate'] = None
+ ldap.update_entry(entry_attrs)
done_work = True
self.obj.get_password_attributes(ldap, dn, entry_attrs)
diff --git a/ipalib/plugins/sudocmd.py b/ipalib/plugins/sudocmd.py
index 0c2160c8f..35c01aa85 100644
--- a/ipalib/plugins/sudocmd.py
+++ b/ipalib/plugins/sudocmd.py
@@ -87,10 +87,10 @@ class sudocmd(LDAPObject):
self.backend.get_entry(dn, [''])
except errors.NotFound:
try:
- (dn, entry_attrs) = self.backend.find_entry_by_attr(
+ entry_attrs = self.backend.find_entry_by_attr(
'sudocmd', keys[-1], self.object_class, [''],
- DN(self.container_dn, api.env.basedn)
- )
+ DN(self.container_dn, api.env.basedn))
+ dn = entry_attrs.dn
except errors.NotFound:
pass
return dn
@@ -125,7 +125,7 @@ class sudocmd_del(LDAPDelete):
except errors.NotFound:
pass
else:
- for entry_dn, entry_attrs in entries:
+ for entry_attrs in entries:
[cn] = entry_attrs['cn']
dependent_sudorules.append(cn)
diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py
index 9644aafa2..246332502 100644
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -300,7 +300,7 @@ class sudorule_mod(LDAPUpdate):
else:
self.obj.check_order_uniqueness(*keys, **options)
try:
- (_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
+ _entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -344,14 +344,17 @@ class sudorule_enable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(cn)
- entry_attrs = {'ipaenabledflag': 'TRUE'}
+ try:
+ entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
+ except errors.NotFound:
+ self.obj.handle_not_found(cn)
+
+ entry_attrs['ipaenabledflag'] = ['TRUE']
try:
- ldap.update_entry(dn, entry_attrs)
+ ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
pass
- except errors.NotFound:
- self.obj.handle_not_found(cn)
return dict(result=True)
@@ -368,14 +371,17 @@ class sudorule_disable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(cn)
- entry_attrs = {'ipaenabledflag': 'FALSE'}
+ try:
+ entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
+ except errors.NotFound:
+ self.obj.handle_not_found(cn)
+
+ entry_attrs['ipaenabledflag'] = ['FALSE']
try:
- ldap.update_entry(dn, entry_attrs)
+ ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
pass
- except errors.NotFound:
- self.obj.handle_not_found(cn)
return dict(result=True)
@@ -394,7 +400,7 @@ class sudorule_add_allow_command(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
- (_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
+ _entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'cmdcategory'):
@@ -423,7 +429,7 @@ class sudorule_add_deny_command(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
- (_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
+ _entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'cmdcategory'):
@@ -451,7 +457,7 @@ class sudorule_add_user(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
- (_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
+ _entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'usercategory'):
@@ -487,7 +493,7 @@ class sudorule_add_host(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
- (_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
+ _entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'hostcategory'):
@@ -528,7 +534,7 @@ class sudorule_add_runasuser(LDAPAddMember):
return True
try:
- (_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
+ _entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'ipasudorunasusercategory') or \
@@ -585,7 +591,7 @@ class sudorule_add_runasgroup(LDAPAddMember):
return True
try:
- (_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
+ _entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'ipasudorunasusercategory') or \
@@ -639,7 +645,7 @@ class sudorule_add_option(LDAPQuery):
if not options['ipasudoopt'].strip():
raise errors.EmptyModlist()
- (dn, entry_attrs) = ldap.get_entry(dn, ['ipasudoopt'])
+ entry_attrs = ldap.get_entry(dn, ['ipasudoopt'])
try:
if options['ipasudoopt'] not in entry_attrs['ipasudoopt']:
@@ -651,14 +657,14 @@ class sudorule_add_option(LDAPQuery):
entry_attrs.setdefault('ipasudoopt', []).append(
options['ipasudoopt'])
try:
- ldap.update_entry(dn, entry_attrs)
+ ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
pass
except errors.NotFound:
self.obj.handle_not_found(cn)
attrs_list = self.obj.default_attributes
- (dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
+ entry_attrs = ldap.get_entry(dn, attrs_list)
entry_attrs = entry_to_dict(entry_attrs, **options)
@@ -692,12 +698,12 @@ class sudorule_remove_option(LDAPQuery):
if not options['ipasudoopt'].strip():
raise errors.EmptyModlist()
- (dn, entry_attrs) = ldap.get_entry(dn, ['ipasudoopt'])
+ entry_attrs = ldap.get_entry(dn, ['ipasudoopt'])
try:
if options['ipasudoopt'] in entry_attrs['ipasudoopt']:
entry_attrs.setdefault('ipasudoopt', []).remove(
options['ipasudoopt'])
- ldap.update_entry(dn, entry_attrs)
+ ldap.update_entry(entry_attrs)
else:
raise errors.AttrValueNotFound(
attr='ipasudoopt',
@@ -714,7 +720,7 @@ class sudorule_remove_option(LDAPQuery):
self.obj.handle_not_found(cn)
attrs_list = self.obj.default_attributes
- (dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
+ entry_attrs = ldap.get_entry(dn, attrs_list)
entry_attrs = entry_to_dict(entry_attrs, **options)
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index 0b6db27c6..5ab4b25fd 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -456,7 +456,7 @@ sides.
base_dn=DN(api.env.container_trusts, api.env.basedn),
filter=trust_filter)
- result['result'] = entry_to_dict(trusts[0][1], **options)
+ result['result'] = entry_to_dict(trusts[0], **options)
# For AD trusts with algorithmic mapping, we need to add a separate
# range for each subdomain.
@@ -778,9 +778,7 @@ class trust_find(LDAPSearch):
if options.get('pkey_only', False):
return truncated
- for entry in entries:
- (dn, attrs) = entry
-
+ for attrs in entries:
# Translate ipanttrusttype to trusttype if --raw not used
if not options.get('raw', False):
attrs['trusttype'] = trust_type_string(attrs['ipanttrusttype'][0])
@@ -897,7 +895,7 @@ class trustconfig(LDAPObject):
# and not "ipausergroup" so that it can also match groups like
# "Default SMB Group" which does not have this objectclass.
try:
- (dn, group_entry) = self.backend.find_entry_by_attr(
+ group_entry = self.backend.find_entry_by_attr(
self.api.Object['group'].primary_key.name,
group,
['posixgroup'],
@@ -906,7 +904,7 @@ class trustconfig(LDAPObject):
except errors.NotFound:
self.api.Object['group'].handle_not_found(group)
else:
- entry_attrs['ipantfallbackprimarygroup'] = [dn]
+ entry_attrs['ipantfallbackprimarygroup'] = [group_entry.dn]
def _convert_groupdn(self, entry_attrs, options):
"""
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 6cdaae334..539dd896a 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -400,7 +400,7 @@ class user(LDAPObject):
def _normalize_and_validate_email(self, email, config=None):
if not config:
- config = self.backend.get_ipa_config()[1]
+ config = self.backend.get_ipa_config()
# check if default email domain should be added
defaultdomain = config.get('ipadefaultemaildomain', [None])[0]
@@ -437,11 +437,11 @@ class user(LDAPObject):
for m in xrange(len(manager)):
if isinstance(manager[m], DN) and manager[m].endswith(container_dn):
continue
- (dn, entry_attrs) = self.backend.find_entry_by_attr(
+ entry_attrs = self.backend.find_entry_by_attr(
self.primary_key.name, manager[m], self.object_class, [''],
container_dn
)
- manager[m] = dn
+ manager[m] = entry_attrs.dn
except errors.NotFound:
raise errors.NotFound(reason=_('manager %(manager)s not found') % dict(manager=manager[m]))
@@ -510,7 +510,7 @@ class user_add(LDAPCreate):
entry_attrs['gidnumber'] = baseldap.DNA_MAGIC
validate_nsaccountlock(entry_attrs)
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
if 'ipamaxusernamelength' in config:
if len(keys[-1]) > int(config.get('ipamaxusernamelength')[0]):
raise errors.ValidationError(
@@ -542,7 +542,7 @@ class user_add(LDAPCreate):
def_primary_group = config.get('ipadefaultprimarygroup')
group_dn = self.api.Object['group'].get_dn(def_primary_group)
try:
- (group_dn, group_attrs) = ldap.get_entry(group_dn, ['gidnumber'])
+ group_attrs = ldap.get_entry(group_dn, ['gidnumber'])
except errors.NotFound:
error_msg = _('Default group for new users not found')
raise errors.NotFound(reason=error_msg)
@@ -590,7 +590,7 @@ class user_add(LDAPCreate):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
# add the user we just created into the default primary group
def_primary_group = config.get('ipadefaultprimarygroup')
group_dn = self.api.Object['group'].get_dn(def_primary_group)
@@ -607,7 +607,7 @@ class user_add(LDAPCreate):
# delete description attribute NO_UPG_MAGIC if present
if options.get('noprivate', False):
if not options.get('all', False):
- (dn, desc_attr) = ldap.get_entry(dn, ['description'])
+ desc_attr = ldap.get_entry(dn, ['description'])
entry_attrs.update(desc_attr)
if 'description' in entry_attrs and NO_UPG_MAGIC in entry_attrs['description']:
entry_attrs['description'].remove(NO_UPG_MAGIC)
@@ -619,7 +619,7 @@ class user_add(LDAPCreate):
# Fetch the entry again to update memberof, mep data, etc updated
# at the end of the transaction.
- (newdn, newentry) = ldap.get_entry(dn, ['*'])
+ newentry = ldap.get_entry(dn, ['*'])
entry_attrs.update(newentry)
if options.get('random', False):
@@ -668,7 +668,7 @@ class user_mod(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
if options.get('rename') is not None:
- config = ldap.get_ipa_config()[1]
+ config = ldap.get_ipa_config()
if 'ipamaxusernamelength' in config:
if len(options['rename']) > int(config.get('ipamaxusernamelength')[0]):
raise errors.ValidationError(
@@ -769,12 +769,11 @@ class user_find(LDAPSearch):
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return truncated
- for entry in entries:
- (dn, attrs) = entry
+ for attrs in entries:
self.obj._convert_manager(attrs, **options)
- self.obj.get_password_attributes(ldap, dn, attrs)
+ self.obj.get_password_attributes(ldap, attrs.dn, attrs)
convert_nsaccountlock(attrs)
- convert_sshpubkey_post(ldap, dn, attrs)
+ convert_sshpubkey_post(ldap, attrs.dn, attrs)
return truncated
msg_summary = ngettext(
@@ -858,9 +857,13 @@ class user_unlock(LDAPQuery):
def execute(self, *keys, **options):
dn = self.obj.get_dn(*keys, **options)
- entry_attrs = {'krbLastAdminUnlock': strftime("%Y%m%d%H%M%SZ",gmtime()), 'krbLoginFailedCount': '0'}
+ entry = self.obj.backend.get_entry(
+ dn, ['krbLastAdminUnlock', 'krbLoginFailedCount'])
- self.obj.backend.update_entry(dn, entry_attrs)
+ entry['krbLastAdminUnlock'] = [strftime("%Y%m%d%H%M%SZ", gmtime())]
+ entry['krbLoginFailedCount'] = ['0']
+
+ self.obj.backend.update_entry(entry)
return dict(
result=True,
@@ -916,7 +919,7 @@ class user_status(LDAPQuery):
entries = []
count = 0
for master in masters:
- host = master[1]['cn'][0]
+ host = master['cn'][0]
if host == api.env.host:
other_ldap = self.obj.backend
else:
@@ -936,8 +939,8 @@ class user_status(LDAPQuery):
entry = other_ldap.get_entry(dn, attr_list)
newresult = {'dn': dn}
for attr in ['krblastsuccessfulauth', 'krblastfailedauth']:
- newresult[attr] = entry[1].get(attr, [u'N/A'])
- newresult['krbloginfailedcount'] = entry[1].get('krbloginfailedcount', u'0')
+ newresult[attr] = entry.get(attr, [u'N/A'])
+ newresult['krbloginfailedcount'] = entry.get('krbloginfailedcount', u'0')
if not options.get('raw', False):
for attr in ['krblastsuccessfulauth', 'krblastfailedauth']:
try:
@@ -954,9 +957,9 @@ class user_status(LDAPQuery):
else:
time_format = '%Y-%m-%dT%H:%M:%SZ'
newresult['now'] = unicode(strftime(time_format, gmtime()))
- convert_nsaccountlock(entry[1])
- if 'nsaccountlock' in entry[1].keys():
- disabled = entry[1]['nsaccountlock']
+ convert_nsaccountlock(entry)
+ if 'nsaccountlock' in entry:
+ disabled = entry['nsaccountlock']
entries.append(newresult)
count += 1
except errors.NotFound:
diff --git a/ipalib/util.py b/ipalib/util.py
index e14077487..1701fbdd1 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -332,7 +332,7 @@ def convert_sshpubkey_post(ldap, dn, entry_attrs):
pubkeys = entry_attrs['ipasshpubkey']
else:
old_entry_attrs = ldap.get_entry(dn, ['ipasshpubkey'])
- pubkeys = old_entry_attrs[1].get('ipasshpubkey')
+ pubkeys = old_entry_attrs.get('ipasshpubkey')
if not pubkeys:
return
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index d809c416b..5cc168be4 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -143,10 +143,10 @@ class DomainValidator(object):
def is_configured(self):
cn_trust_local = DN(('cn', self.api.env.domain), self.api.env.container_cifsdomains, self.api.env.basedn)
try:
- (dn, entry_attrs) = self.ldap.get_entry(cn_trust_local, [self.ATTR_FLATNAME, self.ATTR_SID])
+ entry_attrs = self.ldap.get_entry(cn_trust_local, [self.ATTR_FLATNAME, self.ATTR_SID])
self.flatname = entry_attrs[self.ATTR_FLATNAME][0]
self.sid = entry_attrs[self.ATTR_SID][0]
- self.dn = dn
+ self.dn = entry_attrs.dn
self.domain = self.api.env.domain
except errors.NotFound, e:
return False
@@ -175,7 +175,7 @@ class DomainValidator(object):
# domain names as keys and those are generally case-insensitive
result = ipautil.CIDict()
- for dn, entry in entries:
+ for entry in entries:
try:
trust_partner = entry[self.ATTR_TRUST_PARTNER][0]
flatname_normalized = entry[self.ATTR_FLATNAME][0].lower()
@@ -184,7 +184,7 @@ class DomainValidator(object):
# Some piece of trusted domain info in LDAP is missing
# Skip the domain, but leave log entry for investigation
api.log.warn("Trusted domain '%s' entry misses an "
- "attribute: %s", dn, e)
+ "attribute: %s", entry.dn, e)
continue
result[trust_partner] = (flatname_normalized,
@@ -341,7 +341,7 @@ class DomainValidator(object):
# Treat non-unique entries as invalid
raise errors.ValidationError(name=_('trusted domain object'),
error= _('Trusted domain did not return a unique object'))
- sid = self.__sid_to_str(entries[0][1]['objectSid'][0])
+ sid = self.__sid_to_str(entries[0]['objectSid'][0])
try:
test_sid = security.dom_sid(sid)
return unicode(test_sid)
@@ -378,7 +378,7 @@ class DomainValidator(object):
attrs=attrs, scope=_ldap.SCOPE_SUBTREE)
except errors.NotFound:
raise errors.NotFound(reason=_('trusted domain user not found'))
- user_dn = entries[0][0]
+ user_dn = entries[0].dn
elif domain or flatname:
attrs = ['cn']
filter = '(&(sAMAccountName=%(name)s)(objectClass=user))' \
@@ -388,7 +388,7 @@ class DomainValidator(object):
flatname, filter, attrs, _ldap.SCOPE_SUBTREE)
except errors.NotFound:
raise errors.NotFound(reason=_('trusted domain user not found'))
- user_dn = entries[0][0]
+ user_dn = entries[0].dn
else:
# No domain or realm specified, ambiguous search
raise errors.ValidationError(name=_('trusted domain object'),
@@ -401,8 +401,8 @@ class DomainValidator(object):
filter = "(objectClass=user)"
entries = self.get_trusted_domain_objects(domain,
flatname, filter, attrs, _ldap.SCOPE_BASE, user_dn)
- object_sid = self.__sid_to_str(entries[0][1]['objectSid'][0])
- group_sids = [self.__sid_to_str(sid) for sid in entries[0][1]['tokenGroups']]
+ object_sid = self.__sid_to_str(entries[0]['objectSid'][0])
+ group_sids = [self.__sid_to_str(sid) for sid in entries[0]['tokenGroups']]
return (object_sid, group_sids)
def get_trusted_domain_user_and_groups(self, object_name):