summaryrefslogtreecommitdiffstats
path: root/ipapython/ipaldap.py
Commit message (Collapse)AuthorAgeFilesLines
* allow to call ldap2.destroy_connection multiple timesPetr Vobornik2015-05-071-1/+1
| | | | | | A regression fix. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* speed up indirect member processingPetr Vobornik2015-04-271-0/+2
| | | | | | | | | | | | | | | the old implementation tried to get all entries which are member of group. That means also user. User can't have any members therefore this costly processing was unnecessary. New implementation reduces the search only to entries which have members. Also page size was removed to avoid paging by small pages(default size: 100) which is very slow for many members. https://fedorahosted.org/freeipa/ticket/4947 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ldap: Remove IPASimpleLDAPObjectJan Cholasta2015-04-161-105/+0
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Use SimpleLDAPObject instead of IPASimpleLDAPObject in LDAPClientJan Cholasta2015-04-161-2/+2
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Move schema handling from IPASimpleLDAPObject to LDAPClientJan Cholasta2015-04-161-280/+261
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Use LDAPClient instead of IPASimpleLDAPObject in LDAPEntryJan Cholasta2015-04-161-4/+7
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Move value encoding from IPASimpleLDAPObject to LDAPClientJan Cholasta2015-04-161-133/+80
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Use LDAPClient bind and unbind methods in IPAdminJan Cholasta2015-04-161-19/+16
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Add bind and unbind methods to LDAPClientJan Cholasta2015-04-161-0/+35
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Use LDAPClient connection management in IPAdminJan Cholasta2015-04-161-12/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Add connection management to LDAPClientJan Cholasta2015-04-161-9/+64
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Remove unused IPAdmin methodsJan Cholasta2015-04-161-8/+0
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Drop python-ldap tuple compatibilityJan Cholasta2015-04-161-66/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* User life cycle: allows MODRDN from ldap2Thierry Bordaz2015-04-161-6/+23
| | | | | | | | | enhance update_entry_rdn so that is allows to move an entry a new superior https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* baseldap: Handle missing parent objects properly in *-find commandsTomas Babej2015-01-131-1/+1
| | | | | | | | | | | | | | | | | | | | The find_entries function in ipaldap does not differentiate between a LDAP search that returns error code 32 (No such object) and LDAP search returning error code 0 (Success), but returning no results. In both cases errors.NotFound is raised. In turn, LDAPSearch commands interpret NotFound exception as no results. To differentiate between the cases, a new error EmptyResult was added, which inherits from NotFound to preserve the compatibility with the new code. This error is raised by ipaldap.find_entries in case it is performing a search with and the target dn does not exist. https://fedorahosted.org/freeipa/ticket/4659 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Refactoring of autobind, object_existsMartin Basti2014-09-261-0/+37
| | | | | | | | | Required to prevent code duplications ipaldap.IPAdmin now has method do_bind, which tries several bind methods ipaldap.IPAClient now has method object_exists(dn) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-ldap-updater: make possible to use LDAPI with autobind in case of ↵Alexander Bokovoy2014-07-041-0/+4
| | | | | | | | | | | | | | | | | hardened LDAP configuration When nsslapd-minssf is greater than 0, running as root ipa-ldap-updater [-l] will fail even if we force use of autobind for root over LDAPI. The reason for this is that schema updater doesn't get ldapi flag passed and attempts to connect to LDAP port instead and for hardened configurations using simple bind over LDAP is not enough. Additionally, report properly previously unhandled LDAP exceptions. https://fedorahosted.org/freeipa/ticket/3468 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipaldap: Override conversion of nsds5replicalast{update,init}{start,end}Tomas Babej2014-07-021-0/+4
| | | | | | | | | | | | | | | | | The replication related attributes with generalized time syntax have special behaviour implemented in 389, as follows: In case they are explicitly requested for and not set, 0 is returned. However, 0 is not a valid value for LDAP Generalized time. Thus we need to add these attributes to the _SYNTAX_OVERRIDE dictionary, overriding their conversion to datetime and converting them to string instead, which perserves the old behaviour expected by the replication codebase. https://fedorahosted.org/freeipa/ticket/4350 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Clarify LDAPClient docstrings about get_entry, get_entries and find_entriesPetr Spacek2014-06-201-1/+6
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSName conversion in ipaldapMartin Basti2014-06-031-0/+7
| | | | | | | | | | Domain name has to be stored in LDAP in punycoded value Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipalib: Add DateTime parameterTomas Babej2014-05-051-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds a parameter that represents a DateTime format using datetime.datetime object from python's native datetime library. In the CLI, accepts one of the following formats: Accepts LDAP Generalized time without in the following format: '%Y%m%d%H%M%SZ' Accepts subset of values defined by ISO 8601: '%Y-%m-%dT%H:%M:%SZ' '%Y-%m-%dT%H:%MZ' '%Y-%m-%dZ' Also accepts above formats using ' ' (space) as a separator instead of 'T'. As a simplification, it does not deal with timezone info and ISO 8601 values with timezone info (+-hhmm) are rejected. Values are expected to be in the UTC timezone. Values are saved to LDAP as LDAP Generalized time values in the format '%Y%m%d%H%SZ' (no time fractions and UTC timezone is assumed). To avoid confusion, in addition to subset of ISO 8601 values, the LDAP generalized time in the format '%Y%m%d%H%M%SZ' is also accepted as an input (as this is the format user will see on the output). Part of: https://fedorahosted.org/freeipa/ticket/3306 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Keep original name when setting attribute in LDAPEntry.Jan Cholasta2014-04-181-33/+20
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Replace get_syntax method of IPASimpleObject with new get_type method.Jan Cholasta2014-04-181-13/+15
| | | | | | get_type returns the Python type for an LDAP attribute. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix modlist generation code not to generate empty replace mods.Jan Cholasta2014-03-031-3/+3
| | | | | https://fedorahosted.org/freeipa/ticket/4138 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Raise an exception when legacy LDAP API is used.Jan Cholasta2014-01-241-19/+12
|
* Do not crash on bad LDAP data when formatting decode error message.Jan Cholasta2014-01-101-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Store old entry state in dict rather than LDAPEntry.Jan Cholasta2014-01-101-29/+17
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Remove legacy LDAPEntry properties data and orig_data.Jan Cholasta2014-01-101-11/+0
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Remove unused LDAPClient methods get_syntax and get_single_value.Jan Cholasta2014-01-101-12/+0
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Add LDAPEntry method generate_modlist.Jan Cholasta2014-01-101-46/+39
| | | | | | | Use LDAPEntry.generate_modlist instead of LDAPClient._generate_modlist and remove LDAPClient._generate_modlist. https://fedorahosted.org/freeipa/ticket/3488
* Use LDAPClient.update_entry for LDAP mods in ldapupdate.Jan Cholasta2014-01-101-60/+0
| | | | | | Remove legacy IPAdmin methods generateModList and updateEntry. https://fedorahosted.org/freeipa/ticket/3488
* Make IPASimpleLDAPObject.get_single_value result overridable.Jan Cholasta2014-01-101-3/+13
| | | | | | Add some default overrides. https://fedorahosted.org/freeipa/ticket/3488
* Move LDAPClient method get_single_value to IPASimpleLDAPObject.Jan Cholasta2014-01-101-18/+30
| | | | | | Refactor IPASimpleLDAPObject methods get_syntax and get_single_value. https://fedorahosted.org/freeipa/ticket/3488
* Use old entry state in LDAPClient.update_entry.Jan Cholasta2014-01-101-32/+26
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Rename LDAPEntry method commit to reset_modlist.Jan Cholasta2014-01-101-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Convert remaining backend code to LDAPEntry API.Jan Cholasta2013-12-161-3/+3
|
* Support searches with paged results control in LDAPClient.Jan Cholasta2013-11-271-16/+59
| | | | https://fedorahosted.org/freeipa/ticket/3971
* Add wrapper for result3 to IPASimpleLDAPObject.Jan Cholasta2013-11-271-0/+5
| | | | https://fedorahosted.org/freeipa/ticket/3971
* Move IPA specific code from LDAPClient to the ldap2 plugin.Jan Cholasta2013-11-271-212/+7
| | | | https://fedorahosted.org/freeipa/ticket/3971
* Improve LDAPEntry.__repr__ for freshly created entriesPetr Viktorin2013-11-261-1/+3
| | | | | | | Creating a LDAPEntry from dict does not set the raw entries, to display everything we need to combine the underlying data. https://fedorahosted.org/freeipa/ticket/4015
* Remove schema special-casing from the LDAP updaterPetr Viktorin2013-11-181-19/+8
| | | | | | | Now that there's a dedicated schema updater, we do not need the code in ldapupdate. https://fedorahosted.org/freeipa/ticket/3454
* Add schema updater based on IPA schema filesPetr Viktorin2013-11-181-0/+6
| | | | | | | | | | | | The new updater is run as part of `ipa-ldap-updater --upgrade` and `ipa-ldap-updater --schema` (--schema is a new option). The --schema-file option to ipa-ldap-updater may be used (multiple times) to select a non-default set of schema files to update against. The updater adds an X-ORIGIN tag with the current IPA version to all elements it adds or modifies. https://fedorahosted.org/freeipa/ticket/3454
* Turn LDAPEntry.single_value into a dictionary-like property.Jan Cholasta2013-11-051-22/+30
| | | | | | This change makes single_value consistent with the raw property. https://fedorahosted.org/freeipa/ticket/3521
* Use encoded values from entry objects directly when adding new entries.Jan Cholasta2013-10-311-7/+1
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Use encoded values from entry objects directly when generating modlists.Jan Cholasta2013-10-311-33/+6
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Store encoded attribute values from search results directly in entry objects.Jan Cholasta2013-10-311-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Remove legacy toDict and origDataDict methods of LDAPEntry.Jan Cholasta2013-10-311-27/+4
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Make sure attributeTypes updates are done before objectClasses updates.Jan Cholasta2013-10-311-1/+4
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Decode and encode attribute values in LDAPEntry on demand.Jan Cholasta2013-10-311-28/+186
| | | | | | | | | | | This is achieved by storing both decoded and encoded attribute values in LDAPEntry and synchronizing changes between them whenever an attribute is accessed. Added a new property "raw" to LDAPEntry. It provides a dictionary-like object which can be used to directly access encoded attribute values. https://fedorahosted.org/freeipa/ticket/3521
* Always use lists for values in LDAPEntry internally.Jan Cholasta2013-10-311-2/+28
| | | | | | | Outside of LDAPEntry, it is still possible to use non-lists. Once we enforce lists for attribute values, this will be removed. https://fedorahosted.org/freeipa/ticket/3521
generated by cgit (git 2.34.1) at 2024-05-28 16:11:47 +0000