From 08051f16516a3978494ae94032d55cc8b1426df9 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Thu, 31 Oct 2013 16:54:49 +0000 Subject: Convert remaining installer code to LDAPEntry API. --- .../certmonger/dogtag-ipa-retrieve-agent-submit | 2 +- install/restart_scripts/renew_ca_cert | 12 ++++---- install/restart_scripts/renew_ra_cert | 12 ++++---- install/tools/ipa-adtrust-install | 12 ++++---- install/tools/ipa-compat-manage | 10 +++---- install/tools/ipa-nis-manage | 16 +++++----- install/tools/ipa-server-install | 6 ++-- install/tools/ipactl | 2 +- ipaserver/install/adtrustinstance.py | 6 ++-- ipaserver/install/cainstance.py | 35 +++++++++++----------- ipaserver/install/ipa_replica_prepare.py | 2 +- 11 files changed, 59 insertions(+), 56 deletions(-) diff --git a/install/certmonger/dogtag-ipa-retrieve-agent-submit b/install/certmonger/dogtag-ipa-retrieve-agent-submit index 973af267c..726790197 100644 --- a/install/certmonger/dogtag-ipa-retrieve-agent-submit +++ b/install/certmonger/dogtag-ipa-retrieve-agent-submit @@ -62,7 +62,7 @@ try: conn.connect(ccache=ccache) try: syslog.syslog(syslog.LOG_NOTICE, "Updating certificate for %s" % nickname) - (entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate']) + entry_attrs = conn.get_entry(dn, ['usercertificate']) cert = entry_attrs['usercertificate'][0] cert = base64.b64encode(cert) print x509.make_pem(cert) diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert index da2253b4c..09acfc236 100644 --- a/install/restart_scripts/renew_ca_cert +++ b/install/restart_scripts/renew_ca_cert @@ -69,13 +69,15 @@ try: conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri) conn.connect(ccache=ccache) try: - (entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate']) + entry_attrs = conn.get_entry(dn, ['usercertificate']) entry_attrs['usercertificate'] = cert - conn.update_entry(dn, entry_attrs) + conn.update_entry(entry_attrs) except errors.NotFound: - entry_attrs = dict(objectclass=['top', 'pkiuser', 'nscontainer'], - usercertificate=cert) - conn.add_entry(dn, entry_attrs) + entry_attrs = conn.make_entry( + dn, + objectclass=['top', 'pkiuser', 'nscontainer'], + usercertificate=[cert]) + conn.add_entry(entry_attrs) except errors.EmptyModlist: pass conn.disconnect() diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert index 919f8fc41..cb3e3683b 100644 --- a/install/restart_scripts/renew_ra_cert +++ b/install/restart_scripts/renew_ra_cert @@ -58,13 +58,15 @@ while attempts < 10: conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri) conn.connect(ccache=ccache) try: - (entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate']) + entry_attrs = conn.get_entry(dn, ['usercertificate']) entry_attrs['usercertificate'] = dercert - conn.update_entry(dn, entry_attrs) + conn.update_entry(entry_attrs) except errors.NotFound: - entry_attrs = dict(objectclass=['top', 'pkiuser', 'nscontainer'], - usercertificate=dercert) - conn.add_entry(dn, entry_attrs) + entry_attrs = conn.make_entry( + dn, + objectclass=['top', 'pkiuser', 'nscontainer'], + usercertificate=[dercert]) + conn.add_entry(entry_attrs) except errors.EmptyModlist: pass updated = True diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index e81d0ec8f..3af6936b0 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -118,13 +118,13 @@ def set_and_check_netbios_name(netbios_name, unattended): cur_netbios_name = None gen_netbios_name = None reset_netbios_name = False - dom_dn = None + entry = None try: - (dom_dn, entry) = api.Backend.ldap2.get_entry(DN(('cn', api.env.domain), - api.env.container_cifsdomains, - ipautil.realm_to_suffix(api.env.realm)), - [flat_name_attr]) + entry = api.Backend.ldap2.get_entry( + DN(('cn', api.env.domain), api.env.container_cifsdomains, + ipautil.realm_to_suffix(api.env.realm)), + [flat_name_attr]) except errors.NotFound: # trust not configured pass @@ -160,7 +160,7 @@ def set_and_check_netbios_name(netbios_name, unattended): if not netbios_name: gen_netbios_name = adtrustinstance.make_netbios_name(api.env.domain) - if dom_dn: + if entry is not None: # Fix existing trust configuration print "Trust is configured but no NetBIOS domain name found, " \ "setting it now." diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage index bdfb7182a..3cd75e22d 100755 --- a/install/tools/ipa-compat-manage +++ b/install/tools/ipa-compat-manage @@ -73,7 +73,7 @@ def get_entry(dn, conn): """ entry = None try: - (dn, entry) = conn.get_entry(dn) + entry = conn.get_entry(dn) except errors.NotFound: pass return entry @@ -143,8 +143,8 @@ def main(): print "Updating Directory Server failed." retval = 1 else: - mod = {'nsslapd-pluginenabled': 'on'} - conn.update_entry(compat_dn, mod) + entry['nsslapd-pluginenabled'] = ['on'] + conn.update_entry(entry) except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde @@ -174,8 +174,8 @@ def main(): else: print "Disabling plugin" - mod = {'nsslapd-pluginenabled': 'off'} - conn.update_entry(compat_dn, mod) + entry['nsslapd-pluginenabled'] = ['off'] + conn.update_entry(entry) except errors.DatabaseError, dbe: print "An error occurred while talking to the server." print dbe diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage index 3320be74a..229b6b02d 100755 --- a/install/tools/ipa-nis-manage +++ b/install/tools/ipa-nis-manage @@ -75,7 +75,7 @@ def get_entry(dn, conn): """ entry = None try: - (dn, entry) = conn.get_entry(dn) + entry = conn.get_entry(dn) except errors.NotFound: pass return entry @@ -165,20 +165,18 @@ def main(): elif entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off': print "Enabling plugin" # Already configured, just enable the plugin - mod = {'nsslapd-pluginenabled': 'on'} - conn.update_entry(nis_config_dn, mod) + entry['nsslapd-pluginenabled'] = ['on'] + conn.update_entry(entry) else: print "Plugin already Enabled" retval = 2 elif args[0] == "disable": try: - mod = {'nsslapd-pluginenabled': 'off'} - conn.update_entry(nis_config_dn, mod) - except errors.NotFound: - print "Plugin is already disabled" - retval = 2 - except errors.EmptyModlist: + entry = conn.get_entry(nis_config_dn, ['nsslapd-pluginenabled']) + entry['nsslapd-pluginenabled'] = ['off'] + conn.update_entry(entry) + except (errors.NotFound, errors.EmptyModlist): print "Plugin is already disabled" retval = 2 except errors.LDAPError, lde: diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index dcf0bcebd..63710d02d 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -561,10 +561,10 @@ def set_subject_in_config(realm_name, dm_password, suffix, subject_base): except errors.ExecutionError, e: root_logger.critical("Could not connect to the Directory Server on %s" % realm_name) raise e - (dn, entry_attrs) = conn.get_ipa_config() + entry_attrs = conn.get_ipa_config() if 'ipacertificatesubjectbase' not in entry_attrs: - mod = {'ipacertificatesubjectbase': str(subject_base)} - conn.update_entry(dn, mod) + entry_attrs['ipacertificatesubjectbase'] = [str(subject_base)] + conn.update_entry(entry_attrs) conn.disconnect() diff --git a/install/tools/ipactl b/install/tools/ipactl index 3b42b92cf..fd1e5e615 100755 --- a/install/tools/ipactl +++ b/install/tools/ipactl @@ -137,7 +137,7 @@ def get_config(dirsrv): except Exception, e: masters_list.append("No master found because of error: %s" % str(e)) else: - for dn, master_entry in entries: + for master_entry in entries: masters_list.append(master_entry.single_value['cn']) masters = "\n".join(masters_list) diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 5eb61574b..6c74418ce 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -472,7 +472,7 @@ class ADTRUSTInstance(service.Service): members = current.get('memberPrincipal', []) if not(self.cifs_principal in members): current["memberPrincipal"] = members + [self.cifs_principal] - self.admin_conn.update_entry(targets_dn, current) + self.admin_conn.update_entry(current) else: self.print_msg('cifs principal already targeted, nothing to do.') except errors.NotFound: @@ -503,7 +503,7 @@ class ADTRUSTInstance(service.Service): members = current.get('member', []) if not(self.cifs_agent in members): current["member"] = members + [self.cifs_agent] - self.admin_conn.update_entry(self.smb_dn, current) + self.admin_conn.update_entry(current) except errors.NotFound: entry = self.admin_conn.make_entry( self.smb_dn, @@ -723,7 +723,7 @@ class ADTRUSTInstance(service.Service): lookup_nsswitch = current.get(lookup_nsswitch_name, []) if not(config[1] in lookup_nsswitch): current[lookup_nsswitch_name] = [config[1]] - self.admin_conn.update_entry(entry_dn, current) + self.admin_conn.update_entry(current) except Exception, e: root_logger.critical("Enabling nsswitch support in slapi-nis failed with error '%s'" % e) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 52c91b68c..5e7cab8e0 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -930,21 +930,22 @@ class CAInstance(service.Service): decoded = base64.b64decode(self.ra_cert) entry_dn = DN(('uid', "ipara"), ('ou', 'People'), self.basedn) - entry = [ - ('objectClass', ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'cmsuser']), - ('uid', "ipara"), - ('sn', "ipara"), - ('cn', "ipara"), - ('usertype', "agentType"), - ('userstate', "1"), - ('userCertificate', decoded), - ('description', '2;%s;%s;%s' % \ - (str(self.requestId), - DN(('CN', 'Certificate Authority'), self.subject_base), - DN(('CN', 'IPA RA'), self.subject_base))), - ] - - conn.add_entry(entry_dn, entry) + entry = conn.make_entry( + entry_dn, + objectClass=['top', 'person', 'organizationalPerson', + 'inetOrgPerson', 'cmsuser'], + uid=["ipara"], + sn=["ipara"], + cn=["ipara"], + usertype=["agentType"], + userstate=["1"], + userCertificate=[decoded], + description=['2;%s;%s;%s' % ( + str(self.requestId), + DN(('CN', 'Certificate Authority'), self.subject_base), + DN(('CN', 'IPA RA'), self.subject_base))]) + + conn.add_entry(entry) dn = DN(('cn', 'Certificate Manager Agents'), ('ou', 'groups'), self.basedn) modlist = [(0, 'uniqueMember', '%s' % entry_dn)] @@ -1764,11 +1765,11 @@ def update_people_entry(uid, dercert): conn = ldap2.ldap2(shared_instance=False, ldap_uri=dogtag_uri) conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password) - (entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate']) + entry_attrs = conn.get_entry(dn, ['usercertificate']) entry_attrs['usercertificate'].append(dercert) entry_attrs['description'] = '2;%d;%s;%s' % (serial_number, issuer, subject) - conn.update_entry(dn, entry_attrs) + conn.update_entry(entry_attrs) updated = True break except errors.NetworkError: diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py index 36d078a6b..bd5244d4f 100644 --- a/ipaserver/install/ipa_replica_prepare.py +++ b/ipaserver/install/ipa_replica_prepare.py @@ -162,7 +162,7 @@ class ReplicaPrepare(admintool.AdminTool): conn = ldap2(shared_instance=False, base_dn=suffix) conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=self.dirman_password) - dn, entry_attrs = conn.get_ipa_config() + entry_attrs = conn.get_ipa_config() conn.disconnect() except errors.ACIError: raise admintool.ScriptError("The password provided is incorrect " -- cgit