From 197b1acfe4ca40fe9570231d4c74db2ce1048ca6 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 13 Oct 2011 13:07:49 -0400 Subject: Fix has_upg() to work with relocated managed entries configuration. https://fedorahosted.org/freeipa/ticket/1964 --- ipaserver/plugins/ldap2.py | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) (limited to 'ipaserver/plugins/ldap2.py') diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 6eeab56a8..5c4018293 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -33,6 +33,7 @@ import string import shutil import tempfile import time +import re import krbV import logging @@ -192,9 +193,6 @@ def get_schema(url, conn=None): # Global schema _schema = None -# The UPG setting will be cached the first time a module checks it -_upg = None - class ldap2(CrudBackend, Encoder): """ LDAP Backend Take 2. @@ -707,23 +705,24 @@ class ldap2(CrudBackend, Encoder): def has_upg(self): """Returns True/False whether User-Private Groups are enabled. This is determined based on whether the UPG Template exists. - We determine this at module load so we don't have to test for - it every time. """ - global _upg - if _upg is None: - try: - upg_entry = self.conn.search_s( - 'cn=UPG Template,cn=etc,%s' % api.env.basedn, - _ldap.SCOPE_BASE, - attrlist=['*'] - )[0] - _upg = True - except _ldap.NO_SUCH_OBJECT, e: - _upg = False - - return _upg + upg_dn = str(DN('cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc', api.env.basedn)) + + try: + upg_entry = self.conn.search_s( + upg_dn, + _ldap.SCOPE_BASE, + attrlist=['*'] + )[0] + disable_attr = '(objectclass=disable)' + if 'originfilter' in upg_entry[1]: + org_filter = upg_entry[1]['originfilter'] + return not bool(re.search(r'%s' % disable_attr, org_filter[0])) + else: + return False + except _ldap.NO_SUCH_OBJECT, e: + return False @encode_args(1, 2) def get_effective_rights(self, dn, entry_attrs): -- cgit