From 442973edc5bffc1e215c22327369f66df7aeec08 Mon Sep 17 00:00:00 2001 From: John Dennis Date: Thu, 28 Jul 2011 14:32:26 -0400 Subject: Clean up existing DN object usage --- ipaserver/install/cainstance.py | 8 ++++---- ipaserver/install/certs.py | 14 ++++++++------ ipaserver/install/replication.py | 8 ++++---- ipaserver/ipaldap.py | 7 ------- 4 files changed, 16 insertions(+), 21 deletions(-) (limited to 'ipaserver') diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 3561dc9e4..d62f232cc 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -933,7 +933,7 @@ class CAInstance(service.Service): st = 1 en = 0 subid = 0 - normalized_base = str(DN(self.subject_base)) + ca_dn = DN(('CN','Certificate Authority'), self.subject_base) while st > 0: st = certlist.find('-----BEGIN', en) en = certlist.find('-----END', en+1) @@ -942,11 +942,11 @@ class CAInstance(service.Service): (chain_fd, chain_name) = tempfile.mkstemp() os.write(chain_fd, certlist[st:en+25]) os.close(chain_fd) - (rdn, subject) = certs.get_cert_nickname(certlist[st:en+25]) - if subject.lower() == ('CN=Certificate Authority,%s' % normalized_base).lower(): + (rdn, subject_dn) = certs.get_cert_nickname(certlist[st:en+25]) + if subject_dn == ca_dn: nick = get_ca_nickname(self.realm) else: - nick = subject + nick = str(subject_dn) self.__run_certutil( ['-A', '-t', 'CT,C,C', '-n', nick, '-a', '-i', chain_name] diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 1bbcbabe6..738b329a6 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -89,13 +89,15 @@ def get_cert_nickname(cert): for NSS. The caller can decide whether to use just the RDN or the whole subject. - Returns a tuple of (rdn, subject) + Returns a tuple of (rdn, subject_dn) when rdn is the string + representation of the first RDN in the subject and subject_dn + is a DN object. """ nsscert = x509.load_certificate(cert) subject = str(nsscert.subject) dn = DN(subject) - return (str(dn[0]), str(dn)) + return (str(dn[0]), dn) def next_serial(serial_file=CA_SERIALNO): """ @@ -430,16 +432,16 @@ class CertDB(object): certs = fd.read() fd.close() - normalized_base = str(DN(self.subject_base)) + ca_dn = DN(('CN','Certificate Authority'), self.subject_base) st = 0 while True: try: (cert, st) = find_cert_from_txt(certs, st) - (nick, subject) = get_cert_nickname(cert) - if subject.lower() == ('CN=Certificate Authority,%s' % normalized_base).lower(): + (rdn, subject_dn) = get_cert_nickname(cert) + if subject_dn == ca_dn: nick = get_ca_nickname(self.realm) else: - nick = subject + nick = str(subject_dn) self.run_certutil(["-A", "-n", nick, "-t", "CT,,C", "-a"], diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 7186a18e8..fbf9c95b5 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -121,7 +121,7 @@ class ReplicationManager(object): self.realm = realm self.starttls = starttls tmp = util.realm_to_suffix(realm) - self.suffix = ipaldap.IPAdmin.normalizeDN(tmp) + self.suffix = str(DN(tmp)).lower() # If we are passed a password we'll use it as the DM password # otherwise we'll do a GSSAPI bind. @@ -162,7 +162,7 @@ class ReplicationManager(object): # Ok, either the entry doesn't exist or the attribute isn't set # so get it from the other master retval = -1 - dn = str(DN("cn=replication, cn=etc, %s" % self.suffix)) + dn = str(DN(('cn','replication'),('cn','etc'), self.suffix)) try: replica = master_conn.search_s(dn, ldap.SCOPE_BASE, "objectclass=*")[0] if not replica.getValue('nsDS5ReplicaId'): @@ -258,7 +258,7 @@ class ReplicationManager(object): return "2" def replica_dn(self): - return str(DN('cn=replica, cn="%s", cn=mapping tree, cn=config' % self.suffix)) + return str(DN(('cn','replica'),('cn',self.suffix),('cn','mapping tree'),('cn','config'))) def replica_config(self, conn, replica_id, replica_binddn): dn = self.replica_dn() @@ -754,7 +754,7 @@ class ReplicationManager(object): logging.info("Agreement is ready, starting replication . . .") # Add winsync replica to the public DIT - dn = str(DN('cn=%s,cn=replicas,cn=ipa,cn=etc,%s' % (ad_dc_name, self.suffix))) + dn = str(DN(('cn',ad_dc_name),('cn','replicas'),('cn','ipa'),('cn','etc'), self.suffix)) entry = ipaldap.Entry(dn) entry.setValues("objectclass", ["nsContainer", "ipaConfigObject"]) entry.setValues("cn", ad_dc_name) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index 77f5b289a..4de09f1e5 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -709,13 +709,6 @@ class IPAdmin(SimpleLDAPObject): obj = self.schema.get_obj(ldap.schema.AttributeType, attr) return obj and obj.single_value - def normalizeDN(dn): - # not great, but will do until we use a newer version of python-ldap - # that has DN utilities - ary = ldap.explode_dn(dn.lower()) - return ",".join(ary) - normalizeDN = staticmethod(normalizeDN) - def get_dns_sorted_by_length(self, entries, reverse=False): """ Sorts a list of entries [(dn, entry_attrs)] based on their DN. -- cgit