From 982b78277755a301e3baa1d4f2bd7e1663fb88a5 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 30 Jan 2013 09:51:08 -0500 Subject: Remove some uses of raw python-ldap Part of the work for: https://fedorahosted.org/freeipa/ticket/2660 --- ipaserver/install/krbinstance.py | 8 +++----- ipaserver/install/plugins/rename_managed.py | 7 +++---- ipaserver/install/service.py | 12 ++++++------ ipaserver/plugins/dogtag.py | 30 +++++++++++++++++++---------- 4 files changed, 32 insertions(+), 25 deletions(-) (limited to 'ipaserver') diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 4d91dd6ff..51c542734 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -37,8 +37,6 @@ from ipapython.dn import DN from ipaserver.install import replication from ipaserver.install import dsinstance -import ldap - import pyasn1.codec.ber.decoder import struct @@ -260,7 +258,7 @@ class KrbInstance(service.Service): try: res = self.admin_conn.get_entries( DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')), - ldap.SCOPE_ONELEVEL, + self.admin_conn.SCOPE_ONELEVEL, "(objectclass=nsSaslMapping)") for r in res: try: @@ -360,8 +358,8 @@ class KrbInstance(service.Service): def __write_stash_from_ds(self): try: - entries = self.admin_conn.get_entries(self.get_realm_suffix(), - ldap.SCOPE_SUBTREE) + entries = self.admin_conn.get_entries( + self.get_realm_suffix(), self.admin_conn.SCOPE_SUBTREE) # TODO: Ensure we got only one entry entry = entries[0] except errors.NotFound, e: diff --git a/ipaserver/install/plugins/rename_managed.py b/ipaserver/install/plugins/rename_managed.py index c83e8a8a2..206e0a0da 100644 --- a/ipaserver/install/plugins/rename_managed.py +++ b/ipaserver/install/plugins/rename_managed.py @@ -22,7 +22,6 @@ from ipaserver.install.plugins.baseupdate import PreUpdate, PostUpdate from ipalib import api, errors from ipapython import ipautil from ipapython.dn import DN, EditableDN -import ldap as _ldap def entry_to_update(entry): """ @@ -66,9 +65,9 @@ class GenerateUpdateMixin(object): # If the old entries don't exist the server has already been updated. try: - (definitions_managed_entries, truncated) = ldap.find_entries( - searchfilter, ['*'], old_definition_container, _ldap.SCOPE_ONELEVEL, normalize=False - ) + definitions_managed_entries, truncated = ldap.find_entries( + searchfilter, ['*'], old_definition_container, + ldap.SCOPE_ONELEVEL, normalize=False) except errors.NotFound, e: return (False, update_list) diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index cc5bb877f..633287e20 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -24,8 +24,6 @@ import pwd import time import datetime -import ldap - from ipapython import sysrestore from ipapython import ipautil from ipapython import dogtag @@ -249,10 +247,12 @@ class Service(object): self.ldap_disconnect() self.ldap_connect() - dn = DN(('krbprincipalname', self.principal), ('cn', 'services'), ('cn', 'accounts'), self.suffix) - mod = [(ldap.MOD_ADD, 'userCertificate', self.dercert)] + dn = DN(('krbprincipalname', self.principal), ('cn', 'services'), + ('cn', 'accounts'), self.suffix) + entry = self.admin_conn.get_entry(dn) + entry.setdefault('userCertificate', []).append(self.dercert) try: - self.admin_conn.modify_s(dn, mod) + self.admin_conn.update_entry(entry) except Exception, e: root_logger.critical("Could not add certificate to service %s entry: %s" % (self.principal, str(e))) @@ -387,7 +387,7 @@ class Service(object): try: self.admin_conn.add_entry(entry) - except (ldap.ALREADY_EXISTS, errors.DuplicateEntry), e: + except (errors.DuplicateEntry), e: root_logger.debug("failed to add %s Service startup entry" % name) raise e diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 343368c99..054a29b40 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -237,12 +237,10 @@ digits and nothing else follows. ''' from lxml import etree -import urllib import urllib2 import datetime import time from ipapython.dn import DN -from ldap.filter import escape_filter_chars import ipapython.dogtag from ipapython import ipautil @@ -1267,11 +1265,17 @@ class ra(rabase.rabase): Check if a specified host is a master for a specified service. """ - base_dn = DN(('cn', host), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) - filter = '(&(objectClass=ipaConfigObject)(cn=%s)(ipaConfigString=enabledService))' % escape_filter_chars(service) + ldap2 = self.api.Backend.ldap2 + base_dn = DN(('cn', host), ('cn', 'masters'), ('cn', 'ipa'), + ('cn', 'etc'), api.env.basedn) + filter_attrs = { + 'objectClass': 'ipaConfigObject', + 'cn': service, + 'ipaConfigString': 'enabledService', + } + filter = ldap2.make_filter(filter_attrs, rules='&') try: - ldap2 = self.api.Backend.ldap2 - ent,trunc = ldap2.find_entries(filter=filter, base_dn=base_dn) + ent, trunc = ldap2.find_entries(filter=filter, base_dn=base_dn) if len(ent): return True except Exception, e: @@ -1286,11 +1290,17 @@ class ra(rabase.rabase): Select any host which is a master for a specified service. """ - base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) - filter = '(&(objectClass=ipaConfigObject)(cn=%s)(ipaConfigString=enabledService))' % escape_filter_chars(service) + ldap2 = self.api.Backend.ldap2 + base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), + api.env.basedn) + filter_attrs = { + 'objectClass': 'ipaConfigObject', + 'cn': service, + 'ipaConfigString': 'enabledService', + } + filter = ldap2.make_filter(filter_attrs, rules='&') try: - ldap2 = self.api.Backend.ldap2 - ent,trunc = ldap2.find_entries(filter=filter, base_dn=base_dn) + ent, trunc = ldap2.find_entries(filter=filter, base_dn=base_dn) if len(ent): entry = random.choice(ent) dn = entry[0] -- cgit