diff options
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/adtrustinstance.py | 17 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 2 | ||||
-rw-r--r-- | ipaserver/install/dsinstance.py | 2 | ||||
-rw-r--r-- | ipaserver/install/krbinstance.py | 7 | ||||
-rw-r--r-- | ipaserver/install/ldapupdate.py | 4 | ||||
-rw-r--r-- | ipaserver/install/replication.py | 18 | ||||
-rw-r--r-- | ipaserver/install/service.py | 4 | ||||
-rw-r--r-- | ipaserver/ipaldap.py | 7 |
8 files changed, 33 insertions, 28 deletions
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index cba88eb0..2391cf00 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -22,7 +22,6 @@ import errno import ldap import tempfile import uuid -from ipaserver import ipaldap from ipaserver.install import installutils from ipaserver.install import service from ipaserver.install.dsinstance import realm_to_serverid @@ -327,7 +326,7 @@ class ADTRUSTInstance(service.Service): try: self.admin_conn.getEntry(new_dn, ldap.SCOPE_BASE) except errors.NotFound: - entry = ipaldap.Entry(new_dn) + entry = self.admin_conn.make_entry(new_dn) entry.setValues("objectclass", ["nsContainer"]) try: name = new_dn[1].attr @@ -338,7 +337,7 @@ class ADTRUSTInstance(service.Service): entry.setValues("cn", name) self.admin_conn.addEntry(entry) - entry = ipaldap.Entry(self.smb_dom_dn) + entry = self.admin_conn.make_entry(self.smb_dom_dn) entry.setValues("objectclass", [self.OBJC_DOMAIN, "nsContainer"]) entry.setValues("cn", self.domain_name) entry.setValues(self.ATTR_FLAT_NAME, self.netbios_name) @@ -415,7 +414,7 @@ class ADTRUSTInstance(service.Service): ('cn', 'etc'), self.suffix) try: targets = self.admin_conn.getEntry(targets_dn, ldap.SCOPE_BASE) - current = ipaldap.Entry((targets_dn, targets.toDict())) + current = self.admin_conn.make_entry(targets_dn, targets.toDict()) members = current.getValues('memberPrincipal') or [] if not(self.cifs_principal in members): current.setValues("memberPrincipal", members + [self.cifs_principal]) @@ -447,13 +446,13 @@ class ADTRUSTInstance(service.Service): # the principal's proper dn as defined in self.cifs_agent try: entry = self.admin_conn.getEntry(self.smb_dn, ldap.SCOPE_BASE) - current = ipaldap.Entry((self.smb_dn, entry.toDict())) + current = self.admin_conn.make_entry(self.smb_dn, entry.toDict()) members = current.getValues('member') or [] if not(self.cifs_agent in members): current.setValues("member", members + [self.cifs_agent]) self.admin_conn.updateEntry(self.smb_dn, entry.toDict(), current.toDict()) except errors.NotFound: - entry = ipaldap.Entry(self.smb_dn) + entry = self.admin_conn.make_entry(self.smb_dn) entry.setValues("objectclass", ["top", "GroupOfNames"]) entry.setValues("cn", self.smb_dn['cn']) entry.setValues("member", [self.cifs_agent]) @@ -735,9 +734,9 @@ class ADTRUSTInstance(service.Service): "range.\nAdd local ID range manually and try " \ "again!") - entry = ipaldap.Entry(DN(('cn', ('%s_id_range' % self.realm)), - api.env.container_ranges, - self.suffix)) + entry = self.admin_conn.make_entry(DN(('cn', ('%s_id_range' % self.realm)), + api.env.container_ranges, + self.suffix)) entry.setValue('objectclass', 'ipaDomainIDRange') entry.setValue('cn', ('%s_id_range' % self.realm)) entry.setValue('ipaBaseID', str(base_id)) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index d29f6746..e3122cf2 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -395,7 +395,7 @@ class CADSInstance(service.Service): (ldap.MOD_ADD, "nsslapd-secureport", str(DEFAULT_DSPORT+1))] conn.modify_s(DN(('cn', 'config')), mod) - entry = ipaldap.Entry(DN(('cn', 'RSA'), ('cn', 'encryption'), ('cn', 'config'))) + entry = conn.make_entry(DN(('cn', 'RSA'), ('cn', 'encryption'), ('cn', 'config'))) entry.setValues("objectclass", "top", "nsEncryptionModule") entry.setValues("cn", "RSA") diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 4689fd2b..7bfcfd6c 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -570,7 +570,7 @@ class DsInstance(service.Service): mod = [(ldap.MOD_ADD, "nsslapd-security", "on")] conn.modify_s(DN(('cn', 'config')), mod) - entry = ipaldap.Entry(DN(('cn', 'RSA'), ('cn', 'encryption'), ('cn', 'config'))) + entry = conn.make_entry(DN(('cn', 'RSA'), ('cn', 'encryption'), ('cn', 'config'))) entry.setValues("objectclass", "top", "nsEncryptionModule") entry.setValues("cn", "RSA") diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index d783da0a..43fe2b1f 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -34,7 +34,6 @@ from ipalib import errors from ipapython.ipa_log_manager import * from ipapython.dn import DN -from ipaserver import ipaldap from ipaserver.install import replication from ipaserver.install import dsinstance @@ -110,7 +109,7 @@ class KrbInstance(service.Service): # Create a host entry for this master host_dn = DN(('fqdn', self.fqdn), ('cn', 'computers'), ('cn', 'accounts'), self.suffix) - host_entry = ipaldap.Entry(host_dn) + host_entry = self.admin_conn.make_entry(host_dn) host_entry.setValues('objectclass', ['top', 'ipaobject', 'nshost', 'ipahost', 'ipaservice', 'pkiuser', 'krbprincipalaux', 'krbprincipal', 'krbticketpolicyaux', 'ipasshhost']) host_entry.setValues('krbextradata', service_entry.getValues('krbextradata')) host_entry.setValue('krblastpwdchange', service_entry.getValue('krblastpwdchange')) @@ -265,7 +264,7 @@ class KrbInstance(service.Service): root_logger.critical("Error while enumerating SASL mappings %s" % str(e)) raise e - entry = ipaldap.Entry(DN(('cn', 'Full Principal'), ('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config'))) + entry = self.admin_conn.make_entry(DN(('cn', 'Full Principal'), ('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config'))) entry.setValues("objectclass", "top", "nsSaslMapping") entry.setValues("cn", "Full Principal") entry.setValues("nsSaslMapRegexString", '\(.*\)@\(.*\)') @@ -278,7 +277,7 @@ class KrbInstance(service.Service): root_logger.critical("failed to add Full Principal Sasl mapping") raise e - entry = ipaldap.Entry(DN(('cn', 'Name Only'), ('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config'))) + entry = self.admin_conn.make_entry(DN(('cn', 'Name Only'), ('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config'))) entry.setValues("objectclass", "top", "nsSaslMapping") entry.setValues("cn", "Name Only") entry.setValues("nsSaslMapRegexString", '^[^:@]+$') diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index 0d260640..d2a23e55 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -449,7 +449,7 @@ class LDAPUpdate: cn = "indextask_%s_%s_%s" % (attribute, cn_uuid.time, cn_uuid.clock_seq) dn = DN(('cn', cn), ('cn', 'index'), ('cn', 'tasks'), ('cn', 'config')) - e = ipaldap.Entry(dn) + e = self.conn.make_entry(dn) e.setValues('objectClass', ['top', 'extensibleObject']) e.setValue('cn', cn) @@ -511,7 +511,7 @@ class LDAPUpdate: The return type is Entity """ assert isinstance(dn, DN) - entry = ipaldap.Entry(dn) + entry = self.conn.make_entry(dn) if not default: # This means that the entire entry needs to be created with add diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index fdd5c0b4..35c8d91c 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -287,7 +287,7 @@ class ReplicationManager(object): rdn_attr = dn[0].attr rdn_val = dn[0].value - ent = ipaldap.Entry(dn) + ent = conn.make_entry(dn) ent.setValues("objectclass", "top", "person") ent.setValues(rdn_attr, rdn_val) ent.setValues("userpassword", pw) @@ -337,7 +337,7 @@ class ReplicationManager(object): replica_type = self.get_replica_type() - entry = ipaldap.Entry(dn) + entry = conn.make_entry(dn) entry.setValues('objectclass', "top", "nsds5replica", "extensibleobject") entry.setValues('cn', "replica") entry.setValues('nsds5replicaroot', str(self.suffix)) @@ -352,7 +352,7 @@ class ReplicationManager(object): def setup_changelog(self, conn): dn = DN(('cn', 'changelog5'), ('cn', 'config')) dirpath = conn.dbdir + "/cldb" - entry = ipaldap.Entry(dn) + entry = conn.make_entry(dn) entry.setValues('objectclass', "top", "extensibleobject") entry.setValues('cn', "changelog5") entry.setValues('nsslapd-changelogdir', dirpath) @@ -372,7 +372,7 @@ class ReplicationManager(object): try: cn = benamebase + str(benum) # e.g. localdb1 dn = DN(('cn', cn), chaindn) - entry = ipaldap.Entry(dn) + entry = self.conn.make_entry(dn) entry.setValues('objectclass', 'top', 'extensibleObject', 'nsBackendInstance') entry.setValues('cn', cn) entry.setValues('nsslapd-suffix', str(self.suffix)) @@ -444,7 +444,7 @@ class ReplicationManager(object): pass # The user doesn't exist, add it - entry = ipaldap.Entry(pass_dn) + entry = conn.make_entry(pass_dn) entry.setValues("objectclass", ["account", "simplesecurityobject"]) entry.setValues("uid", "passsync") entry.setValues("userPassword", password) @@ -516,7 +516,7 @@ class ReplicationManager(object): except errors.NotFound: pass - entry = ipaldap.Entry(dn) + entry = a_conn.make_entry(dn) entry.setValues('objectclass', "nsds5replicationagreement") entry.setValues('cn', cn) entry.setValues('nsds5replicahost', b_hostname) @@ -912,7 +912,7 @@ class ReplicationManager(object): # Add winsync replica to the public DIT dn = DN(('cn',ad_dc_name),('cn','replicas'),('cn','ipa'),('cn','etc'), self.suffix) - entry = ipaldap.Entry(dn) + entry = self.conn.make_entry(dn) entry.setValues("objectclass", ["nsContainer", "ipaConfigObject"]) entry.setValues("cn", ad_dc_name) entry.setValues("ipaConfigString", "winsync:%s" % self.hostname) @@ -1167,7 +1167,7 @@ class ReplicationManager(object): root_logger.debug("Creating CLEANALLRUV task for replica id %d" % replicaId) dn = DN(('cn', 'clean %d' % replicaId), ('cn', 'cleanallruv'),('cn', 'tasks'), ('cn', 'config')) - e = ipaldap.Entry(dn) + e = self.conn.make_entry(dn) e.setValues('objectclass', ['top', 'extensibleObject']) e.setValue('replica-base-dn', api.env.basedn) e.setValue('replica-id', replicaId) @@ -1190,7 +1190,7 @@ class ReplicationManager(object): root_logger.debug("Creating task to abort a CLEANALLRUV operation for replica id %d" % replicaId) dn = DN(('cn', 'abort %d' % replicaId), ('cn', 'abort cleanallruv'),('cn', 'tasks'), ('cn', 'config')) - e = ipaldap.Entry(dn) + e = self.conn.make_entry(dn) e.setValues('objectclass', ['top', 'extensibleObject']) e.setValue('replica-base-dn', api.env.basedn) e.setValue('replica-id', replicaId) diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 38ee45e3..8b042df6 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -216,7 +216,7 @@ class Service(object): dn = DN(('krbprincipalname', principal), ('cn', 'services'), ('cn', 'accounts'), self.suffix) hostdn = DN(('fqdn', self.fqdn), ('cn', 'computers'), ('cn', 'accounts'), self.suffix) - entry = ipaldap.Entry(dn) + entry = self.admin_conn.make_entry(dn) entry.setValues("objectclass", ["krbprincipal", "krbprincipalaux", "krbticketpolicyaux", "ipaobject", "ipaservice", "pkiuser"]) entry.setValue("krbprincipalname", principal) entry.setValue("ipauniqueid", 'autogenerate') @@ -373,7 +373,7 @@ class Service(object): entry_name = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix) order = SERVICE_LIST[name][1] - entry = ipaldap.Entry(entry_name) + entry = self.admin_conn.make_entry(entry_name) entry.setValues("objectclass", "nsContainer", "ipaConfigObject") entry.setValues("cn", name) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index 40d9f9e8..e3c74f83 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -961,6 +961,9 @@ class LDAPConnection(object): parent_dn = self.normalize_dn(parent_dn) return DN((primary_key, entry_attrs[primary_key]), parent_dn) + def make_entry(self, _dn=None, _obj=None, **kwargs): + return LDAPEntry(_dn, _obj, **kwargs) + # generating filters for find_entry # some examples: # f1 = ldap2.make_filter_from_attr(u'firstName', u'Pavel') @@ -1651,6 +1654,10 @@ class IPAdmin(LDAPConnection): self.__bind_with_wait(self.sasl_interactive_bind_s, timeout, None, auth_tokens) self.__lateinit() + def make_entry(self, _dn=None, _obj=None, **kwargs): + entry = super(IPAdmin, self).make_entry(_dn, _obj, **kwargs) + return Entry((entry.dn, entry)) + def getEntry(self, base, scope, filterstr='(objectClass=*)', attrlist=None): # FIXME: for backwards compatibility only |