diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2013-01-30 09:51:08 -0500 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-03-01 16:59:46 +0100 |
| commit | 982b78277755a301e3baa1d4f2bd7e1663fb88a5 (patch) | |
| tree | 1fc9a5c53663f98dd62ec759cc9d16a76ce2fd2b | |
| parent | 29a02a3530214d2e72667e98c5ecc25ebf5fad48 (diff) | |
| download | freeipa-982b78277755a301e3baa1d4f2bd7e1663fb88a5.tar.gz freeipa-982b78277755a301e3baa1d4f2bd7e1663fb88a5.tar.xz freeipa-982b78277755a301e3baa1d4f2bd7e1663fb88a5.zip | |
Remove some uses of raw python-ldap
Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
| -rwxr-xr-x | install/tools/ipa-csreplica-manage | 77 | ||||
| -rwxr-xr-x | install/tools/ipa-dns-install | 11 | ||||
| -rwxr-xr-x | install/tools/ipa-managed-entries | 56 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-manage | 82 | ||||
| -rw-r--r-- | install/tools/ipa-upgradeconfig | 60 | ||||
| -rw-r--r-- | ipaserver/install/krbinstance.py | 8 | ||||
| -rw-r--r-- | ipaserver/install/plugins/rename_managed.py | 7 | ||||
| -rw-r--r-- | ipaserver/install/service.py | 12 | ||||
| -rw-r--r-- | ipaserver/plugins/dogtag.py | 30 |
9 files changed, 142 insertions, 201 deletions
diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index c088bba1a..2c8d03a9d 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -22,7 +22,7 @@ import sys import os -import ldap, krbV +import krbV from ipapython.ipa_log_manager import * from ipapython import ipautil @@ -48,17 +48,6 @@ commands = { "force-sync":(0, 0, "", "") } -def convert_error(exc): - """ - LDAP exceptions are a dictionary, make them prettier. - """ - if isinstance(exc, ldap.LDAPError): - desc = exc.args[0]['desc'].strip() - info = exc.args[0].get('info', '').strip() - return '%s %s' % (desc, info) - else: - return str(exc) - def get_cs_replication_manager(realm, host, dirman_passwd): """Get a CSReplicationManager for a remote host @@ -145,14 +134,14 @@ class CSReplicationManager(replication.ReplicationManager): def delete_referral(self, hostname, port): dn = DN(('cn', self.suffix), ('cn', 'mapping tree'), ('cn', 'config')) - # TODO: should we detect proto somehow ? - mod = [(ldap.MOD_DELETE, 'nsslapd-referral', - 'ldap://%s/%s' % (ipautil.format_netloc(hostname, port), self.suffix))] - + entry = self.conn.get_entry(dn) try: - self.conn.modify_s(dn, mod) + # TODO: should we detect proto somehow ? + entry['nsslapd-referral'].remove('ldap://%s/%s' % + (ipautil.format_netloc(hostname, port), self.suffix)) + self.conn.update_entry(entry) except Exception, e: - root_logger.debug("Failed to remove referral value: %s" % convert_error(e)) + root_logger.debug("Failed to remove referral value: %s" % e) def has_ipaca(self): try: @@ -211,7 +200,7 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose): conn.do_simple_bind(bindpw=dirman_passwd) dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm)) - entries = conn.get_entries(dn, ldap.SCOPE_ONELEVEL) + entries = conn.get_entries(dn, conn.SCOPE_ONELEVEL) for ent in entries: try: @@ -222,7 +211,9 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose): peers[ent.single_value('cn')] = ['CA not configured', ''] except Exception, e: - sys.exit("Failed to get data from '%s' while trying to list replicas: %s" % (host, convert_error(e))) + sys.exit( + "Failed to get data from '%s' while trying to list replicas: %s" % + (host, e)) finally: conn.unbind() @@ -272,10 +263,10 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False): repl1.hostnames = [replica1, replica2] - except ldap.SERVER_DOWN, e: - sys.exit("Unable to connect to %s: %s" % (replica1, convert_error(e))) + except errors.NetworkError, e: + sys.exit("Unable to connect to %s: %s" % (replica1, e)) except Exception, e: - sys.exit("Failed to get data from '%s': %s" % (replica1, convert_error(e))) + sys.exit("Failed to get data from '%s': %s" % (replica1, e)) try: repl2 = get_cs_replication_manager(realm, replica2, dirman_passwd) @@ -307,16 +298,12 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False): if replica2_dn is None: sys.exit("'%s' has no replication agreement for '%s'" % (replica1, replica2)) - except ldap.NO_SUCH_OBJECT: - print "'%s' has no replication agreement for '%s'" % (replica2, replica1) - if not force: - sys.exit(1) except errors.NotFound: print "'%s' has no replication agreement for '%s'" % (replica2, replica1) if not force: return except Exception, e: - print "Failed to get data from '%s': %s" % (replica2, convert_error(e)) + print "Failed to get data from '%s': %s" % (replica2, e) if not force: sys.exit(1) @@ -326,7 +313,7 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False): repl2.delete_agreement(replica1, replica2_dn) repl2.delete_referral(replica1, repl1.port) except Exception, e: - print "Unable to remove agreement on %s: %s" % (replica2, convert_error(e)) + print "Unable to remove agreement on %s: %s" % (replica2, e) failed = True if failed: @@ -354,7 +341,7 @@ def del_master(realm, hostname, options): thisrepl = get_cs_replication_manager(realm, options.host, options.dirman_passwd) except Exception, e: - sys.exit("Failed to connect to server %s: %s" % (options.host, convert_error(e))) + sys.exit("Failed to connect to server %s: %s" % (options.host, e)) # 2. Ensure we have an agreement with the master if thisrepl.get_replication_agreement(hostname) is None: @@ -366,7 +353,7 @@ def del_master(realm, hostname, options): options.dirman_passwd) except Exception, e: if not options.force: - print "Unable to delete replica %s: %s" % (hostname, convert_error(e)) + print "Unable to delete replica %s: %s" % (hostname, e) sys.exit(1) else: print "Unable to connect to replica %s, forcing removal" % hostname @@ -384,7 +371,7 @@ def del_master(realm, hostname, options): try: del_link(realm, r, hostname, options.dirman_passwd, force=True) except Exception, e: - sys.exit("There were issues removing a connection: %s" % convert_error(e)) + sys.exit("There were issues removing a connection: %s" % e) def add_link(realm, replica1, replica2, dirman_passwd, options): repl2 = get_cs_replication_manager(realm, replica2, dirman_passwd) @@ -394,7 +381,7 @@ def add_link(realm, replica1, replica2, dirman_passwd, options): dn = DN(('cn', 'CA'), ('cn', replica2), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm)) - conn.get_entries(dn, ldap.SCOPE_ONELEVEL) + conn.get_entries(dn, conn.SCOPE_ONELEVEL) conn.unbind() except errors.NotFound: sys.exit('%s does not have a CA configured.' % replica2) @@ -411,12 +398,14 @@ def add_link(realm, replica1, replica2, dirman_passwd, options): sys.exit('This replication agreement already exists.') repl1.hostnames = [replica1, replica2] - except ldap.NO_SUCH_OBJECT: + except errors.NotFound: sys.exit("Cannot find replica '%s'" % replica1) - except ldap.SERVER_DOWN, e: - sys.exit("Unable to connect to %s: %s" % (replica1, convert_error(e))) + except errors.NetworkError, e: + sys.exit("Unable to connect to %s: %s" % (replica1, e)) except Exception, e: - sys.exit("Failed to get data from '%s' while trying to get current agreements: %s" % (replica1, convert_error(e))) + sys.exit( + "Failed to get data from '%s' while trying to get current " + "agreements: %s" % (replica1, e)) repl1.setup_replication( replica2, repl2.port, 0, DN(('cn', 'Directory Manager')), @@ -436,7 +425,7 @@ def re_initialize(realm, options): filter = repl.get_agreement_filter(host=thishost) try: entry = repl.conn.get_entries( - DN(('cn', 'config')), ldap.SCOPE_SUBTREE, filter) + DN(('cn', 'config')), repl.conn.SCOPE_SUBTREE, filter) except errors.NotFound: root_logger.error("Unable to find %s -> %s replication agreement" % (options.fromhost, thishost)) sys.exit(1) @@ -452,7 +441,7 @@ def force_sync(realm, thishost, fromhost, dirman_passwd): try: repl.force_sync(repl.conn, thishost) except Exception, e: - sys.exit(convert_error(e)) + sys.exit(e) def main(): options, args = parse_options() @@ -525,13 +514,5 @@ except KeyboardInterrupt: sys.exit(1) except SystemExit, e: sys.exit(e) -except ldap.INVALID_CREDENTIALS: - sys.exit("Invalid password") -except ldap.INSUFFICIENT_ACCESS: - sys.exit("Insufficient access") -except ldap.LOCAL_ERROR, e: - sys.exit(convert_error(e)) -except ldap.SERVER_DOWN, e: - sys.exit("%s" % convert_error(e)) except Exception, e: - sys.exit("unexpected error: %s" % convert_error(e)) + sys.exit("unexpected error: %s" % e) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 4918b95df..e12a0465c 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -19,6 +19,10 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # +from optparse import OptionGroup, SUPPRESS_HELP + +import krbV + from ipaserver.install import service, bindinstance, ntpinstance, httpinstance from ipaserver.install.installutils import * from ipaserver.install import installutils @@ -26,10 +30,7 @@ from ipapython import version from ipapython import ipautil, sysrestore from ipalib import api, errors, util from ipapython.config import IPAOptionParser -from optparse import OptionGroup, SUPPRESS_HELP -import krbV -import ldap -from ipapython.ipa_log_manager import * +from ipapython.ipa_log_manager import standard_logging_setup, root_logger log_file_name = "/var/log/ipaserver-install.log" @@ -148,7 +149,7 @@ def main(): try: bind.ldap_connect() bind.ldap_disconnect() - except ldap.INVALID_CREDENTIALS, e: + except errors.ACIError: sys.exit("Password is not valid!") # Check we have a public IP that is associated with the hostname diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries index b7dbdb9d3..df1b8930b 100755 --- a/install/tools/ipa-managed-entries +++ b/install/tools/ipa-managed-entries @@ -18,26 +18,16 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # -import ldap import re import sys -try: - from optparse import OptionParser - from ipapython import ipautil, config - from ipaserver.install import installutils - from ipaserver import ipaldap - from ipalib import api, errors - from ipapython.ipa_log_manager import * - from ipapython.dn import DN - -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) +from optparse import OptionParser + +from ipapython import ipautil, config +from ipaserver.install import installutils +from ipaserver import ipaldap +from ipalib import api, errors +from ipapython.ipa_log_manager import * +from ipapython.dn import DN CACERT = "/etc/ipa/ca.crt" @@ -103,28 +93,24 @@ def main(): conn.do_simple_bind(bindpw=options.dirman_password) else: conn.do_sasl_gssapi_bind() - except ldap.LOCAL_ERROR: + except errors.ACIError: dirman_password = get_dirman_password() if dirman_password is None: sys.exit("\nDirectory Manager password required") try: conn.do_simple_bind(bindpw=dirman_password) - except ldap.INVALID_CREDENTIALS: + except errors.ACIError: sys.exit("Invalid credentials") - except ldap.INVALID_CREDENTIALS: - sys.exit("Invalid credentials") except errors.ExecutionError, lde: sys.exit("An error occurred while connecting to the server.\n%s\n" % str(lde)) - except errors.ACIError, e: - sys.exit("Authentication failed: %s" % e.info) if options.list_managed_entries: # List available Managed Entry Plugins managed_entries = None try: entries = conn.get_entries( - managed_entry_definitions_dn, ldap.SCOPE_SUBTREE, filter) + managed_entry_definitions_dn, conn.SCOPE_SUBTREE, filter) except Exception, e: root_logger.debug("Search for managed entries failed: %s" % str(e)) sys.exit("Unable to find managed entries at %s" % managed_entry_definitions_dn) @@ -143,7 +129,7 @@ def main(): disabled = True try: - [entry] = conn.get_entries(def_dn, ldap.SCOPE_BASE, + [entry] = conn.get_entries(def_dn, conn.SCOPE_BASE, filter, ['originfilter']) disable_attr = '(objectclass=disable)' try: @@ -151,8 +137,6 @@ def main(): disabled = re.search(r'%s' % disable_attr, org_filter) except KeyError: sys.exit("%s is not a valid Managed Entry" % def_dn) - except ldap.NO_SUCH_OBJECT: - sys.exit("%s is not a valid Managed Entry" % def_dn) except errors.NotFound: sys.exit("%s is not a valid Managed Entry" % def_dn) except errors.ExecutionError, lde: @@ -175,12 +159,8 @@ def main(): # Remove disable_attr from filter enable_attr = org_filter.replace(disable_attr, '') #enable_attr = {'originfilter': enable_attr} - conn.modify_s( - def_dn, - [(ldap.MOD_REPLACE, - 'originfilter', - enable_attr)] - ) + entry['originfilter'] = [enable_attr] + conn.update_entry(entry) print "Enabling Plugin" retval = 0 except errors.NotFound: @@ -203,12 +183,8 @@ def main(): disable_attr = org_filter[:2] + disable_attr + org_filter[2:] else: disable_attr = '(&%s(%s))' % (disable_attr, org_filter) - conn.modify_s( - def_dn, - [(ldap.MOD_REPLACE, - 'originfilter', - disable_attr)] - ) + entry['originfilter'] = [disable_attr] + conn.update_entry(entry) print "Disabling Plugin" except errors.NotFound: print "Plugin is already disabled" diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 3035629be..859809bf1 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -20,7 +20,7 @@ import sys import os -import ldap, re, krbV +import re, krbV import traceback from urllib2 import urlparse @@ -54,16 +54,6 @@ commands = { "list-clean-ruv":(0, 0, "", ""), } -def convert_error(exc): - """ - LDAP exceptions are a dictionary, make them prettier. - """ - if isinstance(exc, ldap.LDAPError): - desc = exc.args[0]['desc'].strip() - info = exc.args[0].get('info', '').strip() - return '%s %s' % (desc, info) - else: - return str(exc) def parse_options(): parser = IPAOptionParser(version=version.VERSION) @@ -128,7 +118,7 @@ def test_connection(realm, host): ents = replman.find_replication_agreements() del replman return True - except ldap.LOCAL_ERROR: + except errors.ACIError: return False except errors.NotFound: # We do a search in cn=config. NotFound in this case means no @@ -156,7 +146,7 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose): dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm)) try: - entries = conn.get_entries(dn, ldap.SCOPE_ONELEVEL) + entries = conn.get_entries(dn, conn.SCOPE_ONELEVEL) except: print "Failed to read master data from '%s': %s" % (host, str(e)) return @@ -166,7 +156,7 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose): dn = DN(('cn', 'replicas'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm)) try: - entries = conn.get_entries(dn, ldap.SCOPE_ONELEVEL) + entries = conn.get_entries(dn, conn.SCOPE_ONELEVEL) except: pass else: @@ -196,7 +186,7 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose): dirman_passwd) cn, dn = repl.agreement_dn(replica) entries = repl.conn.get_entries( - dn, ldap.SCOPE_BASE, + dn, conn.SCOPE_BASE, "(objectclass=nsDSWindowsReplicationAgreement)") ent_type = 'winsync' else: @@ -205,7 +195,7 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose): entries = repl.find_replication_agreements() ent_type = 'replica' except Exception, e: - print "Failed to get data from '%s': %s" % (replica, convert_error(e)) + print "Failed to get data from '%s': %s" % (replica, e) return for entry in entries: @@ -249,11 +239,11 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False): print "Please use the 'del' command to remove it from the domain" return False - except (ldap.NO_SUCH_OBJECT, errors.NotFound): + except errors.NotFound: print "'%s' has no replication agreement for '%s'" % (replica1, replica2) return False except Exception, e: - print "Failed to determine agreement type for '%s': %s" % (replica1, convert_error(e)) + print "Failed to determine agreement type for '%s': %s" % (replica1, e) return False if type1 == replication.IPA_REPLICA: @@ -266,12 +256,12 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False): print "Please use the 'del' command to remove it from the domain" return False - except (ldap.NO_SUCH_OBJECT, errors.NotFound): + except errors.NotFound: print "'%s' has no replication agreement for '%s'" % (replica2, replica1) if not force: return False except Exception, e: - print "Failed to get list of agreements from '%s': %s" % (replica2, convert_error(e)) + print "Failed to get list of agreements from '%s': %s" % (replica2, e) if not force: return False @@ -286,7 +276,7 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False): repl2.delete_referral(replica1) repl2.set_readonly(readonly=False) except Exception, e: - print "Unable to remove agreement on %s: %s" % (replica2, convert_error(e)) + print "Unable to remove agreement on %s: %s" % (replica2, e) failed = True if failed: @@ -305,13 +295,13 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False): try: dn = DN(('cn', replica2), ('cn', 'replicas'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm)) - entries = repl1.conn.get_entries(dn, ldap.SCOPE_SUBTREE) + entries = repl1.conn.get_entries(dn, repl1.conn.SCOPE_SUBTREE) if entries: entries.sort(key=len, reverse=True) for entry in entries: repl1.conn.delete_entry(entry) except Exception, e: - print "Error deleting winsync replica shared info: %s" % convert_error(e) + print "Error deleting winsync replica shared info: %s" % e print "Deleted replication agreement from '%s' to '%s'" % (replica1, replica2) @@ -327,13 +317,14 @@ def get_ruv(realm, host, dirman_passwd): try: thisrepl = replication.ReplicationManager(realm, host, dirman_passwd) except Exception, e: - print "Failed to connect to server %s: %s" % (host, convert_error(e)) + print "Failed to connect to server %s: %s" % (host, e) sys.exit(1) search_filter = '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))' try: entries = thisrepl.conn.get_entries( - api.env.basedn, ldap.SCOPE_ONELEVEL, search_filter, ['nsds50ruv']) + api.env.basedn, thisrepl.conn.SCOPE_ONELEVEL, search_filter, + ['nsds50ruv']) except errors.NotFound: print "No RUV records found." sys.exit(0) @@ -456,7 +447,7 @@ def list_clean_ruv(realm, host, dirman_passwd, verbose): repl = replication.ReplicationManager(realm, host, dirman_passwd) dn = DN(('cn', 'cleanallruv'),('cn', 'tasks'), ('cn', 'config')) try: - entries = repl.conn.get_entries(dn, ldap.SCOPE_ONELEVEL) + entries = repl.conn.get_entries(dn, repl.conn.SCOPE_ONELEVEL) except errors.NotFound: print "No CLEANALLRUV tasks running" else: @@ -473,7 +464,7 @@ def list_clean_ruv(realm, host, dirman_passwd, verbose): dn = DN(('cn', 'abort cleanallruv'),('cn', 'tasks'), ('cn', 'config')) try: - entries = repl.conn.get_entries(dn, ldap.SCOPE_ONELEVEL) + entries = repl.conn.get_entries(dn, repl.conn.SCOPE_ONELEVEL) except errors.NotFound: print "No abort CLEANALLRUV tasks running" else: @@ -514,7 +505,7 @@ def check_last_link(delrepl, realm, dirman_passwd, force): for replica in replica_names: try: repl = replication.ReplicationManager(realm, replica, dirman_passwd) - except ldap.SERVER_DOWN, e: + except errors.NetworkError: print "Unable to validate that '%s' will not be orphaned." % replica if not force and not ipautil.user_input("Continue to delete?", False): @@ -548,7 +539,7 @@ def del_master(realm, hostname, options): thisrepl = replication.ReplicationManager(realm, options.host, options.dirman_passwd) except Exception, e: - print "Failed to connect to server %s: %s" % (options.host, convert_error(e)) + print "Failed to connect to server %s: %s" % (options.host, e) sys.exit(1) # 2. Ensure we have an agreement with the master @@ -577,7 +568,7 @@ def del_master(realm, hostname, options): try: delrepl = replication.ReplicationManager(realm, hostname, options.dirman_passwd) except Exception, e: - print "Connection to '%s' failed: %s" % (hostname, convert_error(e)) + print "Connection to '%s' failed: %s" % (hostname, e) if not options.force: print "Unable to delete replica '%s'" % hostname sys.exit(1) @@ -587,7 +578,8 @@ def del_master(realm, hostname, options): if force_del: dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), thisrepl.suffix) - entries = thisrepl.conn.get_entries(dn, ldap.SCOPE_ONELEVEL) + entries = thisrepl.conn.get_entries( + dn, thisrepl.conn.SCOPE_ONELEVEL) replica_names = [] for entry in entries: replica_names.append(entry.single_value('cn')) @@ -617,10 +609,12 @@ def del_master(realm, hostname, options): if delrepl and not winsync: masters_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm)) try: - masters = delrepl.conn.get_entries(masters_dn, ldap.SCOPE_ONELEVEL) + masters = delrepl.conn.get_entries( + masters_dn, delrepl.conn.SCOPE_ONELEVEL) except Exception, e: masters = [] - print "Failed to read masters data from '%s': %s" % (delrepl.hostname, convert_error(e)) + print "Failed to read masters data from '%s': %s" % ( + delrepl.hostname, e) print "Skipping calculation to determine if one or more masters would be orphaned." if not options.force: sys.exit(1) @@ -672,7 +666,8 @@ def del_master(realm, hostname, options): if not del_link(realm, r, hostname, options.dirman_passwd, force=True): print "Unable to remove replication agreement for %s from %s." % (hostname, r) except Exception, e: - print "There were issues removing a connection for %s from %s: %s" % (hostname, r, convert_error(e)) + print ("There were issues removing a connection for %s " + "from %s: %s" % (hostname, r, e)) # 5. Clean RUV for the deleted master if repltype == replication.IPA_REPLICA: @@ -685,7 +680,7 @@ def del_master(realm, hostname, options): try: thisrepl.replica_cleanup(hostname, realm, force=True) except Exception, e: - print "Failed to cleanup %s entries: %s" % (hostname, convert_error(e)) + print "Failed to cleanup %s entries: %s" % (hostname, e) print "You may need to manually remove them from the tree" # 7. And clean up the removed replica DNS entries if any. @@ -701,7 +696,7 @@ def del_master(realm, hostname, options): bind = bindinstance.BindInstance() bind.remove_master_dns_records(hostname, realm, realm.lower()) except Exception, e: - print "Failed to cleanup %s DNS entries: %s" % (hostname, convert_error(e)) + print "Failed to cleanup %s DNS entries: %s" % (hostname, e) print "You may need to manually remove them from the tree" def add_link(realm, replica1, replica2, dirman_passwd, options): @@ -743,11 +738,11 @@ def add_link(realm, replica1, replica2, dirman_passwd, options): # the directory server and kill the connection try: repl1 = replication.ReplicationManager(realm, replica1, dirman_passwd) - except (ldap.NO_SUCH_OBJECT, errors.NotFound): + except errors.NotFound: print "Cannot find replica '%s'" % replica1 return except Exception, e: - print "Failed to connect to '%s': %s" % (replica1, convert_error(e)) + print "Failed to connect to '%s': %s" % (replica1, e) return if options.winsync: @@ -929,17 +924,6 @@ except SystemExit, e: sys.exit(e) except RuntimeError, e: sys.exit(e) -except ldap.INVALID_CREDENTIALS: - print "Invalid password" - sys.exit(1) -except ldap.INSUFFICIENT_ACCESS: - print "Insufficient access" - sys.exit(1) -except ldap.LOCAL_ERROR, e: - print e.args[0]['info'] - sys.exit(1) -except ldap.SERVER_DOWN, e: - print e.args[0]['desc'] except Exception, e: print "unexpected error: %s" % str(e) sys.exit(1) diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index f71d834e5..9bd706ad0 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -24,39 +24,31 @@ Upgrade configuration files to a newer template. """ import sys -try: - from ipapython import ipautil, sysrestore, version, services - from ipapython.config import IPAOptionParser - from ipapython.ipa_log_manager import * - from ipapython import certmonger - from ipapython import dogtag - from ipapython.dn import DN - from ipaserver.install import installutils - from ipaserver.install import dsinstance - from ipaserver.install import httpinstance - from ipaserver.install import memcacheinstance - from ipaserver.install import bindinstance - from ipaserver.install import service - from ipaserver.install import cainstance - from ipaserver.install import certs - from ipaserver.install import sysupgrade - import ldap - import re - import os - import shutil - import pwd - import fileinput - from ipalib import api - import ipalib.util - import ipalib.errors -except ImportError: - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) +import re +import os +import shutil +import pwd +import fileinput + +from ipalib import api +import ipalib.util +import ipalib.errors +from ipapython import ipautil, sysrestore, version, services +from ipapython.config import IPAOptionParser +from ipapython.ipa_log_manager import * +from ipapython import certmonger +from ipapython import dogtag +from ipapython.dn import DN +from ipaserver.install import installutils +from ipaserver.install import dsinstance +from ipaserver.install import httpinstance +from ipaserver.install import memcacheinstance +from ipaserver.install import bindinstance +from ipaserver.install import service +from ipaserver.install import cainstance +from ipaserver.install import certs +from ipaserver.install import sysupgrade + def parse_options(): parser = IPAOptionParser(version=version.VERSION) @@ -741,7 +733,7 @@ def main(): ds = dsinstance.DsInstance() ds.start() memcache.create_instance('MEMCACHE', fqdn, None, ipautil.realm_to_suffix(api.env.realm)) - except (ldap.ALREADY_EXISTS, ipalib.errors.DuplicateEntry): + except ipalib.errors.DuplicateEntry: pass cleanup_kdc(fstore) diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 4d91dd6ff..51c542734 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -37,8 +37,6 @@ from ipapython.dn import DN from ipaserver.install import replication from ipaserver.install import dsinstance -import ldap - import pyasn1.codec.ber.decoder import struct @@ -260,7 +258,7 @@ class KrbInstance(service.Service): try: res = self.admin_conn.get_entries( DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')), - ldap.SCOPE_ONELEVEL, + self.admin_conn.SCOPE_ONELEVEL, "(objectclass=nsSaslMapping)") for r in res: try: @@ -360,8 +358,8 @@ class KrbInstance(service.Service): def __write_stash_from_ds(self): try: - entries = self.admin_conn.get_entries(self.get_realm_suffix(), - ldap.SCOPE_SUBTREE) + entries = self.admin_conn.get_entries( + self.get_realm_suffix(), self.admin_conn.SCOPE_SUBTREE) # TODO: Ensure we got only one entry entry = entries[0] except errors.NotFound, e: diff --git a/ipaserver/install/plugins/rename_managed.py b/ipaserver/install/plugins/rename_managed.py index c83e8a8a2..206e0a0da 100644 --- a/ipaserver/install/plugins/rename_managed.py +++ b/ipaserver/install/plugins/rename_managed.py @@ -22,7 +22,6 @@ from ipaserver.install.plugins.baseupdate import PreUpdate, PostUpdate from ipalib import api, errors from ipapython import ipautil from ipapython.dn import DN, EditableDN -import ldap as _ldap def entry_to_update(entry): """ @@ -66,9 +65,9 @@ class GenerateUpdateMixin(object): # If the old entries don't exist the server has already been updated. try: - (definitions_managed_entries, truncated) = ldap.find_entries( - searchfilter, ['*'], old_definition_container, _ldap.SCOPE_ONELEVEL, normalize=False - ) + definitions_managed_entries, truncated = ldap.find_entries( + searchfilter, ['*'], old_definition_container, + ldap.SCOPE_ONELEVEL, normalize=False) except errors.NotFound, e: return (False, update_list) diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index cc5bb877f..633287e20 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -24,8 +24,6 @@ import pwd import time import datetime -import ldap - from ipapython import sysrestore from ipapython import ipautil from ipapython import dogtag @@ -249,10 +247,12 @@ class Service(object): self.ldap_disconnect() self.ldap_connect() - dn = DN(('krbprincipalname', self.principal), ('cn', 'services'), ('cn', 'accounts'), self.suffix) - mod = [(ldap.MOD_ADD, 'userCertificate', self.dercert)] + dn = DN(('krbprincipalname', self.principal), ('cn', 'services'), + ('cn', 'accounts'), self.suffix) + entry = self.admin_conn.get_entry(dn) + entry.setdefault('userCertificate', []).append(self.dercert) try: - self.admin_conn.modify_s(dn, mod) + self.admin_conn.update_entry(entry) except Exception, e: root_logger.critical("Could not add certificate to service %s entry: %s" % (self.principal, str(e))) @@ -387,7 +387,7 @@ class Service(object): try: self.admin_conn.add_entry(entry) - except (ldap.ALREADY_EXISTS, errors.DuplicateEntry), e: + except (errors.DuplicateEntry), e: root_logger.debug("failed to add %s Service startup entry" % name) raise e diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 343368c99..054a29b40 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -237,12 +237,10 @@ digits and nothing else follows. ''' from lxml import etree -import urllib import urllib2 import datetime import time from ipapython.dn import DN -from ldap.filter import escape_filter_chars import ipapython.dogtag from ipapython import ipautil @@ -1267,11 +1265,17 @@ class ra(rabase.rabase): Check if a specified host is a master for a specified service. """ - base_dn = DN(('cn', host), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) - filter = '(&(objectClass=ipaConfigObject)(cn=%s)(ipaConfigString=enabledService))' % escape_filter_chars(service) + ldap2 = self.api.Backend.ldap2 + base_dn = DN(('cn', host), ('cn', 'masters'), ('cn', 'ipa'), + ('cn', 'etc'), api.env.basedn) + filter_attrs = { + 'objectClass': 'ipaConfigObject', + 'cn': service, + 'ipaConfigString': 'enabledService', + } + filter = ldap2.make_filter(filter_attrs, rules='&') try: - ldap2 = self.api.Backend.ldap2 - ent,trunc = ldap2.find_entries(filter=filter, base_dn=base_dn) + ent, trunc = ldap2.find_entries(filter=filter, base_dn=base_dn) if len(ent): return True except Exception, e: @@ -1286,11 +1290,17 @@ class ra(rabase.rabase): Select any host which is a master for a specified service. """ - base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) - filter = '(&(objectClass=ipaConfigObject)(cn=%s)(ipaConfigString=enabledService))' % escape_filter_chars(service) + ldap2 = self.api.Backend.ldap2 + base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), + api.env.basedn) + filter_attrs = { + 'objectClass': 'ipaConfigObject', + 'cn': service, + 'ipaConfigString': 'enabledService', + } + filter = ldap2.make_filter(filter_attrs, rules='&') try: - ldap2 = self.api.Backend.ldap2 - ent,trunc = ldap2.find_entries(filter=filter, base_dn=base_dn) + ent, trunc = ldap2.find_entries(filter=filter, base_dn=base_dn) if len(ent): entry = random.choice(ent) dn = entry[0] |