From 08276c24febf392bbf67cd4917ce65c77e371aef Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 17 Jan 2013 08:31:23 -0500 Subject: Remove connection-creating code from ShemaCache The connection code depends on the api object. If we want to use the cache in installer code, where the api object is not always available, the dependency must be removed. Luckily, SchemaCache.get_schema is currently always given a connection. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660 --- ipaserver/plugins/ldap2.py | 37 +++---------------------------------- 1 file changed, 3 insertions(+), 34 deletions(-) (limited to 'ipaserver/plugins/ldap2.py') diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 16e7e55e..d27d2de0 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -127,7 +127,7 @@ class SchemaCache(object): self.log = log_mgr.get_logger(self) self.servers = {} - def get_schema(self, url, conn=None, force_update=False): + def get_schema(self, url, conn, force_update=False): ''' Return schema belonging to a specific LDAP server. @@ -154,7 +154,7 @@ class SchemaCache(object): except KeyError: pass - def _retrieve_schema_from_server(self, url, conn=None): + def _retrieve_schema_from_server(self, url, conn): """ Retrieve the LDAP schema from the provided url and determine if User-Private Groups (upg) are configured. @@ -168,41 +168,12 @@ class SchemaCache(object): used. The connection is not closed when the request is done. """ tmpdir = None - has_conn = conn is not None + assert conn is not None self.log.debug( 'retrieving schema for SchemaCache url=%s conn=%s', url, conn) try: - if api.env.context == 'server' and conn is None: - # FIXME: is this really what we want to do? - # This seems like this logic is in the wrong place and may conflict with other state. - try: - # Create a new credentials cache for this Apache process - tmpdir = tempfile.mkdtemp(prefix = "tmp-") - ccache_file = 'FILE:%s/ccache' % tmpdir - krbcontext = krbV.default_context() - principal = str('HTTP/%s@%s' % (api.env.host, api.env.realm)) - keytab = krbV.Keytab(name='/etc/httpd/conf/ipa.keytab', context=krbcontext) - principal = krbV.Principal(name=principal, context=krbcontext) - prev_ccache = os.environ.get('KRB5CCNAME') - os.environ['KRB5CCNAME'] = ccache_file - ccache = krbV.CCache(name=ccache_file, context=krbcontext, primary_principal=principal) - ccache.init(principal) - ccache.init_creds_keytab(keytab=keytab, principal=principal) - except krbV.Krb5Error, e: - raise StandardError('Unable to retrieve LDAP schema. Error initializing principal %s in %s: %s' % (principal.name, '/etc/httpd/conf/ipa.keytab', str(e))) - finally: - if prev_ccache is not None: - os.environ['KRB5CCNAME'] = prev_ccache - - - if conn is None: - conn = IPASimpleLDAPObject(url) - if url.startswith('ldapi://'): - conn.set_option(_ldap.OPT_HOST_NAME, api.env.host) - conn.sasl_interactive_bind_s(None, SASL_AUTH) - try: schema_entry = conn.search_s('cn=schema', _ldap.SCOPE_BASE, attrlist=['attributetypes', 'objectclasses'])[0] @@ -212,8 +183,6 @@ class SchemaCache(object): self.log.debug('cn=schema not found, fallback to cn=subschema') schema_entry = conn.search_s('cn=subschema', _ldap.SCOPE_BASE, attrlist=['attributetypes', 'objectclasses'])[0] - if not has_conn: - conn.unbind_s() except _ldap.SERVER_DOWN: raise NetworkError(uri=url, error=u'LDAP Server Down, unable to retrieve LDAP schema') -- cgit