summaryrefslogtreecommitdiffstats
path: root/ipapython/ipaldap.py
Commit message (Collapse)AuthorAgeFilesLines
* ipaldap: turn LDAP filter utility functions into class methodsFraser Tweedale2016-06-291-16/+19
| | | | | | | | | The LDAP filter utilities do not use any instance attributes, so collectively turn them into class methods to promote reuse. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ldap: fix handling of binary data in search filtersJan Cholasta2016-06-211-1/+6
| | | | | | | | | | This fixes a UnicodeDecodeError when passing non-UTF-8 binary data to LDAPClient.make_filter() and friends. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* add context to exception on LdapEntry decode errorFlorence Blanc-Renaud2016-06-091-2/+10
| | | | | | | | | | | | | When reading the content of an invalid LDAP entry, the exception only displays the attribute name and value, but not the DN of the entry. Because of this, it is difficult to identify the root cause of the problem. The fix raises a ValueError exception which also contains the entry DN. https://fedorahosted.org/freeipa/ticket/5434 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* ipaldap: Convert dict items to list before iteratingPetr Viktorin2016-05-301-1/+1
| | | | | | | | | In Python 3, dict.items() returns a view. When such a view is iterated over, the dict cannot change size. Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipaldap: Keep attribute names as text, not bytesPetr Viktorin2016-05-301-2/+2
| | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove unused variable and finally block in SchemaCacheMartin Basti2016-05-121-5/+0
| | | | | | | Handling exceptions in python is expensive operation, removing of uneeded finally block is good for performance. Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* differentiate between limit types when LDAP search exceeds configured limitsMartin Babinsky2016-04-131-18/+50
| | | | | | | | | | | When LDAP search fails on exceeded limits, we should raise an specific exception for the type of limit raised (size, time, administrative) so that the consumer can distinguish between e.g. searches returning too many entries and those timing out. https://fedorahosted.org/freeipa/ticket/5677 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* pylint: supress false positive no-member errorsMartin Basti2016-03-021-1/+1
| | | | | | | | | pylint 1.5 prints many false positive no-member errors which are supressed by this commit. https://fedorahosted.org/freeipa/ticket/5615 Reviewed-By: David Kupka <dkupka@redhat.com>
* ipaldap, ldapupdate: Encoding fixes for Python 3Petr Viktorin2016-02-171-4/+10
| | | | | | https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove unused importsMartin Basti2015-12-231-4/+1
| | | | | | | This patch removes unused imports, alse pylint has been configured to check unused imports. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Upgrade: increase time limit for upgradesMartin Basti2015-12-011-2/+9
| | | | | | | | | | | | | | | | Default ldap search limit is now 30 sec by default during upgrade. Limits must be changed for the whole ldap2 connection, because this connection is used inside update plugins and commands called from upgrade. Together with increasing the time limit, also size limit should be unlimited during upgrade. With sizelimit=None we may get the TimeExceeded exception from getting default value of the sizelimit from LDAP. https://fedorahosted.org/freeipa/ticket/5267 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix more bytes/unicode issuesPetr Viktorin2015-10-221-2/+3
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipaldap: Remove extraneous `long` (included in six.int_types)Petr Viktorin2015-10-131-1/+1
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Use bytes instead of str where appropriateJan Cholasta2015-09-171-17/+17
| | | | | | Under Python 2, "str" and "bytes" are synonyms. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Alias "unicode" to "str" under Python 3Jan Cholasta2015-09-171-0/+3
| | | | | | | | | The six way of doing this is to replace all occurences of "unicode" with "six.text_type". However, "unicode" is non-ambiguous and (arguably) easier to read. Also, using it makes the patches smaller, which should help with backporting. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use six.python_2_unicode_compatibleJan Cholasta2015-09-071-1/+3
| | | | | | | | | | | Rename __unicode__ to __str__ in classes which define it and use the six.python_2_unicode_compatible decorator on them to make them compatible with both Python 2 and 3. Additional changes were required for the ipapython.dnsutil.DNSName class, because it defined both __str__ and __unicode__. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Make ldap2 connection management thread-safe againJan Cholasta2015-09-041-23/+9
| | | | | | | | | | | This fixes the connection code in LDAPClient to not store the LDAP connection in an attribute of the object, which in combination with ldap2's per-thread connections lead to race conditions resulting in connection failures. ldap2 code was updated accordingly. https://fedorahosted.org/freeipa/ticket/5268 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Use six.integer_types instead of (long, int)Petr Viktorin2015-09-011-1/+1
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use Python3-compatible dict method namesPetr Viktorin2015-09-011-8/+8
| | | | | | | | | | | | | | | | | | | | | | Python 2 has keys()/values()/items(), which return lists, iterkeys()/itervalues()/iteritems(), which return iterators, and viewkeys()/viewvalues()/viewitems() which return views. Python 3 has only keys()/values()/items(), which return views. To get iterators, one can use iter() or a for loop/comprehension; for lists there's the list() constructor. When iterating through the entire dict, without modifying the dict, the difference between Python 2's items() and iteritems() is negligible, especially on small dicts (the main overhead is extra memory, not CPU time). In the interest of simpler code, this patch changes many instances of iteritems() to items(), iterkeys() to keys() etc. In other cases, helpers like six.itervalues are used. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.string_types instead of "basestring"Petr Viktorin2015-09-011-1/+2
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-121-7/+7
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* allow to call ldap2.destroy_connection multiple timesPetr Vobornik2015-05-071-1/+1
| | | | | | A regression fix. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* speed up indirect member processingPetr Vobornik2015-04-271-0/+2
| | | | | | | | | | | | | | | the old implementation tried to get all entries which are member of group. That means also user. User can't have any members therefore this costly processing was unnecessary. New implementation reduces the search only to entries which have members. Also page size was removed to avoid paging by small pages(default size: 100) which is very slow for many members. https://fedorahosted.org/freeipa/ticket/4947 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ldap: Remove IPASimpleLDAPObjectJan Cholasta2015-04-161-105/+0
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Use SimpleLDAPObject instead of IPASimpleLDAPObject in LDAPClientJan Cholasta2015-04-161-2/+2
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Move schema handling from IPASimpleLDAPObject to LDAPClientJan Cholasta2015-04-161-280/+261
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Use LDAPClient instead of IPASimpleLDAPObject in LDAPEntryJan Cholasta2015-04-161-4/+7
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Move value encoding from IPASimpleLDAPObject to LDAPClientJan Cholasta2015-04-161-133/+80
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Use LDAPClient bind and unbind methods in IPAdminJan Cholasta2015-04-161-19/+16
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Add bind and unbind methods to LDAPClientJan Cholasta2015-04-161-0/+35
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Use LDAPClient connection management in IPAdminJan Cholasta2015-04-161-12/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Add connection management to LDAPClientJan Cholasta2015-04-161-9/+64
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Remove unused IPAdmin methodsJan Cholasta2015-04-161-8/+0
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Drop python-ldap tuple compatibilityJan Cholasta2015-04-161-66/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* User life cycle: allows MODRDN from ldap2Thierry Bordaz2015-04-161-6/+23
| | | | | | | | | enhance update_entry_rdn so that is allows to move an entry a new superior https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* baseldap: Handle missing parent objects properly in *-find commandsTomas Babej2015-01-131-1/+1
| | | | | | | | | | | | | | | | | | | | The find_entries function in ipaldap does not differentiate between a LDAP search that returns error code 32 (No such object) and LDAP search returning error code 0 (Success), but returning no results. In both cases errors.NotFound is raised. In turn, LDAPSearch commands interpret NotFound exception as no results. To differentiate between the cases, a new error EmptyResult was added, which inherits from NotFound to preserve the compatibility with the new code. This error is raised by ipaldap.find_entries in case it is performing a search with and the target dn does not exist. https://fedorahosted.org/freeipa/ticket/4659 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Refactoring of autobind, object_existsMartin Basti2014-09-261-0/+37
| | | | | | | | | Required to prevent code duplications ipaldap.IPAdmin now has method do_bind, which tries several bind methods ipaldap.IPAClient now has method object_exists(dn) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-ldap-updater: make possible to use LDAPI with autobind in case of ↵Alexander Bokovoy2014-07-041-0/+4
| | | | | | | | | | | | | | | | | hardened LDAP configuration When nsslapd-minssf is greater than 0, running as root ipa-ldap-updater [-l] will fail even if we force use of autobind for root over LDAPI. The reason for this is that schema updater doesn't get ldapi flag passed and attempts to connect to LDAP port instead and for hardened configurations using simple bind over LDAP is not enough. Additionally, report properly previously unhandled LDAP exceptions. https://fedorahosted.org/freeipa/ticket/3468 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipaldap: Override conversion of nsds5replicalast{update,init}{start,end}Tomas Babej2014-07-021-0/+4
| | | | | | | | | | | | | | | | | The replication related attributes with generalized time syntax have special behaviour implemented in 389, as follows: In case they are explicitly requested for and not set, 0 is returned. However, 0 is not a valid value for LDAP Generalized time. Thus we need to add these attributes to the _SYNTAX_OVERRIDE dictionary, overriding their conversion to datetime and converting them to string instead, which perserves the old behaviour expected by the replication codebase. https://fedorahosted.org/freeipa/ticket/4350 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Clarify LDAPClient docstrings about get_entry, get_entries and find_entriesPetr Spacek2014-06-201-1/+6
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSName conversion in ipaldapMartin Basti2014-06-031-0/+7
| | | | | | | | | | Domain name has to be stored in LDAP in punycoded value Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipalib: Add DateTime parameterTomas Babej2014-05-051-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds a parameter that represents a DateTime format using datetime.datetime object from python's native datetime library. In the CLI, accepts one of the following formats: Accepts LDAP Generalized time without in the following format: '%Y%m%d%H%M%SZ' Accepts subset of values defined by ISO 8601: '%Y-%m-%dT%H:%M:%SZ' '%Y-%m-%dT%H:%MZ' '%Y-%m-%dZ' Also accepts above formats using ' ' (space) as a separator instead of 'T'. As a simplification, it does not deal with timezone info and ISO 8601 values with timezone info (+-hhmm) are rejected. Values are expected to be in the UTC timezone. Values are saved to LDAP as LDAP Generalized time values in the format '%Y%m%d%H%SZ' (no time fractions and UTC timezone is assumed). To avoid confusion, in addition to subset of ISO 8601 values, the LDAP generalized time in the format '%Y%m%d%H%M%SZ' is also accepted as an input (as this is the format user will see on the output). Part of: https://fedorahosted.org/freeipa/ticket/3306 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Keep original name when setting attribute in LDAPEntry.Jan Cholasta2014-04-181-33/+20
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Replace get_syntax method of IPASimpleObject with new get_type method.Jan Cholasta2014-04-181-13/+15
| | | | | | get_type returns the Python type for an LDAP attribute. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix modlist generation code not to generate empty replace mods.Jan Cholasta2014-03-031-3/+3
| | | | | https://fedorahosted.org/freeipa/ticket/4138 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Raise an exception when legacy LDAP API is used.Jan Cholasta2014-01-241-19/+12
|
* Do not crash on bad LDAP data when formatting decode error message.Jan Cholasta2014-01-101-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Store old entry state in dict rather than LDAPEntry.Jan Cholasta2014-01-101-29/+17
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Remove legacy LDAPEntry properties data and orig_data.Jan Cholasta2014-01-101-11/+0
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Remove unused LDAPClient methods get_syntax and get_single_value.Jan Cholasta2014-01-101-12/+0
| | | | https://fedorahosted.org/freeipa/ticket/3488
generated by cgit (git 2.34.1) at 2024-05-28 23:49:20 +0000