summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/ldapupdate.py
Commit message (Collapse)AuthorAgeFilesLines
* fix upgrade: wait for proper DS socket after DS restartMartin Basti2016-02-231-3/+1
| | | | | | | | | | | DS restart executed by upgrade plugin causes that upgrade framework is waiting for the improper socket. It leads to TimeoutError because DS is not listening on 389 port during upgrade. This commit fixes the issue. Required for: https://fedorahosted.org/freeipa/ticket/5665 Reviewed-By: Tomas Babej <tbabej@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipaldap, ldapupdate: Encoding fixes for Python 3Petr Viktorin2016-02-171-0/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove wildcard importsMartin Basti2015-12-231-1/+1
| | | | | | | | | | | Wildcard imports should not be used. Check for wildcard imports has been enabled in pylint. Pylint note: options 'wildcard-import' causes too much false positive results, so instead it I used 'unused-wildcard-import' option which has almost the same effect. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove unused importsMartin Basti2015-12-231-1/+0
| | | | | | | This patch removes unused imports, alse pylint has been configured to check unused imports. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Upgrade: increase time limit for upgradesMartin Basti2015-12-011-1/+4
| | | | | | | | | | | | | | | | Default ldap search limit is now 30 sec by default during upgrade. Limits must be changed for the whole ldap2 connection, because this connection is used inside update plugins and commands called from upgrade. Together with increasing the time limit, also size limit should be unlimited during upgrade. With sizelimit=None we may get the TimeExceeded exception from getting default value of the sizelimit from LDAP. https://fedorahosted.org/freeipa/ticket/5267 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Handle binascii.Error from base64.b64decode()Petr Viktorin2015-10-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In Python 3, the base64.b64decode function raises binascii.Error (a ValueError subclass) when it finds incorrect padding. In Python 2 it raises TypeError. Callers should usually handle ValueError; unless they are specifically concerned with handling base64 padding issues). In some cases, callers should handle ValueError: - ipalib.pkcs10 (get_friendlyname, load_certificate_request): callers should handle ValueError - ipalib.x509 (load_certificate*, get_*): callers should handle ValueError In other cases ValueError is handled: - ipalib.parameters - ipapython.ssh - ipalib.rpc (json_decode_binary - callers already expect ValueError) - ipaserver.install.ldapupdate Elsewhere no error handling is done, because values come from trusted sources, or are pre-validated: - vault plugin - ipaserver.install.cainstance - ipaserver.install.certs - ipaserver.install.ipa_otptoken_import Reviewed-By: Tomas Babej <tbabej@redhat.com>
* enable topology plugin on upgradePetr Vobornik2015-10-151-0/+9
| | | | | Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Server Upgrade: addifnew should not create entryMartin Basti2015-09-211-2/+2
| | | | | | | addifnew should add value only if entry exists, instead of creating entry. Reviewed-By: David Kupka <dkupka@redhat.com>
* Use new-style raise syntaxPetr Viktorin2015-09-011-5/+5
| | | | | | | | | The form`raise Error, value` is deprecated in favor of `raise Error(value)`, and will be removed in Python 3. Use the new syntax. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Port from python-krbV to python-gssapiMichael Simacek2015-08-261-8/+2
| | | | | | | | | | | | | | | | | | python-krbV library is deprecated and doesn't work with python 3. Replacing all it's usages with python-gssapi. - Removed Backend.krb and KRB5_CCache classes They were wrappers around krbV classes that cannot really work without them - Added few utility functions for querying GSSAPI credentials in krb_utils module. They provide replacements for KRB5_CCache. - Merged two kinit_keytab functions - Changed ldap plugin connection defaults to match ipaldap - Unified getting default realm Using api.env.realm instead of krbV call Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-121-10/+10
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Server Upgrade: use debug log level for upgrade instead of infoMartin Basti2015-07-031-15/+15
| | | | | | Upgrade contains too many unnecessary info logs. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipalib: Load ipaserver plugins when api.env.in_server is TrueJan Cholasta2015-07-011-1/+0
| | | | | | | https://fedorahosted.org/freeipa/ticket/3090 https://fedorahosted.org/freeipa/ticket/5073 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Add Domain Level featureTomas Babej2015-05-261-0/+5
| | | | | | | https://fedorahosted.org/freeipa/ticket/5018 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Server Upgrade: fix remove statementMartin Basti2015-05-261-3/+4
| | | | | | | | | If value does not exists then do not update entry. Otherwise, together with nonexistent entry, the LDAP decode error will be raised. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Server Upgrade: raise RuntimeError instead exit()Martin Basti2015-05-191-1/+1
| | | | | | | | | Ldapupdater should not call sys.exit() in the middle of execution and should fail gracefully https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Allow base64 encoded valuesMartin Basti2015-05-111-29/+109
| | | | | | | | | | | | | | This patch allows to use base64 encoded values in update files. Double colon ('::') must be used as separator between attribute name and base64 encoded value. add:attr::<base64-value> replace:attr::<old-base64-value>::<new-base64-value> https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Server Upgrade: remove CSV from upgrade filesMartin Basti2015-05-111-98/+65
| | | | | | | | | | | | | | | | | CSV values are not supported in upgrade files anymore Instead of add:attribute: 'first, part', second please use add:attribute: firts, part add:attribute: second Required for ticket: https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Server Upgrade: fix a comment in ldapupdaterMartin Basti2015-05-051-6/+1
| | | | | | | | DN sorting was removed in previous patches https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: restart DS using ipaplatfom serviceMartin Basti2015-04-141-4/+4
| | | | | | | | Removes extra class DSRestart which do the same thing https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Handle connection better in updates_from_dictMartin Basti2015-04-141-3/+4
| | | | | | | | Connection should be closed if update is done https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: specify order of plugins in update filesMartin Basti2015-04-141-44/+140
| | | | | | | | | | | | * add 'plugin' directive * specify plugins order in update files * remove 'run plugins' options * use ldapupdater API instance in plugins * add update files representing former PreUpdate and PostUpdate order of plugins https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: remove unused code in upgradeMartin Basti2015-04-141-7/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: use only LDAPI connectionMartin Basti2015-04-141-1/+1
| | | | | | | | Use only ldapi connection to execute upgrade https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: remove --test optionMartin Basti2015-03-191-31/+22
| | | | | | | | | As --test option is not used for developing, and it is not recommended to test if upgrade will pass, this path removes it copmletely. https://fedorahosted.org/freeipa/ticket/3448 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: order update files by defaultMartin Basti2015-03-191-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Update entries in order specified in fileMartin Basti2015-03-191-62/+13
| | | | | | | | | | | | Dictionary replaced with list. Particular upgrades are executed in the same order as they are specified in update a file. Different updates for the smae cn, are not merged into one upgrade https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Set modified to false, before each updateMartin Basti2015-03-191-1/+2
| | | | | | | Variable self.modified should be set to false before each run of update Ticket: https://fedorahosted.org/freeipa/ticket/3560 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Upgrade one file per timeMartin Basti2015-03-191-36/+18
| | | | | | | | * Files are sorted alphabetically, no numbering required anymore * One file updated per time Ticket: https://fedorahosted.org/freeipa/ticket/3560 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: do not sort updates by DNMartin Basti2015-03-191-13/+2
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Remove unused PRE_SCHEMA_UPDATEMartin Basti2015-03-191-14/+1
| | | | | | | This is not used anymore. Ticket: https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix upgrade: do not use invalid ldap connectionMartin Basti2014-11-061-0/+6
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4670 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ldapupdate: Restore 'replace' functionalityPetr Viktorin2014-07-041-0/+8
| | | | | | | The replace directive was made a no-op by mistake in commit 6381d76. Restore it. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Added upgrade step executed before schmema is upgradedMartin Basti2014-06-271-1/+14
| | | | | | | | Class PreSchemaUpdate is executed before ldap schema update This is required by ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipaplatform: Move all filesystem paths to ipaplatform.paths moduleTomas Babej2014-06-161-2/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use raw LDAP data in ldapupdate.Jan Cholasta2014-01-101-23/+7
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Remove legacy LDAPEntry properties data and orig_data.Jan Cholasta2014-01-101-4/+0
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Add LDAPEntry method generate_modlist.Jan Cholasta2014-01-101-1/+1
| | | | | | | Use LDAPEntry.generate_modlist instead of LDAPClient._generate_modlist and remove LDAPClient._generate_modlist. https://fedorahosted.org/freeipa/ticket/3488
* Reduce amount of LDAPEntry.reset_modlist calls in ldapupdate.Jan Cholasta2014-01-101-8/+4
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Use LDAPClient.update_entry for LDAP mods in ldapupdate.Jan Cholasta2014-01-101-2/+2
| | | | | | Remove legacy IPAdmin methods generateModList and updateEntry. https://fedorahosted.org/freeipa/ticket/3488
* Rename LDAPEntry method commit to reset_modlist.Jan Cholasta2014-01-101-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Remove schema special-casing from the LDAP updaterPetr Viktorin2013-11-181-111/+4
| | | | | | | Now that there's a dedicated schema updater, we do not need the code in ldapupdate. https://fedorahosted.org/freeipa/ticket/3454
* ldapupdate: Factor out connection codePetr Viktorin2013-11-181-40/+36
| | | | | | | The connection code will be the same for both the LDAP updater and the new schema updater. Preparation for: https://fedorahosted.org/freeipa/ticket/3454
* Turn LDAPEntry.single_value into a dictionary-like property.Jan Cholasta2013-11-051-2/+2
| | | | | | This change makes single_value consistent with the raw property. https://fedorahosted.org/freeipa/ticket/3521
* Remove legacy toDict and origDataDict methods of LDAPEntry.Jan Cholasta2013-10-311-4/+3
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Hide sensitive attributes in LDAP updater logging and outputRob Crittenden2013-07-181-19/+47
| | | | | | | | The LDAP updater prints the initial and final states of an entry, as well as details on the changes made to attributes. This has the potential to expose sensitive values so exclude those from logging. https://fedorahosted.org/freeipa/ticket/3782
* Apply LDAP update files in blocks of 10, as originally designed.Rob Crittenden2013-04-121-1/+27
| | | | | | | | | | | | | | | In order to have control over the order that updates are applied a numbering system was created for the update files. These values were not actually used. The updates were sorted by DN length and in most cases this was adequate for proper function. The exception was with roles where in some cases a role was added as a member of a permission before the role itself was added so the memberOf value was never created. Now updates are computed and applied in blocks of 10. https://fedorahosted.org/freeipa/ticket/3377
* Remove ipaserver/ipaldap.pyPetr Viktorin2013-03-131-2/+2
| | | | | | In addition to removing the module, fix all places where it was imported. Preparation for: https://fedorahosted.org/freeipa/ticket/3446
* replace getEntry with get_entry (or get_entries if scope != SCOPE_BASE)Petr Viktorin2013-03-011-1/+1
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Replace deleteEntry with delete_entryPetr Viktorin2013-03-011-1/+1
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
generated by cgit (git 2.34.1) at 2024-11-19 02:07:14 +0000