summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomas Krizek <tkrizek@redhat.com>2016-11-09 12:53:14 +0100
committerMartin Basti <mbasti@redhat.com>2016-11-22 16:17:27 +0100
commit68295bf8cfd57333deb50f58df1b336a4b48ffe7 (patch)
tree525a018e5d7216847b09d0373bbdc0de2f8e55e0
parent4c133837d149352a68e1d6cbefbb28e4ae048755 (diff)
downloadfreeipa-68295bf8cfd57333deb50f58df1b336a4b48ffe7.tar.gz
freeipa-68295bf8cfd57333deb50f58df1b336a4b48ffe7.tar.xz
freeipa-68295bf8cfd57333deb50f58df1b336a4b48ffe7.zip
services: replace admin_conn with api.Backend.ldap2
Since service.admin_conn is only an alias to api.Backend.ldap2, replace it everywhere with the explicit api.Backend.ldap2 instead. https://fedorahosted.org/freeipa/ticket/6461 Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat
-rwxr-xr-xinstall/tools/ipa-adtrust-install6
-rw-r--r--ipaserver/install/adtrustinstance.py79
-rw-r--r--ipaserver/install/bindinstance.py10
-rw-r--r--ipaserver/install/cainstance.py22
-rw-r--r--ipaserver/install/dnskeysyncinstance.py6
-rw-r--r--ipaserver/install/dogtaginstance.py16
-rw-r--r--ipaserver/install/dsinstance.py18
-rw-r--r--ipaserver/install/httpinstance.py9
-rw-r--r--ipaserver/install/kra.py7
-rw-r--r--ipaserver/install/krbinstance.py13
-rw-r--r--ipaserver/install/odsexporterinstance.py4
-rw-r--r--ipaserver/install/opendnssecinstance.py6
-rw-r--r--ipaserver/install/service.py44
13 files changed, 120 insertions, 120 deletions
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index 8eed5191a..8b75d5c3a 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -411,7 +411,7 @@ def main():
try:
# Search only masters which have support for domain levels
# because only these masters will have SSSD recent enough to support AD trust agents
- entries_m, _truncated = smb.admin_conn.find_entries(
+ entries_m, _truncated = api.Backend.ldap2.find_entries(
filter="(&(objectclass=ipaSupportedDomainLevelConfig)(ipaMaxDomainLevel=*)(ipaMinDomainLevel=*))",
base_dn=masters_dn, attrs_list=['cn'], scope=ldap.SCOPE_ONELEVEL)
except errors.NotFound:
@@ -421,7 +421,7 @@ def main():
print(unicode(e))
try:
- entries_a, _truncated = smb.admin_conn.find_entries(
+ entries_a, _truncated = api.Backend.ldap2.find_entries(
filter="", base_dn=agents_dn, attrs_list=['member'],
scope=ldap.SCOPE_BASE)
except errors.NotFound:
@@ -470,7 +470,7 @@ def main():
# Add the CIFS and host principals to the 'adtrust agents' group
# as 389-ds only operates with GroupOfNames, we have to use
# the principal's proper dn as defined in self.cifs_agent
- service.add_principals_to_group(smb.admin_conn, agents_dn, "member",
+ service.add_principals_to_group(api.Backend.ldap2, agents_dn, "member",
[x[1] for x in new_agents])
print("""
WARNING: you MUST restart (e.g. ipactl restart) the following IPA masters in order
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index cab5a7239..632052ab4 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -200,7 +200,7 @@ class ADTRUSTInstance(service.Service):
admin_group_dn = DN(('cn', 'admins'), api.env.container_group,
self.suffix)
try:
- dom_entry = self.admin_conn.get_entry(self.smb_dom_dn)
+ dom_entry = api.Backend.ldap2.get_entry(self.smb_dom_dn)
except errors.NotFound:
self.print_msg("Samba domain object not found")
return
@@ -211,13 +211,13 @@ class ADTRUSTInstance(service.Service):
return
try:
- admin_entry = self.admin_conn.get_entry(admin_dn)
+ admin_entry = api.Backend.ldap2.get_entry(admin_dn)
except errors.NotFound:
self.print_msg("IPA admin object not found")
return
try:
- admin_group_entry = self.admin_conn.get_entry(admin_group_dn)
+ admin_group_entry = api.Backend.ldap2.get_entry(admin_group_dn)
except errors.NotFound:
self.print_msg("IPA admin group object not found")
return
@@ -226,9 +226,10 @@ class ADTRUSTInstance(service.Service):
self.print_msg("Admin SID already set, nothing to do")
else:
try:
- self.admin_conn.modify_s(admin_dn, \
- [(ldap.MOD_ADD, "objectclass", self.OBJC_USER), \
- (ldap.MOD_ADD, self.ATTR_SID, dom_sid + "-500")])
+ api.Backend.ldap2.modify_s(
+ admin_dn,
+ [(ldap.MOD_ADD, "objectclass", self.OBJC_USER),
+ (ldap.MOD_ADD, self.ATTR_SID, dom_sid + "-500")])
except Exception:
self.print_msg("Failed to modify IPA admin object")
@@ -236,9 +237,10 @@ class ADTRUSTInstance(service.Service):
self.print_msg("Admin group SID already set, nothing to do")
else:
try:
- self.admin_conn.modify_s(admin_group_dn, \
- [(ldap.MOD_ADD, "objectclass", self.OBJC_GROUP), \
- (ldap.MOD_ADD, self.ATTR_SID, dom_sid + "-512")])
+ api.Backend.ldap2.modify_s(
+ admin_group_dn,
+ [(ldap.MOD_ADD, "objectclass", self.OBJC_GROUP),
+ (ldap.MOD_ADD, self.ATTR_SID, dom_sid + "-512")])
except Exception:
self.print_msg("Failed to modify IPA admin group object")
@@ -247,7 +249,7 @@ class ADTRUSTInstance(service.Service):
api.env.container_views, self.suffix)
try:
- self.admin_conn.get_entry(default_view_dn)
+ api.Backend.ldap2.get_entry(default_view_dn)
except errors.NotFound:
try:
self._ldap_mod('default-trust-view.ldif', self.sub_dict)
@@ -260,7 +262,7 @@ class ADTRUSTInstance(service.Service):
# _ldap_mod does not return useful error codes, so we must check again
# if the default trust view was created properly.
try:
- self.admin_conn.get_entry(default_view_dn)
+ api.Backend.ldap2.get_entry(default_view_dn)
except errors.NotFound:
self.print_msg("Failed to add Default Trust View.")
@@ -276,7 +278,7 @@ class ADTRUSTInstance(service.Service):
server.
"""
try:
- dom_entry = self.admin_conn.get_entry(self.smb_dom_dn)
+ dom_entry = api.Backend.ldap2.get_entry(self.smb_dom_dn)
except errors.NotFound:
self.print_msg("Samba domain object not found")
return
@@ -288,7 +290,7 @@ class ADTRUSTInstance(service.Service):
fb_group_dn = DN(('cn', self.FALLBACK_GROUP_NAME),
api.env.container_group, self.suffix)
try:
- self.admin_conn.get_entry(fb_group_dn)
+ api.Backend.ldap2.get_entry(fb_group_dn)
except errors.NotFound:
try:
self._ldap_mod('default-smb-group.ldif', self.sub_dict)
@@ -299,14 +301,14 @@ class ADTRUSTInstance(service.Service):
# _ldap_mod does not return useful error codes, so we must check again
# if the fallback group was created properly.
try:
- self.admin_conn.get_entry(fb_group_dn)
+ api.Backend.ldap2.get_entry(fb_group_dn)
except errors.NotFound:
self.print_msg("Failed to add fallback group.")
return
try:
mod = [(ldap.MOD_ADD, self.ATTR_FALLBACK_GROUP, fb_group_dn)]
- self.admin_conn.modify_s(self.smb_dom_dn, mod)
+ api.Backend.ldap2.modify_s(self.smb_dom_dn, mod)
except Exception:
self.print_msg("Failed to add fallback group to domain object")
@@ -319,7 +321,7 @@ class ADTRUSTInstance(service.Service):
try:
# Get the ranges
- ranges = self.admin_conn.get_entries(
+ ranges = api.Backend.ldap2.get_entries(
DN(api.env.container_ranges, self.suffix),
ldap.SCOPE_ONELEVEL, "(objectclass=ipaDomainIDRange)")
@@ -354,7 +356,7 @@ class ADTRUSTInstance(service.Service):
# If the RID bases would cause overlap with some other range,
# this will be detected by ipa-range-check DS plugin
try:
- self.admin_conn.modify_s(local_range.dn,
+ api.Backend.ldap2.modify_s(local_range.dn,
[(ldap.MOD_ADD, "ipaBaseRID",
str(self.rid_base)),
(ldap.MOD_ADD, "ipaSecondaryBaseRID",
@@ -376,7 +378,7 @@ class ADTRUSTInstance(service.Service):
self.print_msg("Reset NetBIOS domain name")
try:
- self.admin_conn.modify_s(self.smb_dom_dn,
+ api.Backend.ldap2.modify_s(self.smb_dom_dn,
[(ldap.MOD_REPLACE, self.ATTR_FLAT_NAME,
self.netbios_name)])
except ldap.LDAPError:
@@ -385,7 +387,7 @@ class ADTRUSTInstance(service.Service):
def __create_samba_domain_object(self):
try:
- self.admin_conn.get_entry(self.smb_dom_dn)
+ api.Backend.ldap2.get_entry(self.smb_dom_dn)
if self.reset_netbios_name:
self.__reset_netbios_name()
else :
@@ -398,7 +400,7 @@ class ADTRUSTInstance(service.Service):
DN(('cn', 'ad'), self.trust_dn), \
DN(api.env.container_cifsdomains, self.suffix)):
try:
- self.admin_conn.get_entry(new_dn)
+ api.Backend.ldap2.get_entry(new_dn)
except errors.NotFound:
try:
name = new_dn[1].attr
@@ -406,11 +408,11 @@ class ADTRUSTInstance(service.Service):
self.print_msg('Cannot extract RDN attribute value from "%s": %s' % \
(new_dn, e))
return
- entry = self.admin_conn.make_entry(
+ entry = api.Backend.ldap2.make_entry(
new_dn, objectclass=['nsContainer'], cn=[name])
- self.admin_conn.add_entry(entry)
+ api.Backend.ldap2.add_entry(entry)
- entry = self.admin_conn.make_entry(
+ entry = api.Backend.ldap2.make_entry(
self.smb_dom_dn,
{
'objectclass': [self.OBJC_DOMAIN, "nsContainer"],
@@ -421,7 +423,7 @@ class ADTRUSTInstance(service.Service):
}
)
#TODO: which MAY attributes do we want to set ?
- self.admin_conn.add_entry(entry)
+ api.Backend.ldap2.add_entry(entry)
def __write_smb_conf(self):
conf_fd = open(self.smb_conf, "w")
@@ -439,7 +441,7 @@ class ADTRUSTInstance(service.Service):
try:
plugin_dn = DN(('cn', plugin_cn), ('cn', 'plugins'),
('cn', 'config'))
- self.admin_conn.get_entry(plugin_dn)
+ api.Backend.ldap2.get_entry(plugin_dn)
self.print_msg('%s plugin already configured, nothing to do' % name)
except errors.NotFound:
try:
@@ -477,7 +479,7 @@ class ADTRUSTInstance(service.Service):
# Wait for the task to complete
task_dn = DN('cn=sidgen,cn=ipa-sidgen-task,cn=tasks,cn=config')
- wait_for_task(self.admin_conn, task_dn)
+ wait_for_task(api.Backend.ldap2, task_dn)
except Exception as e:
root_logger.warning("Exception occured during SID generation: {0}"
@@ -491,11 +493,11 @@ class ADTRUSTInstance(service.Service):
targets_dn = DN(('cn', 'ipa-cifs-delegation-targets'), ('cn', 's4u2proxy'),
('cn', 'etc'), self.suffix)
try:
- current = self.admin_conn.get_entry(targets_dn)
+ current = api.Backend.ldap2.get_entry(targets_dn)
members = current.get('memberPrincipal', [])
if not(self.principal in members):
current["memberPrincipal"] = members + [self.principal]
- self.admin_conn.update_entry(current)
+ api.Backend.ldap2.update_entry(current)
else:
self.print_msg('cifs principal already targeted, nothing to do.')
except errors.NotFound:
@@ -524,8 +526,9 @@ class ADTRUSTInstance(service.Service):
# Add the CIFS and host principals to the 'adtrust agents' group
# as 389-ds only operates with GroupOfNames, we have to use
# the principal's proper dn as defined in self.cifs_agent
- service.add_principals_to_group(self.admin_conn, self.smb_dn, "member",
- [self.cifs_agent, self.host_princ])
+ service.add_principals_to_group(
+ api.Backend.ldap2, self.smb_dn, "member",
+ [self.cifs_agent, self.host_princ])
def __setup_principal(self):
try:
@@ -662,7 +665,7 @@ class ADTRUSTInstance(service.Service):
try:
cifs_services = DN(api.env.container_service, self.suffix)
# Search for cifs services which also belong to adtrust agents, these are our DCs
- res = self.admin_conn.get_entries(cifs_services,
+ res = api.Backend.ldap2.get_entries(cifs_services,
ldap.SCOPE_ONELEVEL,
"(&(krbprincipalname=cifs/*@%s)(memberof=%s))" % (self.realm, str(self.smb_dn)))
if len(res) > 1:
@@ -686,11 +689,11 @@ class ADTRUSTInstance(service.Service):
lookup_nsswitch_name = "schema-compat-lookup-nsswitch"
for config in (("cn=users", "user"), ("cn=groups", "group")):
entry_dn = DN(config[0], compat_plugin_dn)
- current = self.admin_conn.get_entry(entry_dn)
+ current = api.Backend.ldap2.get_entry(entry_dn)
lookup_nsswitch = current.get(lookup_nsswitch_name, [])
if not(config[1] in lookup_nsswitch):
current[lookup_nsswitch_name] = [config[1]]
- self.admin_conn.update_entry(current)
+ api.Backend.ldap2.update_entry(current)
except Exception as e:
root_logger.critical("Enabling nsswitch support in slapi-nis failed with error '%s'" % e)
@@ -767,14 +770,14 @@ class ADTRUSTInstance(service.Service):
self.__setup_sub_dict()
def find_local_id_range(self):
- if self.admin_conn.get_entries(
+ if api.Backend.ldap2.get_entries(
DN(api.env.container_ranges, self.suffix),
ldap.SCOPE_ONELEVEL,
"(objectclass=ipaDomainIDRange)"):
return
try:
- entry = self.admin_conn.get_entry(
+ entry = api.Backend.ldap2.get_entry(
DN(('cn', 'admins'), api.env.container_group, self.suffix))
except errors.NotFound:
raise ValueError("No local ID range and no admins group found.\n" \
@@ -791,13 +794,13 @@ class ADTRUSTInstance(service.Service):
"(gidNumber<=%d)(gidNumner>=%d)))" % \
((base_id - 1), (base_id + id_range_size),
(base_id - 1), (base_id + id_range_size))
- if self.admin_conn.get_entries(DN(('cn', 'accounts'), self.suffix),
+ if api.Backend.ldap2.get_entries(DN(('cn', 'accounts'), self.suffix),
ldap.SCOPE_SUBTREE, id_filter):
raise ValueError("There are objects with IDs out of the expected" \
"range.\nAdd local ID range manually and try " \
"again!")
- entry = self.admin_conn.make_entry(
+ entry = api.Backend.ldap2.make_entry(
DN(
('cn', ('%s_id_range' % self.realm)),
api.env.container_ranges, self.suffix),
@@ -806,7 +809,7 @@ class ADTRUSTInstance(service.Service):
ipaBaseID=[str(base_id)],
ipaIDRangeSize=[str(id_range_size)],
)
- self.admin_conn.add_entry(entry)
+ api.Backend.ldap2.add_entry(entry)
def create_instance(self):
self.step("stopping smbd", self.__stop)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 179eb68c9..f2ece576a 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -846,10 +846,10 @@ class BindInstance(service.Service):
self.__add_master_records(self.fqdn, self.ip_addresses)
def __add_others(self):
- entries = self.admin_conn.get_entries(
+ entries = api.Backend.ldap2.get_entries(
DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
self.suffix),
- self.admin_conn.SCOPE_ONELEVEL, None, ['dn'])
+ api.Backend.ldap2.SCOPE_ONELEVEL, None, ['dn'])
for entry in entries:
fqdn = entry.dn[0]['cn']
@@ -888,7 +888,7 @@ class BindInstance(service.Service):
mod = [(ldap.MOD_ADD, 'member', dns_principal)]
try:
- self.admin_conn.modify_s(dns_group, mod)
+ api.Backend.ldap2.modify_s(dns_group, mod)
except ldap.TYPE_OR_VALUE_EXISTS:
pass
except Exception as e:
@@ -903,7 +903,7 @@ class BindInstance(service.Service):
(ldap.MOD_REPLACE, 'nsIdleTimeout', '-1'),
(ldap.MOD_REPLACE, 'nsLookThroughLimit', '-1')]
try:
- self.admin_conn.modify_s(dns_principal, mod)
+ api.Backend.ldap2.modify_s(dns_principal, mod)
except Exception as e:
root_logger.critical("Could not set principal's %s LDAP limits: %s" \
% (dns_principal, str(e)))
@@ -933,7 +933,7 @@ class BindInstance(service.Service):
)
def __setup_server_configuration(self):
- ensure_dnsserver_container_exists(self.admin_conn, self.api)
+ ensure_dnsserver_container_exists(api.Backend.ldap2, self.api)
try:
self.api.Command.dnsserver_add(
self.fqdn, idnssoamname=DNSName(self.fqdn).make_absolute(),
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index c7a117d3e..26755ee28 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1100,8 +1100,8 @@ class CAInstance(DogtagInstance):
('cn', 'etc'), api.env.basedn)
renewal_filter = '(ipaConfigString=caRenewalMaster)'
try:
- self.admin_conn.get_entries(base_dn=dn, filter=renewal_filter,
- attrs_list=[])
+ api.Backend.ldap2.get_entries(base_dn=dn, filter=renewal_filter,
+ attrs_list=[])
except errors.NotFound:
return False
@@ -1115,13 +1115,13 @@ class CAInstance(DogtagInstance):
api.env.basedn)
filter = '(&(cn=CA)(ipaConfigString=caRenewalMaster))'
try:
- entries = self.admin_conn.get_entries(
+ entries = api.Backend.ldap2.get_entries(
base_dn=base_dn, filter=filter, attrs_list=['ipaConfigString'])
except errors.NotFound:
entries = []
dn = DN(('cn', 'CA'), ('cn', fqdn), base_dn)
- master_entry = self.admin_conn.get_entry(dn, ['ipaConfigString'])
+ master_entry = api.Backend.ldap2.get_entry(dn, ['ipaConfigString'])
for entry in entries:
if master_entry is not None and entry.dn == master_entry.dn:
@@ -1130,11 +1130,11 @@ class CAInstance(DogtagInstance):
entry['ipaConfigString'] = [x for x in entry['ipaConfigString']
if x.lower() != 'carenewalmaster']
- self.admin_conn.update_entry(entry)
+ api.Backend.ldap2.update_entry(entry)
if master_entry is not None:
master_entry['ipaConfigString'].append('caRenewalMaster')
- self.admin_conn.update_entry(master_entry)
+ api.Backend.ldap2.update_entry(master_entry)
@staticmethod
def update_cert_config(nickname, cert):
@@ -1173,25 +1173,25 @@ class CAInstance(DogtagInstance):
# replication
dn = DN(('cn', str(suffix)), ('cn', 'mapping tree'), ('cn', 'config'))
- entry = self.admin_conn.make_entry(
+ entry = api.Backend.ldap2.make_entry(
dn,
objectclass=["top", "extensibleObject", "nsMappingTree"],
cn=[suffix],
)
entry['nsslapd-state'] = ['Backend']
entry['nsslapd-backend'] = [backend]
- self.admin_conn.add_entry(entry)
+ api.Backend.ldap2.add_entry(entry)
# database
dn = DN(('cn', 'ipaca'), ('cn', 'ldbm database'), ('cn', 'plugins'),
('cn', 'config'))
- entry = self.admin_conn.make_entry(
+ entry = api.Backend.ldap2.make_entry(
dn,
objectclass=["top", "extensibleObject", "nsBackendInstance"],
cn=[backend],
)
entry['nsslapd-suffix'] = [suffix]
- self.admin_conn.add_entry(entry)
+ api.Backend.ldap2.add_entry(entry)
def __setup_replication(self):
@@ -1268,7 +1268,7 @@ class CAInstance(DogtagInstance):
def __add_lightweight_ca_tracking_requests(self):
try:
- lwcas = self.admin_conn.get_entries(
+ lwcas = api.Backend.ldap2.get_entries(
base_dn=api.env.basedn,
filter='(objectclass=ipaca)',
attrs_list=['cn', 'ipacaid'],
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
index 81fbc3caa..28eb3f9d6 100644
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@@ -266,7 +266,7 @@ class DNSKeySyncInstance(service.Service):
keylabel = replica_keylabel_template % DNSName(self.fqdn).\
make_absolute().canonicalize().ToASCII()
- ldap = self.admin_conn
+ ldap = api.Backend.ldap2
dn_base = DN(('cn', 'keys'), ('cn', 'sec'), ('cn', 'dns'), api.env.basedn)
with open(paths.DNSSEC_SOFTHSM_PIN, "r") as f:
@@ -413,7 +413,7 @@ class DNSKeySyncInstance(service.Service):
mod = [(ldap.MOD_ADD, 'member', dnssynckey_principal_dn)]
try:
- self.admin_conn.modify_s(dns_group, mod)
+ api.Backend.ldap2.modify_s(dns_group, mod)
except ldap.TYPE_OR_VALUE_EXISTS:
pass
except Exception as e:
@@ -429,7 +429,7 @@ class DNSKeySyncInstance(service.Service):
(ldap.MOD_REPLACE, 'nsIdleTimeout', '-1'),
(ldap.MOD_REPLACE, 'nsLookThroughLimit', '-1')]
try:
- self.admin_conn.modify_s(dnssynckey_principal_dn, mod)
+ api.Backend.ldap2.modify_s(dnssynckey_principal_dn, mod)
except Exception as e:
self.logger.critical("Could not set principal's %s LDAP limits: %s"
% (dnssynckey_principal_dn, str(e)))
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 5d25e42d8..2cc62dc13 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -30,7 +30,7 @@ import pwd
from pki.client import PKIConnection
import pki.system
-from ipalib import errors
+from ipalib import api, errors
from ipaplatform import services
from ipaplatform.constants import constants
@@ -421,12 +421,12 @@ class DogtagInstance(service.Service):
def __add_admin_to_group(self, group):
dn = DN(('cn', group), ('ou', 'groups'), ('o', 'ipaca'))
- entry = self.admin_conn.get_entry(dn)
+ entry = api.Backend.ldap2.get_entry(dn)
members = entry.get('uniqueMember', [])
members.append(self.admin_dn)
mod = [(ldap.MOD_REPLACE, 'uniqueMember', members)]
try:
- self.admin_conn.modify_s(dn, mod)
+ api.Backend.ldap2.modify_s(dn, mod)
except ldap.TYPE_OR_VALUE_EXISTS:
# already there
pass
@@ -439,12 +439,12 @@ class DogtagInstance(service.Service):
# remove user if left-over exists
try:
- entry = self.admin_conn.delete_entry(self.admin_dn)
+ entry = api.Backend.ldap2.delete_entry(self.admin_dn)
except errors.NotFound:
pass
# add user
- entry = self.admin_conn.make_entry(
+ entry = api.Backend.ldap2.make_entry(
self.admin_dn,
objectclass=["top", "person", "organizationalPerson",
"inetOrgPerson", "cmsuser"],
@@ -456,7 +456,7 @@ class DogtagInstance(service.Service):
userPassword=[self.admin_password],
userstate=['1']
)
- self.admin_conn.add_entry(entry)
+ api.Backend.ldap2.add_entry(entry)
for group in self.admin_groups:
self.__add_admin_to_group(group)
@@ -472,7 +472,7 @@ class DogtagInstance(service.Service):
dn = DN(('cn', group), ('ou', 'groups'), ('o', 'ipaca'))
mod = [(ldap.MOD_DELETE, 'uniqueMember', self.admin_dn)]
try:
- self.admin_conn.modify_s(dn, mod)
+ api.Backend.ldap2.modify_s(dn, mod)
except ldap.NO_SUCH_ATTRIBUTE:
# already removed
pass
@@ -480,7 +480,7 @@ class DogtagInstance(service.Service):
def teardown_admin(self):
for group in self.admin_groups:
self.__remove_admin_from_group(group)
- self.admin_conn.delete_entry(self.admin_dn)
+ api.Backend.ldap2.delete_entry(self.admin_dn)
def _use_ldaps_during_spawn(self, config, ds_cacert=paths.IPA_CA_CRT):
config.set(self.subsystem, "pki_ds_ldaps_port", "636")
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 9a90e99db..24f7bfd00 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -449,13 +449,13 @@ class DsInstance(service.Service):
# they may conflict.
try:
- res = self.admin_conn.get_entries(
+ res = api.Backend.ldap2.get_entries(
DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')),
- self.admin_conn.SCOPE_ONELEVEL,
+ api.Backend.ldap2.SCOPE_ONELEVEL,
"(objectclass=nsSaslMapping)")
for r in res:
try:
- self.admin_conn.delete_entry(r)
+ api.Backend.ldap2.delete_entry(r)
except Exception as e:
root_logger.critical(
"Error during SASL mapping removal: %s", e)
@@ -464,7 +464,7 @@ class DsInstance(service.Service):
root_logger.critical("Error while enumerating SASL mappings %s", e)
raise
- entry = self.admin_conn.make_entry(
+ entry = api.Backend.ldap2.make_entry(
DN(
('cn', 'Full Principal'), ('cn', 'mapping'), ('cn', 'sasl'),
('cn', 'config')),
@@ -475,9 +475,9 @@ class DsInstance(service.Service):
nsSaslMapFilterTemplate=['(krbPrincipalName=\\1@\\2)'],
nsSaslMapPriority=['10'],
)
- self.admin_conn.add_entry(entry)
+ api.Backend.ldap2.add_entry(entry)
- entry = self.admin_conn.make_entry(
+ entry = api.Backend.ldap2.make_entry(
DN(
('cn', 'Name Only'), ('cn', 'mapping'), ('cn', 'sasl'),
('cn', 'config')),
@@ -488,7 +488,7 @@ class DsInstance(service.Service):
nsSaslMapFilterTemplate=['(krbPrincipalName=&@%s)' % self.realm],
nsSaslMapPriority=['10'],
)
- self.admin_conn.add_entry(entry)
+ api.Backend.ldap2.add_entry(entry)
def __update_schema(self):
# FIXME: https://fedorahosted.org/389/ticket/47490
@@ -1134,7 +1134,7 @@ class DsInstance(service.Service):
"""
dn = DN('cn=IPA SIDGEN,cn=plugins,cn=config')
try:
- self.admin_conn.get_entry(dn)
+ api.Backend.ldap2.get_entry(dn)
except errors.NotFound:
self._ldap_mod('ipa-sidgen-conf.ldif', dict(SUFFIX=suffix))
else:
@@ -1152,7 +1152,7 @@ class DsInstance(service.Service):
"""
dn = DN('cn=ipa_extdom_extop,cn=plugins,cn=config')
try:
- self.admin_conn.get_entry(dn)
+ api.Backend.ldap2.get_entry(dn)
except errors.NotFound:
self._ldap_mod('ipa-extdom-extop-conf.ldif', dict(SUFFIX=suffix))
else:
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 4e8107e1a..cd1674362 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -416,7 +416,8 @@ class HTTPInstance(service.Service):
attr_name = 'kdcProxyEnabled'
try:
- entry = self.admin_conn.get_entry(entry_name, ['ipaConfigString'])
+ entry = api.Backend.ldap2.get_entry(
+ entry_name, ['ipaConfigString'])
except errors.NotFound:
pass
else:
@@ -427,7 +428,7 @@ class HTTPInstance(service.Service):
entry.setdefault('ipaConfigString', []).append(attr_name)
try:
- self.admin_conn.update_entry(entry)
+ api.Backend.ldap2.update_entry(entry)
except errors.EmptyModlist:
root_logger.debug("service KDCPROXY already enabled")
return
@@ -438,7 +439,7 @@ class HTTPInstance(service.Service):
root_logger.debug("service KDCPROXY enabled")
return
- entry = self.admin_conn.make_entry(
+ entry = api.Backend.ldap2.make_entry(
entry_name,
objectclass=["nsContainer", "ipaConfigObject"],
cn=['KDC'],
@@ -446,7 +447,7 @@ class HTTPInstance(service.Service):
)
try:
- self.admin_conn.add_entry(entry)
+ api.Backend.ldap2.add_entry(entry)
except errors.DuplicateEntry:
root_logger.debug("failed to add service KDCPROXY entry")
raise
diff --git a/ipaserver/install/kra.py b/ipaserver/install/kra.py
index 58a6a7370..e7e11dd41 100644
--- a/ipaserver/install/kra.py
+++ b/ipaserver/install/kra.py
@@ -131,9 +131,10 @@ def uninstall(standalone):
if standalone:
try:
- kra.admin_conn.delete_entry(DN(('cn', 'KRA'), ('cn', api.env.host),
- ('cn', 'masters'), ('cn', 'ipa'),
- ('cn', 'etc'), api.env.basedn))
+ api.Backend.ldap2.delete_entry(
+ DN(('cn', 'KRA'), ('cn', api.env.host),
+ ('cn', 'masters'), ('cn', 'ipa'),
+ ('cn', 'etc'), api.env.basedn))
except errors.NotFound:
pass
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index b5cfd79c2..61c50bb69 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -30,6 +30,7 @@ from ipaserver.install import service
from ipaserver.install import installutils
from ipapython import ipautil
from ipapython import kernel_keyring
+from ipalib import api
from ipalib.constants import CACERT
from ipapython.ipa_log_manager import root_logger
from ipapython.dn import DN
@@ -79,14 +80,14 @@ class KrbInstance(service.Service):
"""
service_dn = DN(('krbprincipalname', principal), self.get_realm_suffix())
- service_entry = self.admin_conn.get_entry(service_dn)
- self.admin_conn.delete_entry(service_entry)
+ service_entry = api.Backend.ldap2.get_entry(service_dn)
+ api.Backend.ldap2.delete_entry(service_entry)
# Create a host entry for this master
host_dn = DN(
('fqdn', self.fqdn), ('cn', 'computers'), ('cn', 'accounts'),
self.suffix)
- host_entry = self.admin_conn.make_entry(
+ host_entry = api.Backend.ldap2.make_entry(
host_dn,
objectclass=[
'top', 'ipaobject', 'nshost', 'ipahost', 'ipaservice',
@@ -108,7 +109,7 @@ class KrbInstance(service.Service):
'krbpasswordexpiration']
if 'krbticketflags' in service_entry:
host_entry['krbticketflags'] = service_entry['krbticketflags']
- self.admin_conn.add_entry(host_entry)
+ api.Backend.ldap2.add_entry(host_entry)
# Add the host to the ipaserver host group
ld = ldapupdate.LDAPUpdate(ldapi=True)
@@ -359,9 +360,9 @@ class KrbInstance(service.Service):
# Create the special anonymous principal
installutils.kadmin_addprinc(princ_realm)
dn = DN(('krbprincipalname', princ_realm), self.get_realm_suffix())
- entry = self.admin_conn.get_entry(dn)
+ entry = api.Backend.ldap2.get_entry(dn)
entry['nsAccountlock'] = ['TRUE']
- self.admin_conn.update_entry(entry)
+ api.Backend.ldap2.update_entry(entry)
def __convert_to_gssapi_replication(self):
repl = replication.ReplicationManager(self.realm,
diff --git a/ipaserver/install/odsexporterinstance.py b/ipaserver/install/odsexporterinstance.py
index 7caf27adb..59f27f578 100644
--- a/ipaserver/install/odsexporterinstance.py
+++ b/ipaserver/install/odsexporterinstance.py
@@ -112,7 +112,7 @@ class ODSExporterInstance(service.Service):
mod = [(ldap.MOD_ADD, 'member', dns_exporter_principal_dn)]
try:
- self.admin_conn.modify_s(dns_group, mod)
+ api.Backend.ldap2.modify_s(dns_group, mod)
except ldap.TYPE_OR_VALUE_EXISTS:
pass
except Exception as e:
@@ -127,7 +127,7 @@ class ODSExporterInstance(service.Service):
(ldap.MOD_REPLACE, 'nsIdleTimeout', '-1'),
(ldap.MOD_REPLACE, 'nsLookThroughLimit', '-1')]
try:
- self.admin_conn.modify_s(dns_exporter_principal_dn, mod)
+ api.Backend.ldap2.modify_s(dns_exporter_principal_dn, mod)
except Exception as e:
root_logger.critical("Could not set principal's %s LDAP limits: %s"
% (dns_exporter_principal_dn, str(e)))
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index 7f3269f82..ea6cb51d4 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -82,7 +82,7 @@ class OpenDNSSECInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix')
def get_masters(self):
- return get_dnssec_key_masters(self.admin_conn)
+ return get_dnssec_key_masters(api.Backend.ldap2)
def create_instance(self, fqdn, realm_name, generate_master_key=True,
kasp_db_file=None):
@@ -145,7 +145,7 @@ class OpenDNSSECInstance(service.Service):
dn = DN(('cn', 'DNSSEC'), ('cn', self.fqdn), api.env.container_masters,
api.env.basedn)
try:
- entry = self.admin_conn.get_entry(dn, ['ipaConfigString'])
+ entry = api.Backend.ldap2.get_entry(dn, ['ipaConfigString'])
except errors.NotFound as e:
root_logger.error(
"DNSSEC service entry not found in the LDAP (%s)", e)
@@ -153,7 +153,7 @@ class OpenDNSSECInstance(service.Service):
config = entry.setdefault('ipaConfigString', [])
if KEYMASTER not in config:
config.append(KEYMASTER)
- self.admin_conn.update_entry(entry)
+ api.Backend.ldap2.update_entry(entry)
def __setup_conf_files(self):
if not self.fstore.has_file(paths.OPENDNSSEC_CONF_FILE):
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 62bd4990d..bdb8e56e4 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -170,13 +170,6 @@ class Service(object):
self.promote = False
@property
- def admin_conn(self):
- """
- alias for api.Backend.ldap2
- """
- return api.Backend.ldap2
-
- @property
def principal(self):
if any(attr is None for attr in (self.realm, self.fqdn,
self.service_prefix)):
@@ -209,7 +202,7 @@ class Service(object):
# As we always connect to the local host,
# use URI of admin connection
if not ldap_uri:
- ldap_uri = self.admin_conn.ldap_uri
+ ldap_uri = api.Backend.ldap2.ldap_uri
args += ["-H", ldap_uri]
@@ -246,21 +239,21 @@ class Service(object):
dn = DN(('krbprincipalname', principal), ('cn', self.realm), ('cn', 'kerberos'), self.suffix)
try:
- entry = self.admin_conn.get_entry(dn)
+ entry = api.Backend.ldap2.get_entry(dn)
except errors.NotFound:
# There is no service in the wrong location, nothing to do.
# This can happen when installing a replica
return None
newdn = DN(('krbprincipalname', principal), ('cn', 'services'), ('cn', 'accounts'), self.suffix)
hostdn = DN(('fqdn', self.fqdn), ('cn', 'computers'), ('cn', 'accounts'), self.suffix)
- self.admin_conn.delete_entry(entry)
+ api.Backend.ldap2.delete_entry(entry)
entry.dn = newdn
classes = entry.get("objectclass")
classes = classes + ["ipaobject", "ipaservice", "pkiuser"]
entry["objectclass"] = list(set(classes))
entry["ipauniqueid"] = ['autogenerate']
entry["managedby"] = [hostdn]
- self.admin_conn.add_entry(entry)
+ api.Backend.ldap2.add_entry(entry)
return newdn
def add_simple_service(self, principal):
@@ -271,7 +264,7 @@ class Service(object):
"""
dn = DN(('krbprincipalname', principal), ('cn', 'services'), ('cn', 'accounts'), self.suffix)
hostdn = DN(('fqdn', self.fqdn), ('cn', 'computers'), ('cn', 'accounts'), self.suffix)
- entry = self.admin_conn.make_entry(
+ entry = api.Backend.ldap2.make_entry(
dn,
objectclass=[
"krbprincipal", "krbprincipalaux", "krbticketpolicyaux",
@@ -280,7 +273,7 @@ class Service(object):
ipauniqueid=['autogenerate'],
managedby=[hostdn],
)
- self.admin_conn.add_entry(entry)
+ api.Backend.ldap2.add_entry(entry)
return dn
def add_cert_to_service(self):
@@ -291,16 +284,16 @@ class Service(object):
"""
dn = DN(('krbprincipalname', self.principal), ('cn', 'services'),
('cn', 'accounts'), self.suffix)
- entry = self.admin_conn.get_entry(dn)
+ entry = api.Backend.ldap2.get_entry(dn)
entry.setdefault('userCertificate', []).append(self.dercert)
try:
- self.admin_conn.update_entry(entry)
+ api.Backend.ldap2.update_entry(entry)
except Exception as e:
root_logger.critical("Could not add certificate to service %s entry: %s" % (self.principal, str(e)))
def import_ca_certs(self, db, ca_is_configured, conn=None):
if conn is None:
- conn = self.admin_conn
+ conn = api.Backend.ldap2
try:
ca_certs = certstore.get_ca_certs_nss(
@@ -453,7 +446,8 @@ class Service(object):
# enable disabled service
try:
- entry = self.admin_conn.get_entry(entry_name, ['ipaConfigString'])
+ entry = api.Backend.ldap2.get_entry(
+ entry_name, ['ipaConfigString'])
except errors.NotFound:
pass
else:
@@ -465,7 +459,7 @@ class Service(object):
entry.setdefault('ipaConfigString', []).append(u'enabledService')
try:
- self.admin_conn.update_entry(entry)
+ api.Backend.ldap2.update_entry(entry)
except errors.EmptyModlist:
root_logger.debug("service %s startup entry already enabled", name)
return
@@ -477,7 +471,7 @@ class Service(object):
return
order = SERVICE_LIST[name][1]
- entry = self.admin_conn.make_entry(
+ entry = api.Backend.ldap2.make_entry(
entry_name,
objectclass=["nsContainer", "ipaConfigObject"],
cn=[name],
@@ -486,7 +480,7 @@ class Service(object):
)
try:
- self.admin_conn.add_entry(entry)
+ api.Backend.ldap2.add_entry(entry)
except (errors.DuplicateEntry) as e:
root_logger.debug("failed to add service %s startup entry", name)
raise e
@@ -497,13 +491,13 @@ class Service(object):
entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'),
('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
search_kw = {'ipaConfigString': u'enabledService'}
- filter = self.admin_conn.make_filter(search_kw)
+ filter = api.Backend.ldap2.make_filter(search_kw)
try:
- entries, _truncated = self.admin_conn.find_entries(
+ entries, _truncated = api.Backend.ldap2.find_entries(
filter=filter,
attrs_list=['ipaConfigString'],
base_dn=entry_dn,
- scope=self.admin_conn.SCOPE_BASE)
+ scope=api.Backend.ldap2.SCOPE_BASE)
except errors.NotFound:
root_logger.debug("service %s startup entry already disabled", name)
return
@@ -518,7 +512,7 @@ class Service(object):
break
try:
- self.admin_conn.update_entry(entry)
+ api.Backend.ldap2.update_entry(entry)
except errors.EmptyModlist:
pass
except:
@@ -531,7 +525,7 @@ class Service(object):
entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'),
('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
try:
- self.admin_conn.delete_entry(entry_dn)
+ api.Backend.ldap2.delete_entry(entry_dn)
except errors.NotFound:
root_logger.debug("service %s container already removed", name)
else:
generated by cgit (git 2.34.1) at 2024-06-30 14:29:50 +0000