install: remove adhoc dis/connect from services

Remove ldap_connect and ldap_disconnect from services. admin_conn is just an alias to api.Backend.ldap2 and therefore the connection should be managed elsewhere. https://fedorahosted.org/freeipa/ticket/6461 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Tomas Krizek <tkrizek@redhat.com> 2016-10-26 17:00:12 +0200
committer: Martin Basti <mbasti@redhat.com> 2016-11-07 11:34:03 +0100
commit: 03d113cdd7c5f943d8937eb4fec1086bfe47e909 (patch)
tree: dd6c2f72ba884413035e95d335c4444d0ec837e3 /ipaserver/install/service.py
parent: c51b04fae77149a09e921495c5b3c9802d199076 (diff)
download: freeipa-03d113cdd7c5f943d8937eb4fec1086bfe47e909.tar.gz
freeipa-03d113cdd7c5f943d8937eb4fec1086bfe47e909.tar.xz
freeipa-03d113cdd7c5f943d8937eb4fec1086bfe47e909.zip
1 files changed, 1 insertions, 45 deletions
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 91137ddd7..c2b8e0012 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -30,7 +30,6 @@ from ipapython.ipa_log_manager import root_logger
 from ipalib import api, errors, certstore
 from ipaplatform import services
 from ipaplatform.paths import paths
-from ipapython.ipaldap import LDAPClient
 
 
 # The service name as stored in cn=masters,cn=ipa,cn=etc. In the tuple
@@ -154,22 +153,8 @@ class Service(object):
     def admin_conn(self):
         """
         alias for api.Backend.ldap2
-        :returns: None when ldap2 is not connected, ldap2 connection otherwise
         """
-        conn = api.Backend.ldap2
-        if conn.isconnected():
-            return conn
-        return None
-
-    def ldap_connect(self):
-        """connect to ldap with installer's limits"""
-        if not self.admin_conn:
-            api.Backend.ldap2.connect(size_limit=LDAPClient.size_limit,
-                                      time_limit=LDAPClient.time_limit)
-
-    def ldap_disconnect(self):
-        """close the api.Backend.ldap2 connection"""
-        api.Backend.ldap2.disconnect()
+        return api.Backend.ldap2
 
     def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=True,
                   ldap_uri=None, dm_password=None):
@@ -194,8 +179,6 @@ class Service(object):
         # As we always connect to the local host,
         # use URI of admin connection
         if not ldap_uri:
-            if not self.admin_conn:
-                self.ldap_connect()
             ldap_uri = self.admin_conn.ldap_uri
 
         args += ["-H", ldap_uri]
@@ -256,9 +239,6 @@ class Service(object):
 
         The principal needs to be fully-formed: service/host@REALM
         """
-        if not self.admin_conn:
-            self.ldap_connect()
-
         dn = DN(('krbprincipalname', principal), ('cn', 'services'), ('cn', 'accounts'), self.suffix)
         hostdn = DN(('fqdn', self.fqdn), ('cn', 'computers'), ('cn', 'accounts'), self.suffix)
         entry = self.admin_conn.make_entry(
@@ -279,21 +259,6 @@ class Service(object):
 
         This server cert should be in DER format.
         """
-
-        # add_cert_to_service() is relatively rare operation
-        # we actually call it twice during ipa-server-install, for different
-        # instances: ds and cs. Unfortunately, it may happen that admin
-        # connection was created well before add_cert_to_service() is called
-        # If there are other operations in between, it will become stale and
-        # since we are using SimpleLDAPObject, not ReconnectLDAPObject, the
-        # action will fail. Thus, explicitly disconnect and connect again.
-        # Using ReconnectLDAPObject instead of SimpleLDAPObject was considered
-        # but consequences for other parts of the framework are largely
-        # unknown.
-        if self.admin_conn:
-            self.ldap_disconnect()
-        self.ldap_connect()
-
         dn = DN(('krbprincipalname', self.principal), ('cn', 'services'),
                 ('cn', 'accounts'), self.suffix)
         entry = self.admin_conn.get_entry(dn)
@@ -305,8 +270,6 @@ class Service(object):
 
     def import_ca_certs(self, db, ca_is_configured, conn=None):
         if conn is None:
-            if not self.admin_conn:
-                self.ldap_connect()
             conn = self.admin_conn
 
         try:
@@ -455,8 +418,6 @@ class Service(object):
                     config=[]):
         assert isinstance(ldap_suffix, DN)
         self.disable()
-        if not self.admin_conn:
-            self.ldap_connect()
 
         entry_name = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
 
@@ -502,8 +463,6 @@ class Service(object):
 
     def ldap_disable(self, name, fqdn, ldap_suffix):
         assert isinstance(ldap_suffix, DN)
-        if not self.admin_conn:
-            self.ldap_connect()
 
         entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'),
                         ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
@@ -539,9 +498,6 @@ class Service(object):
         root_logger.debug("service %s startup entry disabled", name)
 
     def ldap_remove_service_container(self, name, fqdn, ldap_suffix):
-        if not self.admin_conn:
-            self.ldap_connect()
-
         entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'),
                         ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
         try:
author	Tomas Krizek <tkrizek@redhat.com>	2016-10-26 17:00:12 +0200
committer	Martin Basti <mbasti@redhat.com>	2016-11-07 11:34:03 +0100
commit	03d113cdd7c5f943d8937eb4fec1086bfe47e909 (patch)
tree	dd6c2f72ba884413035e95d335c4444d0ec837e3 /ipaserver/install/service.py
parent	c51b04fae77149a09e921495c5b3c9802d199076 (diff)
download	freeipa-03d113cdd7c5f943d8937eb4fec1086bfe47e909.tar.gz freeipa-03d113cdd7c5f943d8937eb4fec1086bfe47e909.tar.xz freeipa-03d113cdd7c5f943d8937eb4fec1086bfe47e909.zip