diff options
author | Martin Basti <mbasti@redhat.com> | 2017-01-11 12:35:08 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-01-24 13:25:47 +0100 |
commit | 4b148c8ca3d022020fa6caccf02729c090c8dbcb (patch) | |
tree | ea4525add4cf3b369dfc71d6f515b61a13b97825 /ipaserver/install | |
parent | 0a1d7f2e01819ad6e4a19d0416b3a01883dea7d0 (diff) | |
download | freeipa-4b148c8ca3d022020fa6caccf02729c090c8dbcb.tar.gz freeipa-4b148c8ca3d022020fa6caccf02729c090c8dbcb.tar.xz freeipa-4b148c8ca3d022020fa6caccf02729c090c8dbcb.zip |
py3: __add_acl: use standard ipaldap methods
Using raw pyldap interface we have to keep vaules as bytes. Is easier to
migrate to ipaldap and use strings without decoding and encoding.
https://fedorahosted.org/freeipa/ticket/4985
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/install')
-rw-r--r-- | ipaserver/install/cainstance.py | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 20677cf46..a73a9c414 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1528,22 +1528,19 @@ def __add_acls(new_rules): Return ``True`` if any ACLs were added otherwise ``False``. """ - server_id = installutils.realm_to_serverid(api.env.realm) - dogtag_uri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % server_id updated = False dn = DN(('cn', 'aclResources'), ('o', 'ipaca')) - conn = ldap2.ldap2(api, ldap_uri=dogtag_uri) - if not conn.isconnected(): - conn.connect(autobind=True) - cur_rules = conn.get_entry(dn).get('resourceACLS', []) + conn = api.Backend.ldap2 + entry = conn.get_entry(dn) + cur_rules = entry.get('resourceACLS', []) add_rules = [rule for rule in new_rules if rule not in cur_rules] if add_rules: - conn.conn.modify_s(str(dn), [(ldap.MOD_ADD, 'resourceACLS', add_rules)]) + cur_rules.extend(add_rules) + conn.update_entry(entry) updated = True - conn.disconnect() return updated |