summaryrefslogtreecommitdiffstats
path: root/ipaserver
diff options
context:
space:
mode:
authorMartin Basti <mbasti@redhat.com>2015-03-19 15:32:21 +0100
committerPetr Vobornik <pvoborni@redhat.com>2015-04-14 19:25:47 +0200
commit0e752aab297ad0a2c43d6c8755db175f45de028e (patch)
treec643e0daf0573e0e66392764b0d1c2a3d591a15a /ipaserver
parentf24f614396de809350b54423ca128b478601a64e (diff)
downloadfreeipa-0e752aab297ad0a2c43d6c8755db175f45de028e.tar.gz
freeipa-0e752aab297ad0a2c43d6c8755db175f45de028e.tar.xz
freeipa-0e752aab297ad0a2c43d6c8755db175f45de028e.zip
Server Upgrade: plugins should use ldapupdater API instance
This is required to have proper LDAP connection in plugins https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r--ipaserver/install/plugins/adtrust.py17
-rw-r--r--ipaserver/install/plugins/dns.py25
-rw-r--r--ipaserver/install/plugins/fix_replica_agreements.py6
-rw-r--r--ipaserver/install/plugins/rename_managed.py2
-rw-r--r--ipaserver/install/plugins/update_idranges.py4
-rw-r--r--ipaserver/install/plugins/update_pacs.py2
-rw-r--r--ipaserver/install/plugins/update_passsync.py2
-rw-r--r--ipaserver/install/plugins/update_services.py2
8 files changed, 32 insertions, 28 deletions
diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py
index 7a4f543f5..287595d96 100644
--- a/ipaserver/install/plugins/adtrust.py
+++ b/ipaserver/install/plugins/adtrust.py
@@ -32,7 +32,7 @@ class update_default_range(Updater):
def execute(self, **options):
ldap = self.api.Backend.ldap2
- dn = DN(api.env.container_ranges, api.env.basedn)
+ dn = DN(self.api.env.container_ranges, self.api.env.basedn)
search_filter = "objectclass=ipaDomainIDRange"
try:
(entries, truncated) = ldap.find_entries(search_filter, [], dn)
@@ -42,7 +42,8 @@ class update_default_range(Updater):
root_logger.debug("default_range: ipaDomainIDRange entry found, skip plugin")
return False, []
- dn = DN(('cn', 'admins'), api.env.container_group, api.env.basedn)
+ dn = DN(('cn', 'admins'), self.api.env.container_group,
+ self.api.env.basedn)
try:
admins_entry = ldap.get_entry(dn, ['gidnumber'])
except errors.NotFound:
@@ -51,7 +52,7 @@ class update_default_range(Updater):
return False, []
id_range_base_id = admins_entry['gidnumber'][0]
- id_range_name = '%s_id_range' % api.env.realm
+ id_range_name = '%s_id_range' % self.api.env.realm
id_range_size = DEFAULT_ID_RANGE_SIZE
range_entry = ['objectclass:top',
@@ -63,8 +64,8 @@ class update_default_range(Updater):
'iparangetype:ipa-local',
]
- dn = DN(('cn', '%s_id_range' % api.env.realm),
- api.env.container_ranges, api.env.basedn)
+ dn = DN(('cn', '%s_id_range' % self.api.env.realm),
+ self.api.env.container_ranges, self.api.env.basedn)
update = {'dn': dn, 'default': range_entry}
@@ -74,7 +75,7 @@ class update_default_range(Updater):
# bigger range (option --idmax).
# We should make our best to check if this is the case and provide
# user with an information how to fix it.
- dn = DN(api.env.container_dna_posix_ids, api.env.basedn)
+ dn = DN(self.api.env.container_dna_posix_ids, self.api.env.basedn)
search_filter = "objectclass=dnaSharedConfig"
attrs = ['dnaHostname', 'dnaRemainingValues']
try:
@@ -124,8 +125,8 @@ class update_default_trust_view(Updater):
ldap = self.api.Backend.ldap2
default_trust_view_dn = DN(('cn', 'Default Trust View'),
- api.env.container_views,
- api.env.basedn)
+ self.api.env.container_views,
+ self.api.env.basedn)
default_trust_view_entry = [
'objectclass:top',
diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py
index 67c08ccb4..95c004d21 100644
--- a/ipaserver/install/plugins/dns.py
+++ b/ipaserver/install/plugins/dns.py
@@ -62,7 +62,7 @@ class update_dnszones(Updater):
return False, []
try:
- zones = api.Command.dnszone_find(all=True)['result']
+ zones = self.api.Command.dnszone_find(all=True)['result']
except errors.NotFound:
self.log.info('No DNS zone to update found')
return False, []
@@ -77,14 +77,15 @@ class update_dnszones(Updater):
# do not open zone transfers by default
update['idnsallowtransfer'] = u'none;'
- old_policy = util.get_dns_forward_zone_update_policy(api.env.realm, ('A', 'AAAA'))
+ old_policy = util.get_dns_forward_zone_update_policy(
+ self.api.env.realm, ('A', 'AAAA'))
if zone.get('idnsupdatepolicy', [''])[0] == old_policy:
update['idnsupdatepolicy'] = util.get_dns_forward_zone_update_policy(\
- api.env.realm)
+ self.api.env.realm)
if update:
# FIXME: https://fedorahosted.org/freeipa/ticket/4722
- api.Command.dnszone_mod(zone[u'idnsname'][0].make_absolute(),
+ self.api.Command.dnszone_mod(zone[u'idnsname'][0].make_absolute(),
**update)
return False, []
@@ -156,7 +157,7 @@ class update_master_to_dnsforwardzones(Updater):
def execute(self, **options):
ldap = self.api.Backend.ldap2
# check LDAP if forwardzones already uses new semantics
- dns_container_dn = DN(api.env.container_dns, api.env.basedn)
+ dns_container_dn = DN(self.api.env.container_dns, self.api.env.basedn)
try:
container_entry = ldap.get_entry(dns_container_dn)
except errors.NotFound:
@@ -181,7 +182,7 @@ class update_master_to_dnsforwardzones(Updater):
# should detect if update in past has been executed, and set proper
# DNSVersion into LDAP
try:
- fwzones = api.Command.dnsforwardzone_find()['result']
+ fwzones = self.api.Command.dnsforwardzone_find()['result']
except errors.NotFound:
# No forwardzones found, update probably has not been executed yet
pass
@@ -193,7 +194,7 @@ class update_master_to_dnsforwardzones(Updater):
zones = []
try:
# raw values are required to store into ldif
- zones = api.Command.dnszone_find(all=True,
+ zones = self.api.Command.dnszone_find(all=True,
raw=True,
sizelimit=0)['result']
except errors.NotFound:
@@ -249,7 +250,7 @@ class update_master_to_dnsforwardzones(Updater):
zone_to_privileges[zone['idnsname'][0]] = entry['member']
# raw values are required to store into ldif
- records = api.Command['dnsrecord_find'](
+ records = self.api.Command['dnsrecord_find'](
zone['idnsname'][0],
all=True,
raw=True,
@@ -288,7 +289,7 @@ class update_master_to_dnsforwardzones(Updater):
for zone in zones_to_transform:
# delete master zone
try:
- api.Command['dnszone_del'](zone['idnsname'])
+ self.api.Command['dnszone_del'](zone['idnsname'])
except Exception, e:
self.log.error('Transform to forwardzone terminated: '
'removing zone %s failed (%s)' % (
@@ -303,7 +304,7 @@ class update_master_to_dnsforwardzones(Updater):
'idnsforwarders': zone.get('idnsforwarders', []),
'idnsforwardpolicy': zone.get('idnsforwardpolicy', [u'first'])[0]
}
- api.Command['dnsforwardzone_add'](zone['idnsname'][0], **kw)
+ self.api.Command['dnsforwardzone_add'](zone['idnsname'][0], **kw)
except Exception, e:
self.log.error('Transform to forwardzone terminated: creating '
'forwardzone %s failed' %
@@ -314,7 +315,7 @@ class update_master_to_dnsforwardzones(Updater):
# create permission if original zone has one
if 'managedBy' in zone:
try:
- perm_name = api.Command['dnsforwardzone_add_permission'](
+ perm_name = self.api.Command['dnsforwardzone_add_permission'](
zone['idnsname'][0])['value']
except Exception, e:
self.log.error('Transform to forwardzone terminated: '
@@ -332,7 +333,7 @@ class update_master_to_dnsforwardzones(Updater):
dn[0].value for dn in zone_to_privileges[zone['idnsname'][0]]
]
try:
- api.Command['permission_add_member'](perm_name,
+ self.api.Command['permission_add_member'](perm_name,
privilege=privileges)
except Exception, e:
self.log.error('Unable to restore privileges for '
diff --git a/ipaserver/install/plugins/fix_replica_agreements.py b/ipaserver/install/plugins/fix_replica_agreements.py
index 0b1db1c60..413bf877d 100644
--- a/ipaserver/install/plugins/fix_replica_agreements.py
+++ b/ipaserver/install/plugins/fix_replica_agreements.py
@@ -37,10 +37,12 @@ class update_replica_attribute_lists(Updater):
def execute(self, **options):
# We need an IPAdmin connection to the backend
self.log.debug("Start replication agreement exclude list update task")
- conn = ipaldap.IPAdmin(api.env.host, ldapi=True, realm=api.env.realm)
+ conn = ipaldap.IPAdmin(self.api.env.host, ldapi=True,
+ realm=self.api.env.realm)
conn.do_external_bind(pwd.getpwuid(os.geteuid()).pw_name)
- repl = replication.ReplicationManager(api.env.realm, api.env.host,
+ repl = replication.ReplicationManager(self.api.env.realm,
+ self.api.env.host,
None, conn=conn)
# We need to update only IPA replica agreements, not winsync
diff --git a/ipaserver/install/plugins/rename_managed.py b/ipaserver/install/plugins/rename_managed.py
index 1c031543c..02f91e73b 100644
--- a/ipaserver/install/plugins/rename_managed.py
+++ b/ipaserver/install/plugins/rename_managed.py
@@ -48,7 +48,7 @@ class GenerateUpdateMixin(object):
"""
ldap = self.api.Backend.ldap2
- suffix = ipautil.realm_to_suffix(api.env.realm)
+ suffix = ipautil.realm_to_suffix(self.api.env.realm)
searchfilter = '(objectclass=*)'
definitions_managed_entries = []
diff --git a/ipaserver/install/plugins/update_idranges.py b/ipaserver/install/plugins/update_idranges.py
index a6f2527cc..3181e9ec5 100644
--- a/ipaserver/install/plugins/update_idranges.py
+++ b/ipaserver/install/plugins/update_idranges.py
@@ -32,7 +32,7 @@ class update_idrange_type(Updater):
def execute(self, **options):
ldap = self.api.Backend.ldap2
- base_dn = DN(api.env.container_ranges, api.env.basedn)
+ base_dn = DN(self.api.env.container_ranges, self.api.env.basedn)
search_filter = ("(&(objectClass=ipaIDrange)(!(ipaRangeType=*)))")
root_logger.debug("update_idrange_type: search for ID ranges with no "
"type set")
@@ -118,7 +118,7 @@ class update_idrange_baserid(Updater):
def execute(self, **options):
ldap = self.api.Backend.ldap2
- base_dn = DN(api.env.container_ranges, api.env.basedn)
+ base_dn = DN(self.api.env.container_ranges, self.api.env.basedn)
search_filter = ("(&(objectClass=ipaTrustedADDomainRange)"
"(ipaRangeType=ipa-ad-trust-posix)"
"(!(ipaBaseRID=0)))")
diff --git a/ipaserver/install/plugins/update_pacs.py b/ipaserver/install/plugins/update_pacs.py
index 5f8eec2c8..e361844e5 100644
--- a/ipaserver/install/plugins/update_pacs.py
+++ b/ipaserver/install/plugins/update_pacs.py
@@ -31,7 +31,7 @@ class update_pacs(Updater):
ldap = self.api.Backend.ldap2
try:
- dn = DN('cn=ipaConfig', 'cn=etc', api.env.basedn)
+ dn = DN('cn=ipaConfig', 'cn=etc', self.api.env.basedn)
entry = ldap.get_entry(dn, ['ipakrbauthzdata'])
pacs = entry.get('ipakrbauthzdata', [])
except errors.NotFound:
diff --git a/ipaserver/install/plugins/update_passsync.py b/ipaserver/install/plugins/update_passsync.py
index 1bda790fc..a35f64ef4 100644
--- a/ipaserver/install/plugins/update_passsync.py
+++ b/ipaserver/install/plugins/update_passsync.py
@@ -50,7 +50,7 @@ class update_passync_privilege_update(Updater):
root_logger.debug("Add PassSync user as a member of PassSync privilege")
ldap = self.api.Backend.ldap2
passsync_dn = DN(('uid','passsync'), ('cn', 'sysaccounts'), ('cn', 'etc'),
- api.env.basedn)
+ self.api.env.basedn)
passsync_privilege_dn = DN(('cn','PassSync Service'),
self.api.env.container_privilege,
self.api.env.basedn)
diff --git a/ipaserver/install/plugins/update_services.py b/ipaserver/install/plugins/update_services.py
index 490d0748b..975480d7b 100644
--- a/ipaserver/install/plugins/update_services.py
+++ b/ipaserver/install/plugins/update_services.py
@@ -33,7 +33,7 @@ class update_service_principalalias(Updater):
def execute(self, **options):
ldap = self.api.Backend.ldap2
- base_dn = DN(api.env.container_service, api.env.basedn)
+ base_dn = DN(self.api.env.container_service, self.api.env.basedn)
search_filter = ("(&(objectclass=krbprincipal)(objectclass=ipaservice)"
"(!(objectclass=ipakrbprincipal)))")
root_logger.debug("update_service_principalalias: search for affected "