diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2013-06-25 13:10:36 +0000 |
|---|---|---|
| committer | Alexander Bokovoy <abokovoy@redhat.com> | 2013-07-11 12:39:26 +0300 |
| commit | 30c06f757303e140e781dbd55d0048ac732b11cc (patch) | |
| tree | 863d064de7928530a7525dc6ba34e8935de56c6a /ipaserver/plugins | |
| parent | 55da8328674877801bcb17bbe8c9e9bec3fb9022 (diff) | |
| download | freeipa-30c06f757303e140e781dbd55d0048ac732b11cc.tar.gz freeipa-30c06f757303e140e781dbd55d0048ac732b11cc.tar.xz freeipa-30c06f757303e140e781dbd55d0048ac732b11cc.zip | |
Use LDAP modify operation directly to add/remove group members.
This prevents getting full member list from LDAP and putting it back later.
https://fedorahosted.org/freeipa/ticket/3706
Diffstat (limited to 'ipaserver/plugins')
| -rw-r--r-- | ipaserver/plugins/ldap2.py | 36 |
1 files changed, 13 insertions, 23 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index b84271c63..048e2c510 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -346,27 +346,23 @@ class ldap2(LDAPClient, CrudBackend): self.log.debug( "add_entry_to_group: dn=%s group_dn=%s member_attr=%s", dn, group_dn, member_attr) - # check if the entry exists - (dn, entry_attrs) = self.get_entry(dn, ['objectclass']) - # get group entry - (group_dn, group_entry_attrs) = self.get_entry(group_dn, [member_attr]) + # check if the entry exists + entry = self.get_entry(dn, ['']) + dn = entry.dn - self.log.debug( - "add_entry_to_group: group_entry_attrs=%s", group_entry_attrs) # check if we're not trying to add group into itself if dn == group_dn and not allow_same: raise errors.SameGroupError() # add dn to group entry's `member_attr` attribute - members = group_entry_attrs.get(member_attr, []) - members.append(dn) - group_entry_attrs[member_attr] = members + modlist = [(_ldap.MOD_ADD, member_attr, [dn])] # update group entry try: - self.update_entry(group_dn, group_entry_attrs) - except errors.EmptyModlist: + with self.error_handler(): + self.conn.modify_s(group_dn, modlist) + except errors.DatabaseError: raise errors.AlreadyGroupMember() def remove_entry_from_group(self, dn, group_dn, member_attr='member'): @@ -378,22 +374,16 @@ class ldap2(LDAPClient, CrudBackend): self.log.debug( "remove_entry_from_group: dn=%s group_dn=%s member_attr=%s", dn, group_dn, member_attr) - # get group entry - (group_dn, group_entry_attrs) = self.get_entry(group_dn, [member_attr]) - self.log.debug( - "remove_entry_from_group: group_entry_attrs=%s", group_entry_attrs) # remove dn from group entry's `member_attr` attribute - members = group_entry_attrs.get(member_attr, []) - assert all([isinstance(x, DN) for x in members]) - try: - members.remove(dn) - except ValueError: - raise errors.NotGroupMember() - group_entry_attrs[member_attr] = members + modlist = [(_ldap.MOD_DELETE, member_attr, [dn])] # update group entry - self.update_entry(group_dn, group_entry_attrs) + try: + with self.error_handler(): + self.conn.modify_s(group_dn, modlist) + except errors.MidairCollision: + raise errors.NotGroupMember() def set_entry_active(self, dn, active): """Mark entry active/inactive.""" |