From bc3f3381c6bf0b4941889b775025a60f56318551 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Thu, 31 Oct 2013 16:53:44 +0000 Subject: Convert remaining backend code to LDAPEntry API. --- ipapython/ipaldap.py | 6 +++--- ipaserver/plugins/dogtag.py | 4 +--- ipaserver/plugins/ldap2.py | 39 +++++++++++++++++++-------------------- ipaserver/rpcserver.py | 2 +- 4 files changed, 24 insertions(+), 27 deletions(-) diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index 39d0edb1c..a48879f0a 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -1521,14 +1521,14 @@ class LDAPClient(object): assert isinstance(dn, DN) - (entry, truncated) = self.find_entries( + (entries, truncated) = self.find_entries( None, attrs_list, dn, self.SCOPE_BASE, time_limit=time_limit, size_limit=size_limit ) if truncated: raise errors.LimitsExceeded() - return entry[0] + return entries[0] def _get_dn_and_attrs(self, entry_or_dn, entry_attrs): """Helper for legacy calling style for {add,update}_entry @@ -1577,7 +1577,7 @@ class LDAPClient(object): assert isinstance(dn, DN) # get original entry - dn, entry_attrs_old = self.get_entry(dn, entry_attrs.keys()) + entry_attrs_old = self.get_entry(dn, entry_attrs.keys()) # generate modlist # for multi value attributes: no MOD_REPLACE to handle simultaneous diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index e5a8d3b17..123c2d54a 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1303,9 +1303,7 @@ class ra(rabase.rabase): ent, trunc = ldap2.find_entries(filter=filter, base_dn=base_dn) if len(ent): entry = random.choice(ent) - dn = entry[0] - assert isinstance(dn, DN) - return dn[1].value + return entry.dn[1].value except Exception, e: pass return None diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index fa58b2244..97f26ec77 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -277,13 +277,13 @@ class ldap2(LDAPClient, CrudBackend): # Not in our context yet pass try: - (entry, truncated) = self.find_entries( + (entries, truncated) = self.find_entries( None, attrs_list, base_dn=dn, scope=self.SCOPE_BASE, time_limit=2, size_limit=10 ) if truncated: raise errors.LimitsExceeded() - config_entry = entry[0] + config_entry = entries[0] except errors.NotFound: config_entry = self.make_entry(dn) for a in self.config_defaults: @@ -304,15 +304,15 @@ class ldap2(LDAPClient, CrudBackend): upg_entry = self.conn.search_s(upg_dn, _ldap.SCOPE_BASE, attrlist=['*'])[0] disable_attr = '(objectclass=disable)' - if 'originfilter' in upg_entry[1]: - org_filter = upg_entry[1]['originfilter'] + if 'originfilter' in upg_entry: + org_filter = upg_entry['originfilter'] return not bool(re.search(r'%s' % disable_attr, org_filter[0])) else: return False except _ldap.NO_SUCH_OBJECT, e: return False - def get_effective_rights(self, dn, entry_attrs): + def get_effective_rights(self, dn, attrs_list): """Returns the rights the currently bound user has for the given DN. Returns 2 attributes, the attributeLevelRights for the given list of @@ -322,15 +322,14 @@ class ldap2(LDAPClient, CrudBackend): assert isinstance(dn, DN) principal = getattr(context, 'principal') - (binddn, attrs) = self.find_entry_by_attr("krbprincipalname", principal, + entry = self.find_entry_by_attr("krbprincipalname", principal, "krbPrincipalAux", base_dn=api.env.basedn) - assert isinstance(binddn, DN) - sctrl = [GetEffectiveRightsControl(True, "dn: " + str(binddn))] + sctrl = [GetEffectiveRightsControl(True, "dn: " + str(entry.dn))] self.conn.set_option(_ldap.OPT_SERVER_CONTROLS, sctrl) - (dn, attrs) = self.get_entry(dn, entry_attrs) + entry = self.get_entry(dn, attrs_list) # remove the control so subsequent operations don't include GER self.conn.set_option(_ldap.OPT_SERVER_CONTROLS, []) - return (dn, attrs) + return entry def can_write(self, dn, attr): """Returns True/False if the currently bound user has write permissions @@ -339,7 +338,7 @@ class ldap2(LDAPClient, CrudBackend): assert isinstance(dn, DN) - (dn, attrs) = self.get_effective_rights(dn, [attr]) + attrs = self.get_effective_rights(dn, [attr]) if 'attributelevelrights' in attrs: attr_rights = attrs.get('attributelevelrights')[0].decode('UTF-8') (attr, rights) = attr_rights.split(':') @@ -354,7 +353,7 @@ class ldap2(LDAPClient, CrudBackend): """ assert isinstance(dn, DN) - (dn, attrs) = self.get_effective_rights(dn, [attr]) + attrs = self.get_effective_rights(dn, [attr]) if 'attributelevelrights' in attrs: attr_rights = attrs.get('attributelevelrights')[0].decode('UTF-8') (attr, rights) = attr_rights.split(':') @@ -379,7 +378,7 @@ class ldap2(LDAPClient, CrudBackend): assert isinstance(dn, DN) - (dn, attrs) = self.get_effective_rights(dn, ["*"]) + attrs = self.get_effective_rights(dn, ["*"]) if 'entrylevelrights' in attrs: entry_rights = attrs['entrylevelrights'][0].decode('UTF-8') if 'd' in entry_rights: @@ -392,7 +391,7 @@ class ldap2(LDAPClient, CrudBackend): on the entry. """ assert isinstance(dn, DN) - (dn, attrs) = self.get_effective_rights(dn, ["*"]) + attrs = self.get_effective_rights(dn, ["*"]) if 'entrylevelrights' in attrs: entry_rights = attrs['entrylevelrights'][0].decode('UTF-8') if 'a' in entry_rights: @@ -478,7 +477,7 @@ class ldap2(LDAPClient, CrudBackend): assert isinstance(active, bool) # get the entry in question - (dn, entry_attrs) = self.get_entry(dn, ['nsaccountlock']) + entry_attrs = self.get_entry(dn, ['nsaccountlock']) # check nsAccountLock attribute account_lock_attr = entry_attrs.get('nsaccountlock', ['false']) @@ -495,7 +494,7 @@ class ldap2(LDAPClient, CrudBackend): account_lock_attr = str(not active).upper() entry_attrs['nsaccountlock'] = account_lock_attr - self.update_entry(dn, entry_attrs) + self.update_entry(entry_attrs) def activate_entry(self, dn): """Mark entry active.""" @@ -529,7 +528,7 @@ class ldap2(LDAPClient, CrudBackend): assert isinstance(dn, DN) - (dn, entry_attrs) = self.get_entry(dn, attrs_list) + entry_attrs = self.get_entry(dn, attrs_list) return entry_attrs def create(self, **kw): @@ -542,7 +541,7 @@ class ldap2(LDAPClient, CrudBackend): dn = kw['dn'] assert isinstance(dn, DN) del kw['dn'] - self.add_entry(dn, kw) + self.add_entry(self.make_entry(dn, kw)) return self._get_normalized_entry_for_crud(dn) def retrieve(self, primary_key, attributes): @@ -559,7 +558,7 @@ class ldap2(LDAPClient, CrudBackend): Extends CrudBackend.update. """ - self.update_entry(primary_key, kw) + self.update_entry(self.make_entry(primary_key, kw)) return self._get_normalized_entry_for_crud(primary_key) def delete(self, primary_key): @@ -604,7 +603,7 @@ class ldap2(LDAPClient, CrudBackend): (entries, truncated) = self.find_entries( filter, attrs_list, base_dn, scope ) - for (dn, entry_attrs) in entries: + for entry_attrs in entries: output.append(entry_attrs) if truncated: diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index a37d3cd0f..92ab17dfc 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -923,7 +923,7 @@ class login_password(Backend, KerberosSession, HTTP_Status): conn.connect(bind_dn=dn, bind_pw=password) # password is ok, must be expired, lets double-check - (userdn, entry_attrs) = conn.get_entry(dn, + entry_attrs = conn.get_entry(dn, ['krbpasswordexpiration']) if 'krbpasswordexpiration' in entry_attrs: expiration = entry_attrs['krbpasswordexpiration'][0] -- cgit