2014-11-07 06:28:01 -06:00
|
|
|
#
|
|
|
|
# Copyright (C) 2014 FreeIPA Contributors see COPYING for license
|
|
|
|
#
|
|
|
|
|
2016-03-03 08:12:19 -06:00
|
|
|
from ipalib import Registry, errors
|
2015-03-18 09:46:00 -05:00
|
|
|
from ipalib import Updater
|
2014-11-07 06:28:01 -06:00
|
|
|
from ipapython.dn import DN
|
|
|
|
from ipapython.ipa_log_manager import root_logger
|
|
|
|
|
2016-03-03 08:12:19 -06:00
|
|
|
register = Registry()
|
|
|
|
|
|
|
|
|
|
|
|
@register()
|
2015-03-18 09:46:00 -05:00
|
|
|
class update_referint(Updater):
|
2014-11-07 06:28:01 -06:00
|
|
|
"""
|
|
|
|
Update referential integrity configuration to new style
|
|
|
|
http://directory.fedoraproject.org/docs/389ds/design/ri-plugin-configuration.html
|
|
|
|
|
|
|
|
old attr -> new attr
|
|
|
|
nsslapd-pluginArg0 -> referint-update-delay
|
|
|
|
nsslapd-pluginArg1 -> referint-logfile
|
|
|
|
nsslapd-pluginArg2 -> referint-logchanges
|
|
|
|
nsslapd-pluginArg3..N -> referint-membership-attr [3..N]
|
|
|
|
|
|
|
|
Old and new style cannot be mixed, all nslapd-pluginArg* attrs have to be removed
|
|
|
|
"""
|
|
|
|
|
|
|
|
referint_dn = DN(('cn', 'referential integrity postoperation'),
|
|
|
|
('cn', 'plugins'), ('cn', 'config'))
|
|
|
|
|
|
|
|
def execute(self, **options):
|
|
|
|
|
|
|
|
root_logger.debug("Upgrading referential integrity plugin configuration")
|
2015-03-18 09:46:00 -05:00
|
|
|
ldap = self.api.Backend.ldap2
|
2014-11-07 06:28:01 -06:00
|
|
|
try:
|
|
|
|
entry = ldap.get_entry(self.referint_dn)
|
|
|
|
except errors.NotFound:
|
|
|
|
root_logger.error("Referential integrity configuration not found")
|
2015-03-17 11:56:34 -05:00
|
|
|
return False, []
|
2014-11-07 06:28:01 -06:00
|
|
|
|
|
|
|
referint_membership_attrs = []
|
|
|
|
|
|
|
|
root_logger.debug("Initial value: %s", repr(entry))
|
|
|
|
|
|
|
|
# nsslapd-pluginArg0 -> referint-update-delay
|
|
|
|
update_delay = entry.get('nsslapd-pluginArg0')
|
|
|
|
if update_delay:
|
|
|
|
root_logger.debug("add: referint-update-delay: %s", update_delay)
|
|
|
|
entry['referint-update-delay'] = update_delay
|
|
|
|
entry['nsslapd-pluginArg0'] = None
|
|
|
|
else:
|
2015-06-08 10:33:11 -05:00
|
|
|
root_logger.debug("Plugin already uses new style, skipping")
|
2015-03-17 11:56:34 -05:00
|
|
|
return False, []
|
2014-11-07 06:28:01 -06:00
|
|
|
|
|
|
|
# nsslapd-pluginArg1 -> referint-logfile
|
|
|
|
logfile = entry.get('nsslapd-pluginArg1')
|
|
|
|
if logfile:
|
|
|
|
root_logger.debug("add: referint-logfile: %s", logfile)
|
|
|
|
entry['referint-logfile'] = logfile
|
|
|
|
entry['nsslapd-pluginArg1'] = None
|
|
|
|
|
|
|
|
# nsslapd-pluginArg2 -> referint-logchanges
|
|
|
|
logchanges = entry.get('nsslapd-pluginArg2')
|
|
|
|
if logchanges:
|
|
|
|
root_logger.debug("add: referint-logchanges: %s", logchanges)
|
|
|
|
entry['referint-logchanges'] = logchanges
|
|
|
|
entry['nsslapd-pluginArg2'] = None
|
|
|
|
|
|
|
|
# nsslapd-pluginArg3..N -> referint-membership-attr [3..N]
|
Use Python3-compatible dict method names
Python 2 has keys()/values()/items(), which return lists,
iterkeys()/itervalues()/iteritems(), which return iterators,
and viewkeys()/viewvalues()/viewitems() which return views.
Python 3 has only keys()/values()/items(), which return views.
To get iterators, one can use iter() or a for loop/comprehension;
for lists there's the list() constructor.
When iterating through the entire dict, without modifying the dict,
the difference between Python 2's items() and iteritems() is
negligible, especially on small dicts (the main overhead is
extra memory, not CPU time). In the interest of simpler code,
this patch changes many instances of iteritems() to items(),
iterkeys() to keys() etc.
In other cases, helpers like six.itervalues are used.
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-08-11 06:51:14 -05:00
|
|
|
for key in list(entry):
|
2014-11-07 06:28:01 -06:00
|
|
|
if key.lower().startswith('nsslapd-pluginarg'):
|
|
|
|
arg_val = entry.single_value[key]
|
|
|
|
if arg_val:
|
|
|
|
referint_membership_attrs.append(arg_val)
|
|
|
|
entry[key] = None
|
|
|
|
|
|
|
|
if referint_membership_attrs:
|
|
|
|
# entry['referint-membership-attr'] is None, plugin doesn't allow
|
|
|
|
# mixing old and new style
|
|
|
|
entry['referint-membership-attr'] = referint_membership_attrs
|
|
|
|
|
|
|
|
root_logger.debug("Final value: %s", repr(entry))
|
|
|
|
try:
|
|
|
|
ldap.update_entry(entry)
|
|
|
|
except errors.EmptyModlist:
|
|
|
|
root_logger.debug("No modifications required")
|
2015-03-17 11:56:34 -05:00
|
|
|
return False, []
|
2014-11-07 06:28:01 -06:00
|
|
|
|
2015-03-17 11:56:34 -05:00
|
|
|
return False, []
|