Convert remaining installer code to LDAPEntry API.

install/certmonger/dogtag-ipa-retrieve-agent-submit

@@ -62,7 +62,7 @@ try:
     conn.connect(ccache=ccache)
     try:
         syslog.syslog(syslog.LOG_NOTICE, "Updating certificate for %s" % nickname)
-        (entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate'])
+        entry_attrs = conn.get_entry(dn, ['usercertificate'])
         cert = entry_attrs['usercertificate'][0]
         cert = base64.b64encode(cert)
         print x509.make_pem(cert)

install/restart_scripts/renew_ca_cert

@@ -69,13 +69,15 @@ try:
     conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri)
     conn.connect(ccache=ccache)
     try:
-        (entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate'])
+        entry_attrs = conn.get_entry(dn, ['usercertificate'])
         entry_attrs['usercertificate'] = cert
-        conn.update_entry(dn, entry_attrs)
+        conn.update_entry(entry_attrs)
     except errors.NotFound:
-        entry_attrs = dict(objectclass=['top', 'pkiuser', 'nscontainer'],
+        entry_attrs = conn.make_entry(
-                                        usercertificate=cert)
+            dn,
-        conn.add_entry(dn, entry_attrs)
+            objectclass=['top', 'pkiuser', 'nscontainer'],
+            usercertificate=[cert])
+        conn.add_entry(entry_attrs)
     except errors.EmptyModlist:
         pass
     conn.disconnect()

install/restart_scripts/renew_ra_cert

@@ -58,13 +58,15 @@ while attempts < 10:
         conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri)
         conn.connect(ccache=ccache)
         try:
-            (entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate'])
+            entry_attrs = conn.get_entry(dn, ['usercertificate'])
             entry_attrs['usercertificate'] = dercert
-            conn.update_entry(dn, entry_attrs)
+            conn.update_entry(entry_attrs)
         except errors.NotFound:
-            entry_attrs = dict(objectclass=['top', 'pkiuser', 'nscontainer'],
+            entry_attrs = conn.make_entry(
-                                            usercertificate=dercert)
+                dn,
-            conn.add_entry(dn, entry_attrs)
+                objectclass=['top', 'pkiuser', 'nscontainer'],
+                usercertificate=[dercert])
+            conn.add_entry(entry_attrs)
         except errors.EmptyModlist:
             pass
         updated = True

install/tools/ipa-adtrust-install

@@ -118,13 +118,13 @@ def set_and_check_netbios_name(netbios_name, unattended):
     cur_netbios_name = None
     gen_netbios_name = None
     reset_netbios_name = False
-    dom_dn = None
+    entry = None
 
     try:
-        (dom_dn, entry) = api.Backend.ldap2.get_entry(DN(('cn', api.env.domain),
+        entry = api.Backend.ldap2.get_entry(
-                                    api.env.container_cifsdomains,
+            DN(('cn', api.env.domain), api.env.container_cifsdomains,
-                                    ipautil.realm_to_suffix(api.env.realm)),
+               ipautil.realm_to_suffix(api.env.realm)),
-                                    [flat_name_attr])
+            [flat_name_attr])
     except errors.NotFound:
         # trust not configured
         pass
@@ -160,7 +160,7 @@ def set_and_check_netbios_name(netbios_name, unattended):
         if not netbios_name:
             gen_netbios_name = adtrustinstance.make_netbios_name(api.env.domain)
 
-        if dom_dn:
+        if entry is not None:
             # Fix existing trust configuration
             print "Trust is configured but no NetBIOS domain name found, " \
                   "setting it now."

install/tools/ipa-compat-manage

@@ -73,7 +73,7 @@ def get_entry(dn, conn):
     """
     entry = None
     try:
-        (dn, entry) = conn.get_entry(dn)
+        entry = conn.get_entry(dn)
     except errors.NotFound:
         pass
     return entry
@@ -143,8 +143,8 @@ def main():
                             print "Updating Directory Server failed."
                             retval = 1
                     else:
-                        mod = {'nsslapd-pluginenabled': 'on'}
+                        entry['nsslapd-pluginenabled'] = ['on']
-                        conn.update_entry(compat_dn, mod)
+                        conn.update_entry(entry)
             except errors.ExecutionError, lde:
                 print "An error occurred while talking to the server."
                 print lde
@@ -174,8 +174,8 @@ def main():
                     else:
                         print "Disabling plugin"
 
-                        mod = {'nsslapd-pluginenabled': 'off'}
+                        entry['nsslapd-pluginenabled'] = ['off']
-                        conn.update_entry(compat_dn, mod)
+                        conn.update_entry(entry)
                 except errors.DatabaseError, dbe:
                     print "An error occurred while talking to the server."
                     print dbe

install/tools/ipa-nis-manage

@@ -75,7 +75,7 @@ def get_entry(dn, conn):
     """
     entry = None
     try:
-        (dn, entry) = conn.get_entry(dn)
+        entry = conn.get_entry(dn)
     except errors.NotFound:
         pass
     return entry
@@ -165,20 +165,18 @@ def main():
             elif entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
                 print "Enabling plugin"
                 # Already configured, just enable the plugin
-                mod = {'nsslapd-pluginenabled': 'on'}
+                entry['nsslapd-pluginenabled'] = ['on']
-                conn.update_entry(nis_config_dn, mod)
+                conn.update_entry(entry)
             else:
                 print "Plugin already Enabled"
                 retval = 2
 
         elif args[0] == "disable":
             try:
-                mod = {'nsslapd-pluginenabled': 'off'}
+                entry = conn.get_entry(nis_config_dn, ['nsslapd-pluginenabled'])
-                conn.update_entry(nis_config_dn, mod)
+                entry['nsslapd-pluginenabled'] = ['off']
-            except errors.NotFound:
+                conn.update_entry(entry)
-                print "Plugin is already disabled"
+            except (errors.NotFound, errors.EmptyModlist):
-                retval = 2
-            except errors.EmptyModlist:
                 print "Plugin is already disabled"
                 retval = 2
             except errors.LDAPError, lde:

install/tools/ipa-server-install

@@ -561,10 +561,10 @@ def set_subject_in_config(realm_name, dm_password, suffix, subject_base):
         except errors.ExecutionError, e:
             root_logger.critical("Could not connect to the Directory Server on %s" % realm_name)
             raise e
-        (dn, entry_attrs) = conn.get_ipa_config()
+        entry_attrs = conn.get_ipa_config()
         if 'ipacertificatesubjectbase' not in entry_attrs:
-            mod = {'ipacertificatesubjectbase': str(subject_base)}
+            entry_attrs['ipacertificatesubjectbase'] = [str(subject_base)]
-            conn.update_entry(dn, mod)
+            conn.update_entry(entry_attrs)
         conn.disconnect()
 
 

install/tools/ipactl

@@ -137,7 +137,7 @@ def get_config(dirsrv):
         except Exception, e:
             masters_list.append("No master found because of error: %s" % str(e))
         else:
-            for dn, master_entry in entries:
+            for master_entry in entries:
                 masters_list.append(master_entry.single_value['cn'])
 
         masters = "\n".join(masters_list)

ipaserver/install/adtrustinstance.py

@@ -472,7 +472,7 @@ class ADTRUSTInstance(service.Service):
             members = current.get('memberPrincipal', [])
             if not(self.cifs_principal in members):
                 current["memberPrincipal"] = members + [self.cifs_principal]
-                self.admin_conn.update_entry(targets_dn, current)
+                self.admin_conn.update_entry(current)
             else:
                 self.print_msg('cifs principal already targeted, nothing to do.')
         except errors.NotFound:
@@ -503,7 +503,7 @@ class ADTRUSTInstance(service.Service):
                 members = current.get('member', [])
                 if not(self.cifs_agent in members):
                     current["member"] = members + [self.cifs_agent]
-                    self.admin_conn.update_entry(self.smb_dn, current)
+                    self.admin_conn.update_entry(current)
             except errors.NotFound:
                 entry = self.admin_conn.make_entry(
                     self.smb_dn,
@@ -723,7 +723,7 @@ class ADTRUSTInstance(service.Service):
                 lookup_nsswitch = current.get(lookup_nsswitch_name, [])
                 if not(config[1] in lookup_nsswitch):
                     current[lookup_nsswitch_name] = [config[1]]
-                    self.admin_conn.update_entry(entry_dn, current)
+                    self.admin_conn.update_entry(current)
         except Exception, e:
             root_logger.critical("Enabling nsswitch support in slapi-nis failed with error '%s'" % e)
 

ipaserver/install/cainstance.py

@@ -930,21 +930,22 @@ class CAInstance(service.Service):
         decoded = base64.b64decode(self.ra_cert)
 
         entry_dn = DN(('uid', "ipara"), ('ou', 'People'), self.basedn)
-        entry = [
+        entry = conn.make_entry(
-        ('objectClass', ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'cmsuser']),
+            entry_dn,
-        ('uid', "ipara"),
+            objectClass=['top', 'person', 'organizationalPerson',
-        ('sn', "ipara"),
+                         'inetOrgPerson', 'cmsuser'],
-        ('cn', "ipara"),
+            uid=["ipara"],
-        ('usertype', "agentType"),
+            sn=["ipara"],
-        ('userstate', "1"),
+            cn=["ipara"],
-        ('userCertificate', decoded),
+            usertype=["agentType"],
-        ('description', '2;%s;%s;%s' % \
+            userstate=["1"],
-             (str(self.requestId),
+            userCertificate=[decoded],
-              DN(('CN', 'Certificate Authority'), self.subject_base),
+            description=['2;%s;%s;%s' % (
-              DN(('CN', 'IPA RA'), self.subject_base))),
+                str(self.requestId),
-        ]
+                DN(('CN', 'Certificate Authority'), self.subject_base),
+                DN(('CN', 'IPA RA'), self.subject_base))])
 
-        conn.add_entry(entry_dn, entry)
+        conn.add_entry(entry)
 
         dn = DN(('cn', 'Certificate Manager Agents'), ('ou', 'groups'), self.basedn)
         modlist = [(0, 'uniqueMember', '%s' % entry_dn)]
@@ -1764,11 +1765,11 @@ def update_people_entry(uid, dercert):
             conn = ldap2.ldap2(shared_instance=False, ldap_uri=dogtag_uri)
             conn.connect(bind_dn=DN(('cn', 'directory manager')),
                 bind_pw=dm_password)
-            (entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate'])
+            entry_attrs = conn.get_entry(dn, ['usercertificate'])
             entry_attrs['usercertificate'].append(dercert)
             entry_attrs['description'] = '2;%d;%s;%s' % (serial_number, issuer,
                 subject)
-            conn.update_entry(dn, entry_attrs)
+            conn.update_entry(entry_attrs)
             updated = True
             break
         except errors.NetworkError:

ipaserver/install/ipa_replica_prepare.py

@@ -162,7 +162,7 @@ class ReplicaPrepare(admintool.AdminTool):
             conn = ldap2(shared_instance=False, base_dn=suffix)
             conn.connect(bind_dn=DN(('cn', 'directory manager')),
                          bind_pw=self.dirman_password)
-            dn, entry_attrs = conn.get_ipa_config()
+            entry_attrs = conn.get_ipa_config()
             conn.disconnect()
         except errors.ACIError:
             raise admintool.ScriptError("The password provided is incorrect "