IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Use LDAP search instead of *group_show to check if a group exists.

Browse Source 
https://fedorahosted.org/freeipa/ticket/3706
This commit is contained in:
Jan Cholasta 2013-06-25 12:58:37 +00:00 committed by Alexander Bokovoy
parent ab96ca7831
commit 100f13d95b
6 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ipalib/plugins/aci.py
View File

@ -252,7 +252,8 @@ def _make_aci(ldap, current, aciname, kw):
elif group: elif group:
# Not so friendly with groups. This will raise # Not so friendly with groups. This will raise
try: try:
entry_attrs = api.Command['group_show'](kw['group'])['result'] group_dn = api.Object['group'].get_dn_if_exists(kw['group'])
entry_attrs = {'dn': group_dn}
except errors.NotFound: except errors.NotFound:
raise errors.NotFound(reason=_("Group '%s' does not exist") % kw['group']) raise errors.NotFound(reason=_("Group '%s' does not exist") % kw['group'])
@ -269,7 +270,7 @@ def _make_aci(ldap, current, aciname, kw):
a.set_target_attr(kw['attrs']) a.set_target_attr(kw['attrs'])
if valid['memberof']: if valid['memberof']:
try: try:
api.Command['group_show'](kw['memberof']) api.Object['group'].get_dn_if_exists(kw['memberof'])
except errors.NotFound: except errors.NotFound:
api.Object['group'].handle_not_found(kw['memberof']) api.Object['group'].handle_not_found(kw['memberof'])
groupdn = _group_from_memberof(kw['memberof']) groupdn = _group_from_memberof(kw['memberof'])
@ -291,8 +292,8 @@ def _make_aci(ldap, current, aciname, kw):
a.set_target(target) a.set_target(target)
if valid['targetgroup']: if valid['targetgroup']:
# Purposely no try here so we'll raise a NotFound # Purposely no try here so we'll raise a NotFound
entry_attrs = api.Command['group_show'](kw['targetgroup'])['result'] group_dn = api.Object['group'].get_dn_if_exists(kw['targetgroup'])
target = 'ldap:///%s' % entry_attrs['dn'] target = 'ldap:///%s' % group_dn
a.set_target(target) a.set_target(target)
if valid['subtree']: if valid['subtree']:
# See if the subtree is a full URI # See if the subtree is a full URI

5
ipalib/plugins/baseldap.py
View File

@ -493,6 +493,11 @@ class LDAPObject(Object):
assert isinstance(parent_dn, DN) assert isinstance(parent_dn, DN)
return parent_dn return parent_dn
def get_dn_if_exists(self, *keys, **kwargs):
dn = self.get_dn(*keys, **kwargs)
entry = self.backend.get_entry(dn, [''])
return entry.dn
def get_primary_key_from_dn(self, dn): def get_primary_key_from_dn(self, dn):
assert isinstance(dn, DN) assert isinstance(dn, DN)
try: try:

2
ipalib/plugins/config.py
View File

@ -213,7 +213,7 @@ class config_mod(LDAPUpdate):
if 'ipadefaultprimarygroup' in entry_attrs: if 'ipadefaultprimarygroup' in entry_attrs:
group=entry_attrs['ipadefaultprimarygroup'] group=entry_attrs['ipadefaultprimarygroup']
try: try:
api.Command['group_show'](group) api.Object['group'].get_dn_if_exists(group)
except errors.NotFound: except errors.NotFound:
raise errors.NotFound(message=_("The group doesn't exist")) raise errors.NotFound(message=_("The group doesn't exist"))
kw = {} kw = {}

4
ipalib/plugins/hostgroup.py
View File

@ -122,7 +122,7 @@ class hostgroup_add(LDAPCreate):
assert isinstance(dn, DN) assert isinstance(dn, DN)
try: try:
# check duplicity with hostgroups first to provide proper error # check duplicity with hostgroups first to provide proper error
netgroup = api.Command['hostgroup_show'](keys[-1]) api.Object['hostgroup'].get_dn_if_exists(keys[-1])
self.obj.handle_duplicate_entry(*keys) self.obj.handle_duplicate_entry(*keys)
except errors.NotFound: except errors.NotFound:
pass pass
@ -130,7 +130,7 @@ class hostgroup_add(LDAPCreate):
try: try:
# when enabled, a managed netgroup is created for every hostgroup # when enabled, a managed netgroup is created for every hostgroup
# make sure that the netgroup can be created # make sure that the netgroup can be created
netgroup = api.Command['netgroup_show'](keys[-1]) api.Object['netgroup'].get_dn_if_exists(keys[-1])
raise errors.DuplicateEntry(message=unicode(_(\ raise errors.DuplicateEntry(message=unicode(_(\
u'netgroup with name "%s" already exists. ' \ u'netgroup with name "%s" already exists. ' \
u'Hostgroups and netgroups share a common namespace'\ u'Hostgroups and netgroups share a common namespace'\

2
ipalib/plugins/netgroup.py
View File

@ -179,7 +179,7 @@ class netgroup_add(LDAPCreate):
# when enabled, a managed netgroup is created for every hostgroup # when enabled, a managed netgroup is created for every hostgroup
# make sure that we don't create a collision if the plugin is # make sure that we don't create a collision if the plugin is
# (temporarily) disabled # (temporarily) disabled
netgroup = api.Command['hostgroup_show'](keys[-1]) api.Object['hostgroup'].get_dn_if_exists(keys[-1])
raise errors.DuplicateEntry(message=unicode(self.msg_collision % keys[-1])) raise errors.DuplicateEntry(message=unicode(self.msg_collision % keys[-1]))
except errors.NotFound: except errors.NotFound:
pass pass

2
ipalib/plugins/user.py
View File

@ -451,7 +451,7 @@ class user_add(LDAPCreate):
# The Managed Entries plugin will allow a user to be created # The Managed Entries plugin will allow a user to be created
# even if a group has a duplicate name. This would leave a user # even if a group has a duplicate name. This would leave a user
# without a private group. Check for both the group and the user. # without a private group. Check for both the group and the user.
self.api.Command['group_show'](keys[-1]) self.api.Object['group'].get_dn_if_exists(keys[-1])
try: try:
self.api.Command['user_show'](keys[-1]) self.api.Command['user_show'](keys[-1])
self.obj.handle_duplicate_entry(*keys) self.obj.handle_duplicate_entry(*keys)