Make python-ldap optional for PyPI packages

python-ldap is a Python package with heavy C extensions. In order to build python-ldap, not only OpenLDAP development headers are necessary, but also OpenSSL, Cyrus SASL, and MIT KRB5 development headers. A fully functional ipaclient doesn't need an LDAP driver. It talks JSON RPC over HTTPS to a server. python-ldap is only used by ipapython.dn.DN to convert a string to a DN with ldap_str2dn(). The function is simple and can be wrapped with ctypes in a bunch of lines. Related: https://pagure.io/freeipa/issue/6468 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-04-08 08:05:52 +02:00
parent c314411130
commit 2a459ce0f2
8 changed files with 243 additions and 12 deletions
--- a/ipatests/test_ipapython/test_dn.py
+++ b/ipatests/test_ipapython/test_dn.py
@@ -1,3 +1,4 @@
+
 import contextlib
 import unittest
 import pytest
@@ -5,7 +6,9 @@ import pytest
 from cryptography import x509
 import six

-from ipapython.dn import DN, RDN, AVA
+from ipapython.dn import DN, RDN, AVA, str2dn, dn2str, DECODING_ERROR
+from ipapython import dn_ctypes
+

 if six.PY3:
    unicode = str
@@ -1345,5 +1348,58 @@ class TestInternationalization(unittest.TestCase):
            self.assertEqual(str(dn1), b'cn=' + self.arabic_hello_utf8)


+# 1: LDAP_AVA_STRING
+# 4: LDAP_AVA_NONPRINTABLE
+@pytest.mark.parametrize(
+    'dnstring,expected',
+    [
+        ('', []),
+        ('cn=bob', [[('cn', 'bob', 1)]]),
+        ('cn=Bob', [[('cn', 'Bob', 1)]]),
+        (u'cn=b\xf6b', [[('cn', u'b\xf6b', 4)]]),
+        ('cn=bob,sn=builder', [[('cn', 'bob', 1)], [('sn', 'builder', 1)]]),
+        (u'cn=b\xf6b,sn=builder', [
+            [('cn', u'b\xf6b', 4)], [('sn', 'builder', 1)]
+        ]),
+        ('cn=bob+sn=builder', [[('cn', 'bob', 1), ('sn', 'builder', 1)]]),
+        ('dc=ipa,dc=example', [[('dc', 'ipa', 1)], [('dc', 'example', 1)]]),
+        ('cn=R\\,W privilege', [[('cn', 'R,W privilege', 1)]]),
+    ]
+)
+def test_str2dn2str(dnstring, expected):
+    dn = str2dn(dnstring)
+    assert dn == expected
+    assert dn2str(dn) == dnstring
+    assert dn_ctypes.str2dn(dnstring) == dn
+    assert dn_ctypes.dn2str(dn) == dnstring
+
+
+@pytest.mark.parametrize(
+    'dnstring',
+    [
+        'cn',
+        'cn=foo,',
+        'cn=foo+bar',
+    ]
+)
+def test_str2dn_errors(dnstring):
+    with pytest.raises(DECODING_ERROR):
+        str2dn(dnstring)
+    with pytest.raises(dn_ctypes.DECODING_ERROR):
+        dn_ctypes.str2dn(dnstring)
+
+
+def test_dn2str_special():
+    dnstring = 'cn=R\\2cW privilege'
+    dnstring2 = 'cn=R\\,W privilege'
+    expected = [[('cn', 'R,W privilege', 1)]]
+
+    dn = str2dn(dnstring)
+    assert dn == expected
+    assert dn2str(dn) == dnstring2
+    assert dn_ctypes.str2dn(dnstring) == dn
+    assert dn_ctypes.dn2str(dn) == dnstring2
+
+
 if __name__ == '__main__':
    unittest.main()