diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index 5cab8b864..3f10c9003 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -135,7 +135,7 @@ class CSReplicationManager(replication.ReplicationManager): try: cn="%sAgreement1-%s-%s" % (master, host, instance_name) dn = DN(('cn', cn), self.replica_dn()) - self.conn.getEntry(dn, ldap.SCOPE_BASE) + self.conn.get_entry(dn) return (cn, dn) except errors.NotFound: dn = None @@ -156,7 +156,7 @@ class CSReplicationManager(replication.ReplicationManager): def has_ipaca(self): try: - entry = self.conn.getEntry(self.suffix, ldap.SCOPE_BASE) + entry = self.conn.get_entry(self.suffix) except errors.NotFound: return False else: @@ -216,7 +216,7 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose): for ent in entries: try: cadn = DN(('cn', 'CA'), DN(ent.dn)) - entry = conn.getEntry(cadn, ldap.SCOPE_BASE) + entry = conn.get_entry(cadn) peers[ent.single_value('cn')] = ['master', ''] except errors.NotFound: peers[ent.single_value('cn')] = ['CA not configured', ''] diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries index 11deb63c3..b7dbdb9d3 100755 --- a/install/tools/ipa-managed-entries +++ b/install/tools/ipa-managed-entries @@ -143,11 +143,8 @@ def main(): disabled = True try: - entry = conn.getEntry(def_dn, - ldap.SCOPE_BASE, - filter, - ['originfilter'], - ) + [entry] = conn.get_entries(def_dn, ldap.SCOPE_BASE, + filter, ['originfilter']) disable_attr = '(objectclass=disable)' try: org_filter = entry.single_value('originfilter', None) diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index c542c0757..585d40c65 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -765,12 +765,12 @@ def add_link(realm, replica1, replica2, dirman_passwd, options): master1_dn = DN(('cn', replica1), masters_dn) master2_dn = DN(('cn', replica2), masters_dn) - repl1.conn.getEntry(master1_dn, ldap.SCOPE_BASE) - repl1.conn.getEntry(master2_dn, ldap.SCOPE_BASE) + repl1.conn.get_entry(master1_dn) + repl1.conn.get_entry(master2_dn) repl2 = replication.ReplicationManager(realm, replica2, dirman_passwd) - repl2.conn.getEntry(master1_dn, ldap.SCOPE_BASE) - repl2.conn.getEntry(master2_dn, ldap.SCOPE_BASE) + repl2.conn.get_entry(master1_dn) + repl2.conn.get_entry(master2_dn) except errors.NotFound: standard_logging_setup(console_format='%(message)s') diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 361587d08..c1121bd22 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -158,8 +158,7 @@ class ADTRUSTInstance(service.Service): admin_group_dn = DN(('cn', 'admins'), api.env.container_group, self.suffix) try: - dom_entry = self.admin_conn.getEntry(self.smb_dom_dn, \ - ldap.SCOPE_BASE) + dom_entry = self.admin_conn.get_entry(self.smb_dom_dn) except errors.NotFound: self.print_msg("Samba domain object not found") return @@ -170,14 +169,13 @@ class ADTRUSTInstance(service.Service): return try: - admin_entry = self.admin_conn.getEntry(admin_dn, ldap.SCOPE_BASE) + admin_entry = self.admin_conn.get_entry(admin_dn) except: self.print_msg("IPA admin object not found") return try: - admin_group_entry = self.admin_conn.getEntry(admin_group_dn, \ - ldap.SCOPE_BASE) + admin_group_entry = self.admin_conn.get_entry(admin_group_dn) except: self.print_msg("IPA admin group object not found") return @@ -218,8 +216,7 @@ class ADTRUSTInstance(service.Service): self.ldap_connect() try: - dom_entry = self.admin_conn.getEntry(self.smb_dom_dn, \ - ldap.SCOPE_BASE) + dom_entry = self.admin_conn.get_entry(self.smb_dom_dn) except errors.NotFound: self.print_msg("Samba domain object not found") return @@ -231,7 +228,7 @@ class ADTRUSTInstance(service.Service): fb_group_dn = DN(('cn', self.FALLBACK_GROUP_NAME), api.env.container_group, self.suffix) try: - self.admin_conn.getEntry(fb_group_dn, ldap.SCOPE_BASE) + self.admin_conn.get_entry(fb_group_dn) except errors.NotFound: try: self._ldap_mod('default-smb-group.ldif', self.sub_dict) @@ -242,7 +239,7 @@ class ADTRUSTInstance(service.Service): # _ldap_mod does not return useful error codes, so we must check again # if the fallback group was created properly. try: - self.admin_conn.getEntry(fb_group_dn, ldap.SCOPE_BASE) + self.admin_conn.get_entry(fb_group_dn) except errors.NotFound: self.print_msg("Failed to add fallback group.") return @@ -310,7 +307,7 @@ class ADTRUSTInstance(service.Service): def __create_samba_domain_object(self): try: - self.admin_conn.getEntry(self.smb_dom_dn, ldap.SCOPE_BASE) + self.admin_conn.get_entry(self.smb_dom_dn) if self.reset_netbios_name: self.__reset_netbios_name() else : @@ -323,7 +320,7 @@ class ADTRUSTInstance(service.Service): DN(('cn', 'ad'), self.trust_dn), \ DN(api.env.container_cifsdomains, self.suffix)): try: - self.admin_conn.getEntry(new_dn, ldap.SCOPE_BASE) + self.admin_conn.get_entry(new_dn) except errors.NotFound: try: name = new_dn[1].attr @@ -365,7 +362,7 @@ class ADTRUSTInstance(service.Service): try: plugin_dn = DN(('cn', plugin_cn), ('cn', 'plugins'), ('cn', 'config')) - self.admin_conn.getEntry(plugin_dn, ldap.SCOPE_BASE) + self.admin_conn.get_entry(plugin_dn) self.print_msg('%s plugin already configured, nothing to do' % name) except errors.NotFound: try: @@ -713,8 +710,8 @@ class ADTRUSTInstance(service.Service): return try: - entry = self.admin_conn.getEntry(DN(('cn', 'admins'), api.env.container_group, self.suffix), - ldap.SCOPE_BASE) + entry = self.admin_conn.get_entry( + DN(('cn', 'admins'), api.env.container_group, self.suffix)) except errors.NotFound: raise ValueError("No local ID range and no admins group found.\n" \ "Add local ID range manually and try again!") diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index de902437f..272e0af72 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -832,7 +832,7 @@ class DsInstance(service.Service): dn = DN(('cn', 'default'), ('ou', 'profile'), self.suffix) try: - entry = self.admin_conn.getEntry(dn, ldap.SCOPE_BASE, '(objectclass=*)') + entry = self.admin_conn.get_entry(dn) srvlist = entry.single_value('defaultServerList', '') srvlist = srvlist.split() if not self.fqdn in srvlist: diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 26de08d46..2380d55f6 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -103,7 +103,7 @@ class KrbInstance(service.Service): """ service_dn = DN(('krbprincipalname', principal), self.get_realm_suffix()) - service_entry = self.admin_conn.getEntry(service_dn, ldap.SCOPE_BASE) + service_entry = self.admin_conn.get_entry(service_dn) self.admin_conn.delete_entry(service_entry) # Create a host entry for this master @@ -359,8 +359,10 @@ class KrbInstance(service.Service): def __write_stash_from_ds(self): try: - entry = self.admin_conn.getEntry(self.get_realm_suffix(), - ldap.SCOPE_SUBTREE) + entries = self.admin_conn.get_entries(self.get_realm_suffix(), + ldap.SCOPE_SUBTREE) + # TODO: Ensure we got only one entry + entry = entries[0] except errors.NotFound, e: root_logger.critical("Could not find master key in DS") raise e diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index 25ff49abd..2f2e7debe 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -450,7 +450,7 @@ class LDAPUpdate: while True: try: - entry = self.conn.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist) + entry = self.conn.get_entry(dn, attrlist) except errors.NotFound, e: self.error("Task not found: %s", dn) return diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 1bd74b7b2..538cf92cf 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -100,8 +100,9 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd): conn.do_simple_bind(bindpw=dirman_passwd) else: conn.do_sasl_gssapi_bind() - entry = conn.getEntry(DN(('cn', 'IPA Version Replication'), ('cn', 'plugins'), ('cn', 'config')), - ldap.SCOPE_BASE, 'objectclass=*') + entry = conn.get_entry(DN(('cn', 'IPA Version Replication'), + ('cn', 'plugins'), + ('cn', 'config'))) if entry.single_value('nsslapd-pluginenabled', None) == 'off': conn.modify_s(entry.dn, [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'on')]) conn.unbind() @@ -179,7 +180,7 @@ class ReplicationManager(object): dn = self.replica_dn() assert isinstance(dn, DN) try: - replica = conn.getEntry(dn, ldap.SCOPE_BASE, "objectclass=*") + replica = conn.get_entry(dn) except errors.NotFound: pass else: @@ -191,7 +192,7 @@ class ReplicationManager(object): retval = -1 dn = DN(('cn','replication'),('cn','etc'), self.suffix) try: - replica = master_conn.getEntry(dn, ldap.SCOPE_BASE, "objectclass=*") + replica = master_conn.get_entry(dn) except errors.NotFound: root_logger.debug("Unable to retrieve nsDS5ReplicaId from remote server") raise @@ -350,7 +351,7 @@ class ReplicationManager(object): assert isinstance(dn, DN) try: - entry = conn.getEntry(dn, ldap.SCOPE_BASE) + entry = conn.get_entry(dn) managers = entry.get('nsDS5ReplicaBindDN') for m in managers: if replica_binddn == DN(m): @@ -445,22 +446,26 @@ class ReplicationManager(object): def get_mapping_tree_entry(self): try: - entry = self.conn.getEntry(DN(('cn', 'mapping tree'), ('cn', 'config')), ldap.SCOPE_ONELEVEL, - "(cn=\"%s\")" % (self.suffix)) + entries = self.conn.get_entries( + DN(('cn', 'mapping tree'), ('cn', 'config')), + ldap.SCOPE_ONELEVEL, + "(cn=\"%s\")" % (self.suffix)) + # TODO: Check we got only one entry + return entries[0] except errors.NotFound: root_logger.debug( "failed to find mapping tree entry for %s", self.suffix) raise - return entry - def enable_chain_on_update(self, bename): mtent = self.get_mapping_tree_entry() dn = mtent.dn - plgent = self.conn.getEntry(DN(('cn', 'Multimaster Replication Plugin'), ('cn', 'plugins'), ('cn', 'config')), - ldap.SCOPE_BASE, "(objectclass=*)", ['nsslapd-pluginPath']) + plgent = self.conn.get_entry( + DN(('cn', 'Multimaster Replication Plugin'), ('cn', 'plugins'), + ('cn', 'config')), + ['nsslapd-pluginPath']) path = plgent.single_value('nsslapd-pluginPath', None) mod = [(ldap.MOD_REPLACE, 'nsslapd-state', 'backend'), @@ -481,7 +486,7 @@ class ReplicationManager(object): pass_dn = DN(('uid', 'passsync'), ('cn', 'sysaccounts'), ('cn', 'etc'), self.suffix) print "The user for the Windows PassSync service is %s" % pass_dn try: - conn.getEntry(pass_dn, ldap.SCOPE_BASE) + conn.get_entry(pass_dn) print "Windows PassSync entry exists, not resetting password" return except errors.NotFound: @@ -498,7 +503,7 @@ class ReplicationManager(object): # Add it to the list of users allowed to bypass password policy extop_dn = DN(('cn', 'ipa_pwd_extop'), ('cn', 'plugins'), ('cn', 'config')) - entry = conn.getEntry(extop_dn, ldap.SCOPE_BASE) + entry = conn.get_entry(extop_dn) pass_mgrs = entry.get('passSyncManagersDNs') if not pass_mgrs: pass_mgrs = [] @@ -557,7 +562,7 @@ class ReplicationManager(object): cn, dn = self.agreement_dn(b_hostname, master=master) try: - a_conn.getEntry(dn, ldap.SCOPE_BASE) + a_conn.get_entry(dn) return except errors.NotFound: pass @@ -756,7 +761,7 @@ class ReplicationManager(object): 'nsds5ReplicaLastInitStatus', 'nsds5ReplicaLastInitStart', 'nsds5ReplicaLastInitEnd'] - entry = conn.getEntry(agmtdn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist) + entry = conn.get_entry(agmtdn, attrlist) if not entry: print "Error reading status from agreement", agmtdn hasError = 1 @@ -793,7 +798,7 @@ class ReplicationManager(object): attrlist = ['cn', 'nsds5replicaUpdateInProgress', 'nsds5ReplicaLastUpdateStatus', 'nsds5ReplicaLastUpdateStart', 'nsds5ReplicaLastUpdateEnd'] - entry = conn.getEntry(agmtdn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist) + entry = conn.get_entry(agmtdn, attrlist) if not entry: print "Error reading status from agreement", agmtdn hasError = 1 @@ -1066,7 +1071,7 @@ class ReplicationManager(object): def get_agreement_type(self, hostname): cn, dn = self.agreement_dn(hostname) - entry = self.conn.getEntry(dn, ldap.SCOPE_BASE) + entry = self.conn.get_entry(dn) objectclass = entry.get("objectclass") @@ -1165,7 +1170,7 @@ class ReplicationManager(object): try: dn = DN(('cn', 'default'), ('ou', 'profile'), self.suffix) - ret = self.conn.getEntry(dn, ldap.SCOPE_BASE, '(objectclass=*)') + ret = self.conn.get_entry(dn) srvlist = ret.single_value('defaultServerList', '') srvlist = srvlist[0].split() if replica in srvlist: diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 39771887e..cc5bb877f 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -188,7 +188,7 @@ class Service(object): dn = DN(('krbprincipalname', principal), ('cn', self.realm), ('cn', 'kerberos'), self.suffix) try: - entry = self.admin_conn.getEntry(dn, ldap.SCOPE_BASE) + entry = self.admin_conn.get_entry(dn) except errors.NotFound: # There is no service in the wrong location, nothing to do. # This can happen when installing a replica diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index 00dff18f6..b4d0a5d9a 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -1621,17 +1621,6 @@ class IPAdmin(LDAPClient): self.__bind_with_wait( self.sasl_interactive_bind_s, timeout, None, auth_tokens) - def getEntry(self, base, scope, filterstr='(objectClass=*)', - attrlist=None): - # FIXME: for backwards compatibility only - result, truncated = self.find_entries( - filter=filterstr, - attrs_list=attrlist, - base_dn=base, - scope=scope, - ) - return result[0] - def updateEntry(self,dn,oldentry,newentry): # FIXME: for backwards compatibility only """This wraps the mod function. It assumes that the entry is already @@ -1728,7 +1717,6 @@ class IPAdmin(LDAPClient): return True def waitForEntry(self, dn, timeout=7200, attr='', quiet=True): - scope = ldap.SCOPE_BASE filter = "(objectclass=*)" attrlist = [] if attr: @@ -1747,10 +1735,11 @@ class IPAdmin(LDAPClient): entry = None while not entry and int(time.time()) < timeout: try: - entry = self.getEntry(dn, scope, filter, attrlist) - except ldap.NO_SUCH_OBJECT: - pass # no entry yet - except ldap.LDAPError, e: # badness + [entry] = self.get_entries( + dn, ldap.SCOPE_BASE, filter, attrlist) + except errors.NotFound: + pass # no entry yet + except Exception, e: # badness print "\nError reading entry", dn, e break if not entry: