replace getEntry with get_entry (or get_entries if scope != SCOPE_BASE)

Part of the work for: https://fedorahosted.org/freeipa/ticket/2660

install/tools/ipa-csreplica-manage

@@ -135,7 +135,7 @@ class CSReplicationManager(replication.ReplicationManager):
                 try:
                     cn="%sAgreement1-%s-%s" % (master, host, instance_name)
                     dn = DN(('cn', cn), self.replica_dn())
-                    self.conn.getEntry(dn, ldap.SCOPE_BASE)
+                    self.conn.get_entry(dn)
                     return (cn, dn)
                 except errors.NotFound:
                     dn = None
@@ -156,7 +156,7 @@ class CSReplicationManager(replication.ReplicationManager):
 
     def has_ipaca(self):
         try:
-            entry = self.conn.getEntry(self.suffix, ldap.SCOPE_BASE)
+            entry = self.conn.get_entry(self.suffix)
         except errors.NotFound:
             return False
         else:
@@ -216,7 +216,7 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose):
         for ent in entries:
             try:
                 cadn = DN(('cn', 'CA'), DN(ent.dn))
-                entry = conn.getEntry(cadn, ldap.SCOPE_BASE)
+                entry = conn.get_entry(cadn)
                 peers[ent.single_value('cn')] = ['master', '']
             except errors.NotFound:
                 peers[ent.single_value('cn')] = ['CA not configured', '']

install/tools/ipa-managed-entries

@@ -143,11 +143,8 @@ def main():
 
         disabled = True
         try:
-            entry = conn.getEntry(def_dn,
+            [entry] = conn.get_entries(def_dn, ldap.SCOPE_BASE,
-                ldap.SCOPE_BASE,
+                                       filter, ['originfilter'])
-                filter,
-                ['originfilter'],
-            )
             disable_attr = '(objectclass=disable)'
             try:
                 org_filter = entry.single_value('originfilter', None)

install/tools/ipa-replica-manage

@@ -765,12 +765,12 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
             master1_dn = DN(('cn', replica1), masters_dn)
             master2_dn = DN(('cn', replica2), masters_dn)
 
-            repl1.conn.getEntry(master1_dn, ldap.SCOPE_BASE)
+            repl1.conn.get_entry(master1_dn)
-            repl1.conn.getEntry(master2_dn, ldap.SCOPE_BASE)
+            repl1.conn.get_entry(master2_dn)
 
             repl2 = replication.ReplicationManager(realm, replica2, dirman_passwd)
-            repl2.conn.getEntry(master1_dn, ldap.SCOPE_BASE)
+            repl2.conn.get_entry(master1_dn)
-            repl2.conn.getEntry(master2_dn, ldap.SCOPE_BASE)
+            repl2.conn.get_entry(master2_dn)
 
         except errors.NotFound:
             standard_logging_setup(console_format='%(message)s')

ipaserver/install/adtrustinstance.py

@@ -158,8 +158,7 @@ class ADTRUSTInstance(service.Service):
         admin_group_dn = DN(('cn', 'admins'), api.env.container_group,
                             self.suffix)
         try:
-            dom_entry = self.admin_conn.getEntry(self.smb_dom_dn, \
+            dom_entry = self.admin_conn.get_entry(self.smb_dom_dn)
-                                                 ldap.SCOPE_BASE)
         except errors.NotFound:
             self.print_msg("Samba domain object not found")
             return
@@ -170,14 +169,13 @@ class ADTRUSTInstance(service.Service):
             return
 
         try:
-            admin_entry = self.admin_conn.getEntry(admin_dn, ldap.SCOPE_BASE)
+            admin_entry = self.admin_conn.get_entry(admin_dn)
         except:
             self.print_msg("IPA admin object not found")
             return
 
         try:
-            admin_group_entry = self.admin_conn.getEntry(admin_group_dn, \
+            admin_group_entry = self.admin_conn.get_entry(admin_group_dn)
-                                                         ldap.SCOPE_BASE)
         except:
             self.print_msg("IPA admin group object not found")
             return
@@ -218,8 +216,7 @@ class ADTRUSTInstance(service.Service):
         self.ldap_connect()
 
         try:
-            dom_entry = self.admin_conn.getEntry(self.smb_dom_dn, \
+            dom_entry = self.admin_conn.get_entry(self.smb_dom_dn)
-                                                 ldap.SCOPE_BASE)
         except errors.NotFound:
             self.print_msg("Samba domain object not found")
             return
@@ -231,7 +228,7 @@ class ADTRUSTInstance(service.Service):
         fb_group_dn = DN(('cn', self.FALLBACK_GROUP_NAME),
                          api.env.container_group, self.suffix)
         try:
-            self.admin_conn.getEntry(fb_group_dn, ldap.SCOPE_BASE)
+            self.admin_conn.get_entry(fb_group_dn)
         except errors.NotFound:
             try:
                 self._ldap_mod('default-smb-group.ldif', self.sub_dict)
@@ -242,7 +239,7 @@ class ADTRUSTInstance(service.Service):
         # _ldap_mod does not return useful error codes, so we must check again
         # if the fallback group was created properly.
         try:
-            self.admin_conn.getEntry(fb_group_dn, ldap.SCOPE_BASE)
+            self.admin_conn.get_entry(fb_group_dn)
         except errors.NotFound:
             self.print_msg("Failed to add fallback group.")
             return
@@ -310,7 +307,7 @@ class ADTRUSTInstance(service.Service):
     def __create_samba_domain_object(self):
 
         try:
-            self.admin_conn.getEntry(self.smb_dom_dn, ldap.SCOPE_BASE)
+            self.admin_conn.get_entry(self.smb_dom_dn)
             if self.reset_netbios_name:
                 self.__reset_netbios_name()
             else :
@@ -323,7 +320,7 @@ class ADTRUSTInstance(service.Service):
                        DN(('cn', 'ad'), self.trust_dn), \
                        DN(api.env.container_cifsdomains, self.suffix)):
             try:
-                self.admin_conn.getEntry(new_dn, ldap.SCOPE_BASE)
+                self.admin_conn.get_entry(new_dn)
             except errors.NotFound:
                 try:
                     name = new_dn[1].attr
@@ -365,7 +362,7 @@ class ADTRUSTInstance(service.Service):
         try:
             plugin_dn = DN(('cn', plugin_cn), ('cn', 'plugins'),
                            ('cn', 'config'))
-            self.admin_conn.getEntry(plugin_dn, ldap.SCOPE_BASE)
+            self.admin_conn.get_entry(plugin_dn)
             self.print_msg('%s plugin already configured, nothing to do' % name)
         except errors.NotFound:
             try:
@@ -713,8 +710,8 @@ class ADTRUSTInstance(service.Service):
             return
 
         try:
-            entry = self.admin_conn.getEntry(DN(('cn', 'admins'), api.env.container_group, self.suffix),
+            entry = self.admin_conn.get_entry(
-                                             ldap.SCOPE_BASE)
+                DN(('cn', 'admins'), api.env.container_group, self.suffix))
         except errors.NotFound:
             raise ValueError("No local ID range and no admins group found.\n" \
                              "Add local ID range manually and try again!")

ipaserver/install/dsinstance.py

@@ -832,7 +832,7 @@ class DsInstance(service.Service):
 
         dn = DN(('cn', 'default'), ('ou', 'profile'), self.suffix)
         try:
-            entry = self.admin_conn.getEntry(dn, ldap.SCOPE_BASE, '(objectclass=*)')
+            entry = self.admin_conn.get_entry(dn)
             srvlist = entry.single_value('defaultServerList', '')
             srvlist = srvlist.split()
             if not self.fqdn in srvlist:

ipaserver/install/krbinstance.py

@@ -103,7 +103,7 @@ class KrbInstance(service.Service):
         """
 
         service_dn = DN(('krbprincipalname', principal), self.get_realm_suffix())
-        service_entry = self.admin_conn.getEntry(service_dn, ldap.SCOPE_BASE)
+        service_entry = self.admin_conn.get_entry(service_dn)
         self.admin_conn.delete_entry(service_entry)
 
         # Create a host entry for this master
@@ -359,8 +359,10 @@ class KrbInstance(service.Service):
 
     def __write_stash_from_ds(self):
         try:
-            entry = self.admin_conn.getEntry(self.get_realm_suffix(),
+            entries = self.admin_conn.get_entries(self.get_realm_suffix(),
-                                             ldap.SCOPE_SUBTREE)
+                                                  ldap.SCOPE_SUBTREE)
+            # TODO: Ensure we got only one entry
+            entry = entries[0]
         except errors.NotFound, e:
             root_logger.critical("Could not find master key in DS")
             raise e

ipaserver/install/ldapupdate.py

@@ -450,7 +450,7 @@ class LDAPUpdate:
 
         while True:
             try:
-                entry = self.conn.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist)
+                entry = self.conn.get_entry(dn, attrlist)
             except errors.NotFound, e:
                 self.error("Task not found: %s", dn)
                 return

ipaserver/install/replication.py

@@ -100,8 +100,9 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd):
         conn.do_simple_bind(bindpw=dirman_passwd)
     else:
         conn.do_sasl_gssapi_bind()
-    entry = conn.getEntry(DN(('cn', 'IPA Version Replication'), ('cn', 'plugins'), ('cn', 'config')),
+    entry = conn.get_entry(DN(('cn', 'IPA Version Replication'),
-                          ldap.SCOPE_BASE, 'objectclass=*')
+                              ('cn', 'plugins'),
+                              ('cn', 'config')))
     if entry.single_value('nsslapd-pluginenabled', None) == 'off':
         conn.modify_s(entry.dn, [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'on')])
         conn.unbind()
@@ -179,7 +180,7 @@ class ReplicationManager(object):
         dn = self.replica_dn()
         assert isinstance(dn, DN)
         try:
-            replica = conn.getEntry(dn, ldap.SCOPE_BASE, "objectclass=*")
+            replica = conn.get_entry(dn)
         except errors.NotFound:
             pass
         else:
@@ -191,7 +192,7 @@ class ReplicationManager(object):
         retval = -1
         dn = DN(('cn','replication'),('cn','etc'), self.suffix)
         try:
-            replica = master_conn.getEntry(dn, ldap.SCOPE_BASE, "objectclass=*")
+            replica = master_conn.get_entry(dn)
         except errors.NotFound:
             root_logger.debug("Unable to retrieve nsDS5ReplicaId from remote server")
             raise
@@ -350,7 +351,7 @@ class ReplicationManager(object):
         assert isinstance(dn, DN)
 
         try:
-            entry = conn.getEntry(dn, ldap.SCOPE_BASE)
+            entry = conn.get_entry(dn)
             managers = entry.get('nsDS5ReplicaBindDN')
             for m in managers:
                 if replica_binddn == DN(m):
@@ -445,22 +446,26 @@ class ReplicationManager(object):
 
     def get_mapping_tree_entry(self):
         try:
-            entry = self.conn.getEntry(DN(('cn', 'mapping tree'), ('cn', 'config')), ldap.SCOPE_ONELEVEL,
+            entries = self.conn.get_entries(
-                                       "(cn=\"%s\")" % (self.suffix))
+                DN(('cn', 'mapping tree'), ('cn', 'config')),
+                ldap.SCOPE_ONELEVEL,
+                "(cn=\"%s\")" % (self.suffix))
+            # TODO: Check we got only one entry
+            return entries[0]
         except errors.NotFound:
             root_logger.debug(
                 "failed to find mapping tree entry for %s", self.suffix)
             raise
 
-        return entry
-
 
     def enable_chain_on_update(self, bename):
         mtent = self.get_mapping_tree_entry()
         dn = mtent.dn
 
-        plgent = self.conn.getEntry(DN(('cn', 'Multimaster Replication Plugin'), ('cn', 'plugins'), ('cn', 'config')),
+        plgent = self.conn.get_entry(
-                                    ldap.SCOPE_BASE, "(objectclass=*)", ['nsslapd-pluginPath'])
+            DN(('cn', 'Multimaster Replication Plugin'), ('cn', 'plugins'),
+               ('cn', 'config')),
+            ['nsslapd-pluginPath'])
         path = plgent.single_value('nsslapd-pluginPath', None)
 
         mod = [(ldap.MOD_REPLACE, 'nsslapd-state', 'backend'),
@@ -481,7 +486,7 @@ class ReplicationManager(object):
         pass_dn = DN(('uid', 'passsync'), ('cn', 'sysaccounts'), ('cn', 'etc'), self.suffix)
         print "The user for the Windows PassSync service is %s" % pass_dn
         try:
-            conn.getEntry(pass_dn, ldap.SCOPE_BASE)
+            conn.get_entry(pass_dn)
             print "Windows PassSync entry exists, not resetting password"
             return
         except errors.NotFound:
@@ -498,7 +503,7 @@ class ReplicationManager(object):
 
         # Add it to the list of users allowed to bypass password policy
         extop_dn = DN(('cn', 'ipa_pwd_extop'), ('cn', 'plugins'), ('cn', 'config'))
-        entry = conn.getEntry(extop_dn, ldap.SCOPE_BASE)
+        entry = conn.get_entry(extop_dn)
         pass_mgrs = entry.get('passSyncManagersDNs')
         if not pass_mgrs:
             pass_mgrs = []
@@ -557,7 +562,7 @@ class ReplicationManager(object):
 
         cn, dn = self.agreement_dn(b_hostname, master=master)
         try:
-            a_conn.getEntry(dn, ldap.SCOPE_BASE)
+            a_conn.get_entry(dn)
             return
         except errors.NotFound:
             pass
@@ -756,7 +761,7 @@ class ReplicationManager(object):
                     'nsds5ReplicaLastInitStatus',
                     'nsds5ReplicaLastInitStart',
                     'nsds5ReplicaLastInitEnd']
-        entry = conn.getEntry(agmtdn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist)
+        entry = conn.get_entry(agmtdn, attrlist)
         if not entry:
             print "Error reading status from agreement", agmtdn
             hasError = 1
@@ -793,7 +798,7 @@ class ReplicationManager(object):
         attrlist = ['cn', 'nsds5replicaUpdateInProgress',
                     'nsds5ReplicaLastUpdateStatus', 'nsds5ReplicaLastUpdateStart',
                     'nsds5ReplicaLastUpdateEnd']
-        entry = conn.getEntry(agmtdn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist)
+        entry = conn.get_entry(agmtdn, attrlist)
         if not entry:
             print "Error reading status from agreement", agmtdn
             hasError = 1
@@ -1066,7 +1071,7 @@ class ReplicationManager(object):
     def get_agreement_type(self, hostname):
         cn, dn = self.agreement_dn(hostname)
 
-        entry = self.conn.getEntry(dn, ldap.SCOPE_BASE)
+        entry = self.conn.get_entry(dn)
 
         objectclass = entry.get("objectclass")
 
@@ -1165,7 +1170,7 @@ class ReplicationManager(object):
 
         try:
             dn = DN(('cn', 'default'), ('ou', 'profile'), self.suffix)
-            ret = self.conn.getEntry(dn, ldap.SCOPE_BASE, '(objectclass=*)')
+            ret = self.conn.get_entry(dn)
             srvlist = ret.single_value('defaultServerList', '')
             srvlist = srvlist[0].split()
             if replica in srvlist:

ipaserver/install/service.py

@@ -188,7 +188,7 @@ class Service(object):
 
         dn = DN(('krbprincipalname', principal), ('cn', self.realm), ('cn', 'kerberos'), self.suffix)
         try:
-            entry = self.admin_conn.getEntry(dn, ldap.SCOPE_BASE)
+            entry = self.admin_conn.get_entry(dn)
         except errors.NotFound:
             # There is no service in the wrong location, nothing to do.
             # This can happen when installing a replica

ipaserver/ipaldap.py

@@ -1621,17 +1621,6 @@ class IPAdmin(LDAPClient):
         self.__bind_with_wait(
             self.sasl_interactive_bind_s, timeout, None, auth_tokens)
 
-    def getEntry(self, base, scope, filterstr='(objectClass=*)',
-                 attrlist=None):
-        # FIXME: for backwards compatibility only
-        result, truncated = self.find_entries(
-            filter=filterstr,
-            attrs_list=attrlist,
-            base_dn=base,
-            scope=scope,
-        )
-        return result[0]
-
     def updateEntry(self,dn,oldentry,newentry):
         # FIXME: for backwards compatibility only
         """This wraps the mod function. It assumes that the entry is already
@@ -1728,7 +1717,6 @@ class IPAdmin(LDAPClient):
         return True
 
     def waitForEntry(self, dn, timeout=7200, attr='', quiet=True):
-        scope = ldap.SCOPE_BASE
         filter = "(objectclass=*)"
         attrlist = []
         if attr:
@@ -1747,10 +1735,11 @@ class IPAdmin(LDAPClient):
         entry = None
         while not entry and int(time.time()) < timeout:
             try:
-                entry = self.getEntry(dn, scope, filter, attrlist)
+                [entry] = self.get_entries(
-            except ldap.NO_SUCH_OBJECT:
+                    dn, ldap.SCOPE_BASE, filter, attrlist)
-                pass # no entry yet
+            except errors.NotFound:
-            except ldap.LDAPError, e: # badness
+                pass  # no entry yet
+            except Exception, e:  # badness
                 print "\nError reading entry", dn, e
                 break
             if not entry: