IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

services: replace admin_conn with api.Backend.ldap2

Browse Source 
Since service.admin_conn is only an alias to api.Backend.ldap2,
replace it everywhere with the explicit api.Backend.ldap2 instead.

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Tomas Krizek 2016-11-09 12:53:14 +01:00 committed by Martin Basti
parent 4c133837d1
commit 68295bf8cf
13 changed files with 120 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
install/tools/ipa-adtrust-install
View File

@ -411,7 +411,7 @@ def main():
try:
# Search only masters which have support for domain levels
# because only these masters will have SSSD recent enough to support AD trust agents
entries_m, _truncated = smb.admin_conn.find_entries(
entries_m, _truncated = api.Backend.ldap2.find_entries(
filter="(&(objectclass=ipaSupportedDomainLevelConfig)(ipaMaxDomainLevel=*)(ipaMinDomainLevel=*))",
base_dn=masters_dn, attrs_list=['cn'], scope=ldap.SCOPE_ONELEVEL)
except errors.NotFound:
@ -421,7 +421,7 @@ def main():
print(unicode(e))
try:
entries_a, _truncated = smb.admin_conn.find_entries(
entries_a, _truncated = api.Backend.ldap2.find_entries(
filter="", base_dn=agents_dn, attrs_list=['member'],
scope=ldap.SCOPE_BASE)
except errors.NotFound:
@ -470,7 +470,7 @@ def main():
# Add the CIFS and host principals to the 'adtrust agents' group
# as 389-ds only operates with GroupOfNames, we have to use
# the principal's proper dn as defined in self.cifs_agent
service.add_principals_to_group(smb.admin_conn, agents_dn, "member",
service.add_principals_to_group(api.Backend.ldap2, agents_dn, "member",
[x[1] for x in new_agents])
print("""
WARNING: you MUST restart (e.g. ipactl restart) the following IPA masters in order

79
ipaserver/install/adtrustinstance.py
View File

@ -200,7 +200,7 @@ class ADTRUSTInstance(service.Service):
admin_group_dn = DN(('cn', 'admins'), api.env.container_group,
self.suffix)
try:
dom_entry = self.admin_conn.get_entry(self.smb_dom_dn)
dom_entry = api.Backend.ldap2.get_entry(self.smb_dom_dn)
except errors.NotFound:
self.print_msg("Samba domain object not found")
return
@ -211,13 +211,13 @@ class ADTRUSTInstance(service.Service):
return
try:
admin_entry = self.admin_conn.get_entry(admin_dn)
admin_entry = api.Backend.ldap2.get_entry(admin_dn)
except errors.NotFound:
self.print_msg("IPA admin object not found")
return
try:
admin_group_entry = self.admin_conn.get_entry(admin_group_dn)
admin_group_entry = api.Backend.ldap2.get_entry(admin_group_dn)
except errors.NotFound:
self.print_msg("IPA admin group object not found")
return
@ -226,9 +226,10 @@ class ADTRUSTInstance(service.Service):
self.print_msg("Admin SID already set, nothing to do")
else:
try:
self.admin_conn.modify_s(admin_dn, \
[(ldap.MOD_ADD, "objectclass", self.OBJC_USER), \
(ldap.MOD_ADD, self.ATTR_SID, dom_sid + "-500")])
api.Backend.ldap2.modify_s(
admin_dn,
[(ldap.MOD_ADD, "objectclass", self.OBJC_USER),
(ldap.MOD_ADD, self.ATTR_SID, dom_sid + "-500")])
except Exception:
self.print_msg("Failed to modify IPA admin object")
@ -236,9 +237,10 @@ class ADTRUSTInstance(service.Service):
self.print_msg("Admin group SID already set, nothing to do")
else:
try:
self.admin_conn.modify_s(admin_group_dn, \
[(ldap.MOD_ADD, "objectclass", self.OBJC_GROUP), \
(ldap.MOD_ADD, self.ATTR_SID, dom_sid + "-512")])
api.Backend.ldap2.modify_s(
admin_group_dn,
[(ldap.MOD_ADD, "objectclass", self.OBJC_GROUP),
(ldap.MOD_ADD, self.ATTR_SID, dom_sid + "-512")])
except Exception:
self.print_msg("Failed to modify IPA admin group object")
@ -247,7 +249,7 @@ class ADTRUSTInstance(service.Service):
api.env.container_views, self.suffix)
try:
self.admin_conn.get_entry(default_view_dn)
api.Backend.ldap2.get_entry(default_view_dn)
except errors.NotFound:
try:
self._ldap_mod('default-trust-view.ldif', self.sub_dict)
@ -260,7 +262,7 @@ class ADTRUSTInstance(service.Service):
# _ldap_mod does not return useful error codes, so we must check again
# if the default trust view was created properly.
try:
self.admin_conn.get_entry(default_view_dn)
api.Backend.ldap2.get_entry(default_view_dn)
except errors.NotFound:
self.print_msg("Failed to add Default Trust View.")
@ -276,7 +278,7 @@ class ADTRUSTInstance(service.Service):
server.
"""
try:
dom_entry = self.admin_conn.get_entry(self.smb_dom_dn)
dom_entry = api.Backend.ldap2.get_entry(self.smb_dom_dn)
except errors.NotFound:
self.print_msg("Samba domain object not found")
return
@ -288,7 +290,7 @@ class ADTRUSTInstance(service.Service):
fb_group_dn = DN(('cn', self.FALLBACK_GROUP_NAME),
api.env.container_group, self.suffix)
try:
self.admin_conn.get_entry(fb_group_dn)
api.Backend.ldap2.get_entry(fb_group_dn)
except errors.NotFound:
try:
self._ldap_mod('default-smb-group.ldif', self.sub_dict)
@ -299,14 +301,14 @@ class ADTRUSTInstance(service.Service):
# _ldap_mod does not return useful error codes, so we must check again
# if the fallback group was created properly.
try:
self.admin_conn.get_entry(fb_group_dn)
api.Backend.ldap2.get_entry(fb_group_dn)
except errors.NotFound:
self.print_msg("Failed to add fallback group.")
return
try:
mod = [(ldap.MOD_ADD, self.ATTR_FALLBACK_GROUP, fb_group_dn)]
self.admin_conn.modify_s(self.smb_dom_dn, mod)
api.Backend.ldap2.modify_s(self.smb_dom_dn, mod)
except Exception:
self.print_msg("Failed to add fallback group to domain object")
@ -319,7 +321,7 @@ class ADTRUSTInstance(service.Service):
try:
# Get the ranges
ranges = self.admin_conn.get_entries(
ranges = api.Backend.ldap2.get_entries(
DN(api.env.container_ranges, self.suffix),
ldap.SCOPE_ONELEVEL, "(objectclass=ipaDomainIDRange)")
@ -354,7 +356,7 @@ class ADTRUSTInstance(service.Service):
# If the RID bases would cause overlap with some other range,
# this will be detected by ipa-range-check DS plugin
try:
self.admin_conn.modify_s(local_range.dn,
api.Backend.ldap2.modify_s(local_range.dn,
[(ldap.MOD_ADD, "ipaBaseRID",
str(self.rid_base)),
(ldap.MOD_ADD, "ipaSecondaryBaseRID",
@ -376,7 +378,7 @@ class ADTRUSTInstance(service.Service):
self.print_msg("Reset NetBIOS domain name")
try:
self.admin_conn.modify_s(self.smb_dom_dn,
api.Backend.ldap2.modify_s(self.smb_dom_dn,
[(ldap.MOD_REPLACE, self.ATTR_FLAT_NAME,
self.netbios_name)])
except ldap.LDAPError:
@ -385,7 +387,7 @@ class ADTRUSTInstance(service.Service):
def __create_samba_domain_object(self):
try:
self.admin_conn.get_entry(self.smb_dom_dn)
api.Backend.ldap2.get_entry(self.smb_dom_dn)
if self.reset_netbios_name:
self.__reset_netbios_name()
else :
@ -398,7 +400,7 @@ class ADTRUSTInstance(service.Service):
DN(('cn', 'ad'), self.trust_dn), \
DN(api.env.container_cifsdomains, self.suffix)):
try:
self.admin_conn.get_entry(new_dn)
api.Backend.ldap2.get_entry(new_dn)
except errors.NotFound:
try:
name = new_dn[1].attr
@ -406,11 +408,11 @@ class ADTRUSTInstance(service.Service):
self.print_msg('Cannot extract RDN attribute value from "%s": %s' % \
(new_dn, e))
return
entry = self.admin_conn.make_entry(
entry = api.Backend.ldap2.make_entry(
new_dn, objectclass=['nsContainer'], cn=[name])
self.admin_conn.add_entry(entry)
api.Backend.ldap2.add_entry(entry)
entry = self.admin_conn.make_entry(
entry = api.Backend.ldap2.make_entry(
self.smb_dom_dn,
{
'objectclass': [self.OBJC_DOMAIN, "nsContainer"],
@ -421,7 +423,7 @@ class ADTRUSTInstance(service.Service):
}
)
#TODO: which MAY attributes do we want to set ?
self.admin_conn.add_entry(entry)
api.Backend.ldap2.add_entry(entry)
def __write_smb_conf(self):
conf_fd = open(self.smb_conf, "w")
@ -439,7 +441,7 @@ class ADTRUSTInstance(service.Service):
try:
plugin_dn = DN(('cn', plugin_cn), ('cn', 'plugins'),
('cn', 'config'))
self.admin_conn.get_entry(plugin_dn)
api.Backend.ldap2.get_entry(plugin_dn)
self.print_msg('%s plugin already configured, nothing to do' % name)
except errors.NotFound:
try:
@ -477,7 +479,7 @@ class ADTRUSTInstance(service.Service):
# Wait for the task to complete
task_dn = DN('cn=sidgen,cn=ipa-sidgen-task,cn=tasks,cn=config')
wait_for_task(self.admin_conn, task_dn)
wait_for_task(api.Backend.ldap2, task_dn)
except Exception as e:
root_logger.warning("Exception occured during SID generation: {0}"
@ -491,11 +493,11 @@ class ADTRUSTInstance(service.Service):
targets_dn = DN(('cn', 'ipa-cifs-delegation-targets'), ('cn', 's4u2proxy'),
('cn', 'etc'), self.suffix)
try:
current = self.admin_conn.get_entry(targets_dn)
current = api.Backend.ldap2.get_entry(targets_dn)
members = current.get('memberPrincipal', [])
if not(self.principal in members):
current["memberPrincipal"] = members + [self.principal]
self.admin_conn.update_entry(current)
api.Backend.ldap2.update_entry(current)
else:
self.print_msg('cifs principal already targeted, nothing to do.')
except errors.NotFound:
@ -524,8 +526,9 @@ class ADTRUSTInstance(service.Service):
# Add the CIFS and host principals to the 'adtrust agents' group
# as 389-ds only operates with GroupOfNames, we have to use
# the principal's proper dn as defined in self.cifs_agent
service.add_principals_to_group(self.admin_conn, self.smb_dn, "member",
[self.cifs_agent, self.host_princ])
service.add_principals_to_group(
api.Backend.ldap2, self.smb_dn, "member",
[self.cifs_agent, self.host_princ])
def __setup_principal(self):
try:
@ -662,7 +665,7 @@ class ADTRUSTInstance(service.Service):
try:
cifs_services = DN(api.env.container_service, self.suffix)
# Search for cifs services which also belong to adtrust agents, these are our DCs
res = self.admin_conn.get_entries(cifs_services,
res = api.Backend.ldap2.get_entries(cifs_services,
ldap.SCOPE_ONELEVEL,
"(&(krbprincipalname=cifs/*@%s)(memberof=%s))" % (self.realm, str(self.smb_dn)))
if len(res) > 1:
@ -686,11 +689,11 @@ class ADTRUSTInstance(service.Service):
lookup_nsswitch_name = "schema-compat-lookup-nsswitch"
for config in (("cn=users", "user"), ("cn=groups", "group")):
entry_dn = DN(config[0], compat_plugin_dn)
current = self.admin_conn.get_entry(entry_dn)
current = api.Backend.ldap2.get_entry(entry_dn)
lookup_nsswitch = current.get(lookup_nsswitch_name, [])
if not(config[1] in lookup_nsswitch):
current[lookup_nsswitch_name] = [config[1]]
self.admin_conn.update_entry(current)
api.Backend.ldap2.update_entry(current)
except Exception as e:
root_logger.critical("Enabling nsswitch support in slapi-nis failed with error '%s'" % e)
@ -767,14 +770,14 @@ class ADTRUSTInstance(service.Service):
self.__setup_sub_dict()
def find_local_id_range(self):
if self.admin_conn.get_entries(
if api.Backend.ldap2.get_entries(
DN(api.env.container_ranges, self.suffix),
ldap.SCOPE_ONELEVEL,
"(objectclass=ipaDomainIDRange)"):
return
try:
entry = self.admin_conn.get_entry(
entry = api.Backend.ldap2.get_entry(
DN(('cn', 'admins'), api.env.container_group, self.suffix))
except errors.NotFound:
raise ValueError("No local ID range and no admins group found.\n" \
@ -791,13 +794,13 @@ class ADTRUSTInstance(service.Service):
"(gidNumber<=%d)(gidNumner>=%d)))" % \
((base_id - 1), (base_id + id_range_size),
(base_id - 1), (base_id + id_range_size))
if self.admin_conn.get_entries(DN(('cn', 'accounts'), self.suffix),
if api.Backend.ldap2.get_entries(DN(('cn', 'accounts'), self.suffix),
ldap.SCOPE_SUBTREE, id_filter):
raise ValueError("There are objects with IDs out of the expected" \
"range.\nAdd local ID range manually and try " \
"again!")
entry = self.admin_conn.make_entry(
entry = api.Backend.ldap2.make_entry(
DN(
('cn', ('%s_id_range' % self.realm)),
api.env.container_ranges, self.suffix),
@ -806,7 +809,7 @@ class ADTRUSTInstance(service.Service):
ipaBaseID=[str(base_id)],
ipaIDRangeSize=[str(id_range_size)],
)
self.admin_conn.add_entry(entry)
api.Backend.ldap2.add_entry(entry)
def create_instance(self):
self.step("stopping smbd", self.__stop)

10
ipaserver/install/bindinstance.py
View File

@ -846,10 +846,10 @@ class BindInstance(service.Service):
self.__add_master_records(self.fqdn, self.ip_addresses)
def __add_others(self):
entries = self.admin_conn.get_entries(
entries = api.Backend.ldap2.get_entries(
DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
self.suffix),
self.admin_conn.SCOPE_ONELEVEL, None, ['dn'])
api.Backend.ldap2.SCOPE_ONELEVEL, None, ['dn'])
for entry in entries:
fqdn = entry.dn[0]['cn']
@ -888,7 +888,7 @@ class BindInstance(service.Service):
mod = [(ldap.MOD_ADD, 'member', dns_principal)]
try:
self.admin_conn.modify_s(dns_group, mod)
api.Backend.ldap2.modify_s(dns_group, mod)
except ldap.TYPE_OR_VALUE_EXISTS:
pass
except Exception as e:
@ -903,7 +903,7 @@ class BindInstance(service.Service):
(ldap.MOD_REPLACE, 'nsIdleTimeout', '-1'),
(ldap.MOD_REPLACE, 'nsLookThroughLimit', '-1')]
try:
self.admin_conn.modify_s(dns_principal, mod)
api.Backend.ldap2.modify_s(dns_principal, mod)
except Exception as e:
root_logger.critical("Could not set principal's %s LDAP limits: %s" \
% (dns_principal, str(e)))
@ -933,7 +933,7 @@ class BindInstance(service.Service):
)
def __setup_server_configuration(self):
ensure_dnsserver_container_exists(self.admin_conn, self.api)
ensure_dnsserver_container_exists(api.Backend.ldap2, self.api)
try:
self.api.Command.dnsserver_add(
self.fqdn, idnssoamname=DNSName(self.fqdn).make_absolute(),

22
ipaserver/install/cainstance.py
View File

@ -1100,8 +1100,8 @@ class CAInstance(DogtagInstance):
('cn', 'etc'), api.env.basedn)
renewal_filter = '(ipaConfigString=caRenewalMaster)'
try:
self.admin_conn.get_entries(base_dn=dn, filter=renewal_filter,
attrs_list=[])
api.Backend.ldap2.get_entries(base_dn=dn, filter=renewal_filter,
attrs_list=[])
except errors.NotFound:
return False
@ -1115,13 +1115,13 @@ class CAInstance(DogtagInstance):
api.env.basedn)
filter = '(&(cn=CA)(ipaConfigString=caRenewalMaster))'
try:
entries = self.admin_conn.get_entries(
entries = api.Backend.ldap2.get_entries(
base_dn=base_dn, filter=filter, attrs_list=['ipaConfigString'])
except errors.NotFound:
entries = []
dn = DN(('cn', 'CA'), ('cn', fqdn), base_dn)
master_entry = self.admin_conn.get_entry(dn, ['ipaConfigString'])
master_entry = api.Backend.ldap2.get_entry(dn, ['ipaConfigString'])
for entry in entries:
if master_entry is not None and entry.dn == master_entry.dn:
@ -1130,11 +1130,11 @@ class CAInstance(DogtagInstance):
entry['ipaConfigString'] = [x for x in entry['ipaConfigString']
if x.lower() != 'carenewalmaster']
self.admin_conn.update_entry(entry)
api.Backend.ldap2.update_entry(entry)
if master_entry is not None:
master_entry['ipaConfigString'].append('caRenewalMaster')
self.admin_conn.update_entry(master_entry)
api.Backend.ldap2.update_entry(master_entry)
@staticmethod
def update_cert_config(nickname, cert):
@ -1173,25 +1173,25 @@ class CAInstance(DogtagInstance):
# replication
dn = DN(('cn', str(suffix)), ('cn', 'mapping tree'), ('cn', 'config'))
entry = self.admin_conn.make_entry(
entry = api.Backend.ldap2.make_entry(
dn,
objectclass=["top", "extensibleObject", "nsMappingTree"],
cn=[suffix],
)
entry['nsslapd-state'] = ['Backend']
entry['nsslapd-backend'] = [backend]
self.admin_conn.add_entry(entry)
api.Backend.ldap2.add_entry(entry)
# database
dn = DN(('cn', 'ipaca'), ('cn', 'ldbm database'), ('cn', 'plugins'),
('cn', 'config'))
entry = self.admin_conn.make_entry(
entry = api.Backend.ldap2.make_entry(
dn,
objectclass=["top", "extensibleObject", "nsBackendInstance"],
cn=[backend],
)
entry['nsslapd-suffix'] = [suffix]
self.admin_conn.add_entry(entry)
api.Backend.ldap2.add_entry(entry)
def __setup_replication(self):
@ -1268,7 +1268,7 @@ class CAInstance(DogtagInstance):
def __add_lightweight_ca_tracking_requests(self):
try:
lwcas = self.admin_conn.get_entries(
lwcas = api.Backend.ldap2.get_entries(
base_dn=api.env.basedn,
filter='(objectclass=ipaca)',
attrs_list=['cn', 'ipacaid'],

6
ipaserver/install/dnskeysyncinstance.py
View File

@ -266,7 +266,7 @@ class DNSKeySyncInstance(service.Service):
keylabel = replica_keylabel_template % DNSName(self.fqdn).\
make_absolute().canonicalize().ToASCII()
ldap = self.admin_conn
ldap = api.Backend.ldap2
dn_base = DN(('cn', 'keys'), ('cn', 'sec'), ('cn', 'dns'), api.env.basedn)
with open(paths.DNSSEC_SOFTHSM_PIN, "r") as f:
@ -413,7 +413,7 @@ class DNSKeySyncInstance(service.Service):
mod = [(ldap.MOD_ADD, 'member', dnssynckey_principal_dn)]
try:
self.admin_conn.modify_s(dns_group, mod)
api.Backend.ldap2.modify_s(dns_group, mod)
except ldap.TYPE_OR_VALUE_EXISTS:
pass
except Exception as e:
@ -429,7 +429,7 @@ class DNSKeySyncInstance(service.Service):
(ldap.MOD_REPLACE, 'nsIdleTimeout', '-1'),
(ldap.MOD_REPLACE, 'nsLookThroughLimit', '-1')]
try:
self.admin_conn.modify_s(dnssynckey_principal_dn, mod)
api.Backend.ldap2.modify_s(dnssynckey_principal_dn, mod)
except Exception as e:
self.logger.critical("Could not set principal's %s LDAP limits: %s"
% (dnssynckey_principal_dn, str(e)))

16
ipaserver/install/dogtaginstance.py
View File

@ -30,7 +30,7 @@ import pwd
from pki.client import PKIConnection
import pki.system
from ipalib import errors
from ipalib import api, errors
from ipaplatform import services
from ipaplatform.constants import constants
@ -421,12 +421,12 @@ class DogtagInstance(service.Service):
def __add_admin_to_group(self, group):
dn = DN(('cn', group), ('ou', 'groups'), ('o', 'ipaca'))
entry = self.admin_conn.get_entry(dn)
entry = api.Backend.ldap2.get_entry(dn)
members = entry.get('uniqueMember', [])
members.append(self.admin_dn)
mod = [(ldap.MOD_REPLACE, 'uniqueMember', members)]
try:
self.admin_conn.modify_s(dn, mod)
api.Backend.ldap2.modify_s(dn, mod)
except ldap.TYPE_OR_VALUE_EXISTS:
# already there
pass
@ -439,12 +439,12 @@ class DogtagInstance(service.Service):
# remove user if left-over exists
try:
entry = self.admin_conn.delete_entry(self.admin_dn)
entry = api.Backend.ldap2.delete_entry(self.admin_dn)
except errors.NotFound:
pass
# add user
entry = self.admin_conn.make_entry(
entry = api.Backend.ldap2.make_entry(
self.admin_dn,
objectclass=["top", "person", "organizationalPerson",
"inetOrgPerson", "cmsuser"],
@ -456,7 +456,7 @@ class DogtagInstance(service.Service):
userPassword=[self.admin_password],
userstate=['1']
)
self.admin_conn.add_entry(entry)
api.Backend.ldap2.add_entry(entry)
for group in self.admin_groups:
self.__add_admin_to_group(group)
@ -472,7 +472,7 @@ class DogtagInstance(service.Service):
dn = DN(('cn', group), ('ou', 'groups'), ('o', 'ipaca'))
mod = [(ldap.MOD_DELETE, 'uniqueMember', self.admin_dn)]
try:
self.admin_conn.modify_s(dn, mod)
api.Backend.ldap2.modify_s(dn, mod)
except ldap.NO_SUCH_ATTRIBUTE:
# already removed
pass
@ -480,7 +480,7 @@ class DogtagInstance(service.Service):
def teardown_admin(self):
for group in self.admin_groups:
self.__remove_admin_from_group(group)
self.admin_conn.delete_entry(self.admin_dn)
api.Backend.ldap2.delete_entry(self.admin_dn)
def _use_ldaps_during_spawn(self, config, ds_cacert=paths.IPA_CA_CRT):
config.set(self.subsystem, "pki_ds_ldaps_port", "636")

18
ipaserver/install/dsinstance.py
View File

@ -449,13 +449,13 @@ class DsInstance(service.Service):
# they may conflict.
try:
res = self.admin_conn.get_entries(
res = api.Backend.ldap2.get_entries(
DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')),
self.admin_conn.SCOPE_ONELEVEL,
api.Backend.ldap2.SCOPE_ONELEVEL,
"(objectclass=nsSaslMapping)")
for r in res:
try:
self.admin_conn.delete_entry(r)
api.Backend.ldap2.delete_entry(r)
except Exception as e:
root_logger.critical(
"Error during SASL mapping removal: %s", e)
@ -464,7 +464,7 @@ class DsInstance(service.Service):
root_logger.critical("Error while enumerating SASL mappings %s", e)
raise
entry = self.admin_conn.make_entry(
entry = api.Backend.ldap2.make_entry(
DN(
('cn', 'Full Principal'), ('cn', 'mapping'), ('cn', 'sasl'),
('cn', 'config')),
@ -475,9 +475,9 @@ class DsInstance(service.Service):
nsSaslMapFilterTemplate=['(krbPrincipalName=\\1@\\2)'],
nsSaslMapPriority=['10'],
)
self.admin_conn.add_entry(entry)
api.Backend.ldap2.add_entry(entry)
entry = self.admin_conn.make_entry(
entry = api.Backend.ldap2.make_entry(
DN(
('cn', 'Name Only'), ('cn', 'mapping'), ('cn', 'sasl'),
('cn', 'config')),
@ -488,7 +488,7 @@ class DsInstance(service.Service):
nsSaslMapFilterTemplate=['(krbPrincipalName=&@%s)' % self.realm],
nsSaslMapPriority=['10'],
)
self.admin_conn.add_entry(entry)
api.Backend.ldap2.add_entry(entry)
def __update_schema(self):
# FIXME: https://fedorahosted.org/389/ticket/47490
@ -1134,7 +1134,7 @@ class DsInstance(service.Service):
"""
dn = DN('cn=IPA SIDGEN,cn=plugins,cn=config')
try:
self.admin_conn.get_entry(dn)
api.Backend.ldap2.get_entry(dn)
except errors.NotFound:
self._ldap_mod('ipa-sidgen-conf.ldif', dict(SUFFIX=suffix))
else:
@ -1152,7 +1152,7 @@ class DsInstance(service.Service):
"""
dn = DN('cn=ipa_extdom_extop,cn=plugins,cn=config')
try:
self.admin_conn.get_entry(dn)
api.Backend.ldap2.get_entry(dn)
except errors.NotFound:
self._ldap_mod('ipa-extdom-extop-conf.ldif', dict(SUFFIX=suffix))
else:

9
ipaserver/install/httpinstance.py
View File

@ -416,7 +416,8 @@ class HTTPInstance(service.Service):
attr_name = 'kdcProxyEnabled'
try:
entry = self.admin_conn.get_entry(entry_name, ['ipaConfigString'])
entry = api.Backend.ldap2.get_entry(
entry_name, ['ipaConfigString'])
except errors.NotFound:
pass
else:
@ -427,7 +428,7 @@ class HTTPInstance(service.Service):
entry.setdefault('ipaConfigString', []).append(attr_name)
try:
self.admin_conn.update_entry(entry)
api.Backend.ldap2.update_entry(entry)
except errors.EmptyModlist:
root_logger.debug("service KDCPROXY already enabled")
return
@ -438,7 +439,7 @@ class HTTPInstance(service.Service):
root_logger.debug("service KDCPROXY enabled")
return
entry = self.admin_conn.make_entry(
entry = api.Backend.ldap2.make_entry(
entry_name,
objectclass=["nsContainer", "ipaConfigObject"],
cn=['KDC'],
@ -446,7 +447,7 @@ class HTTPInstance(service.Service):
)
try:
self.admin_conn.add_entry(entry)
api.Backend.ldap2.add_entry(entry)
except errors.DuplicateEntry:
root_logger.debug("failed to add service KDCPROXY entry")
raise

7
ipaserver/install/kra.py
View File

@ -131,9 +131,10 @@ def uninstall(standalone):
if standalone:
try:
kra.admin_conn.delete_entry(DN(('cn', 'KRA'), ('cn', api.env.host),
('cn', 'masters'), ('cn', 'ipa'),
('cn', 'etc'), api.env.basedn))
api.Backend.ldap2.delete_entry(
DN(('cn', 'KRA'), ('cn', api.env.host),
('cn', 'masters'), ('cn', 'ipa'),
('cn', 'etc'), api.env.basedn))
except errors.NotFound:
pass

13
ipaserver/install/krbinstance.py
View File

@ -30,6 +30,7 @@ from ipaserver.install import service
from ipaserver.install import installutils
from ipapython import ipautil
from ipapython import kernel_keyring
from ipalib import api
from ipalib.constants import CACERT
from ipapython.ipa_log_manager import root_logger
from ipapython.dn import DN
@ -79,14 +80,14 @@ class KrbInstance(service.Service):
"""
service_dn = DN(('krbprincipalname', principal), self.get_realm_suffix())
service_entry = self.admin_conn.get_entry(service_dn)
self.admin_conn.delete_entry(service_entry)
service_entry = api.Backend.ldap2.get_entry(service_dn)
api.Backend.ldap2.delete_entry(service_entry)
# Create a host entry for this master
host_dn = DN(
('fqdn', self.fqdn), ('cn', 'computers'), ('cn', 'accounts'),
self.suffix)
host_entry = self.admin_conn.make_entry(
host_entry = api.Backend.ldap2.make_entry(
host_dn,
objectclass=[
'top', 'ipaobject', 'nshost', 'ipahost', 'ipaservice',
@ -108,7 +109,7 @@ class KrbInstance(service.Service):
'krbpasswordexpiration']
if 'krbticketflags' in service_entry:
host_entry['krbticketflags'] = service_entry['krbticketflags']
self.admin_conn.add_entry(host_entry)
api.Backend.ldap2.add_entry(host_entry)
# Add the host to the ipaserver host group
ld = ldapupdate.LDAPUpdate(ldapi=True)
@ -359,9 +360,9 @@ class KrbInstance(service.Service):
# Create the special anonymous principal
installutils.kadmin_addprinc(princ_realm)
dn = DN(('krbprincipalname', princ_realm), self.get_realm_suffix())
entry = self.admin_conn.get_entry(dn)
entry = api.Backend.ldap2.get_entry(dn)
entry['nsAccountlock'] = ['TRUE']
self.admin_conn.update_entry(entry)
api.Backend.ldap2.update_entry(entry)
def __convert_to_gssapi_replication(self):
repl = replication.ReplicationManager(self.realm,

4
ipaserver/install/odsexporterinstance.py
View File

@ -112,7 +112,7 @@ class ODSExporterInstance(service.Service):
mod = [(ldap.MOD_ADD, 'member', dns_exporter_principal_dn)]
try:
self.admin_conn.modify_s(dns_group, mod)
api.Backend.ldap2.modify_s(dns_group, mod)
except ldap.TYPE_OR_VALUE_EXISTS:
pass
except Exception as e:
@ -127,7 +127,7 @@ class ODSExporterInstance(service.Service):
(ldap.MOD_REPLACE, 'nsIdleTimeout', '-1'),
(ldap.MOD_REPLACE, 'nsLookThroughLimit', '-1')]
try:
self.admin_conn.modify_s(dns_exporter_principal_dn, mod)
api.Backend.ldap2.modify_s(dns_exporter_principal_dn, mod)
except Exception as e:
root_logger.critical("Could not set principal's %s LDAP limits: %s"
% (dns_exporter_principal_dn, str(e)))

6
ipaserver/install/opendnssecinstance.py
View File

@ -82,7 +82,7 @@ class OpenDNSSECInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix')
def get_masters(self):
return get_dnssec_key_masters(self.admin_conn)
return get_dnssec_key_masters(api.Backend.ldap2)
def create_instance(self, fqdn, realm_name, generate_master_key=True,
kasp_db_file=None):
@ -145,7 +145,7 @@ class OpenDNSSECInstance(service.Service):
dn = DN(('cn', 'DNSSEC'), ('cn', self.fqdn), api.env.container_masters,
api.env.basedn)
try:
entry = self.admin_conn.get_entry(dn, ['ipaConfigString'])
entry = api.Backend.ldap2.get_entry(dn, ['ipaConfigString'])
except errors.NotFound as e:
root_logger.error(
"DNSSEC service entry not found in the LDAP (%s)", e)
@ -153,7 +153,7 @@ class OpenDNSSECInstance(service.Service):
config = entry.setdefault('ipaConfigString', [])
if KEYMASTER not in config:
config.append(KEYMASTER)
self.admin_conn.update_entry(entry)
api.Backend.ldap2.update_entry(entry)
def __setup_conf_files(self):
if not self.fstore.has_file(paths.OPENDNSSEC_CONF_FILE):

44
ipaserver/install/service.py
View File

@ -169,13 +169,6 @@ class Service(object):
self.dm_password = None # silence pylint
self.promote = False
@property
def admin_conn(self):
"""
alias for api.Backend.ldap2
"""
return api.Backend.ldap2
@property
def principal(self):
if any(attr is None for attr in (self.realm, self.fqdn,
@ -209,7 +202,7 @@ class Service(object):
# As we always connect to the local host,
# use URI of admin connection
if not ldap_uri:
ldap_uri = self.admin_conn.ldap_uri
ldap_uri = api.Backend.ldap2.ldap_uri
args += ["-H", ldap_uri]
@ -246,21 +239,21 @@ class Service(object):
dn = DN(('krbprincipalname', principal), ('cn', self.realm), ('cn', 'kerberos'), self.suffix)
try:
entry = self.admin_conn.get_entry(dn)
entry = api.Backend.ldap2.get_entry(dn)
except errors.NotFound:
# There is no service in the wrong location, nothing to do.
# This can happen when installing a replica
return None
newdn = DN(('krbprincipalname', principal), ('cn', 'services'), ('cn', 'accounts'), self.suffix)
hostdn = DN(('fqdn', self.fqdn), ('cn', 'computers'), ('cn', 'accounts'), self.suffix)
self.admin_conn.delete_entry(entry)
api.Backend.ldap2.delete_entry(entry)
entry.dn = newdn
classes = entry.get("objectclass")
classes = classes + ["ipaobject", "ipaservice", "pkiuser"]
entry["objectclass"] = list(set(classes))
entry["ipauniqueid"] = ['autogenerate']
entry["managedby"] = [hostdn]
self.admin_conn.add_entry(entry)
api.Backend.ldap2.add_entry(entry)
return newdn
def add_simple_service(self, principal):
@ -271,7 +264,7 @@ class Service(object):
"""
dn = DN(('krbprincipalname', principal), ('cn', 'services'), ('cn', 'accounts'), self.suffix)
hostdn = DN(('fqdn', self.fqdn), ('cn', 'computers'), ('cn', 'accounts'), self.suffix)
entry = self.admin_conn.make_entry(
entry = api.Backend.ldap2.make_entry(
dn,
objectclass=[
"krbprincipal", "krbprincipalaux", "krbticketpolicyaux",
@ -280,7 +273,7 @@ class Service(object):
ipauniqueid=['autogenerate'],
managedby=[hostdn],
)
self.admin_conn.add_entry(entry)
api.Backend.ldap2.add_entry(entry)
return dn
def add_cert_to_service(self):
@ -291,16 +284,16 @@ class Service(object):
"""
dn = DN(('krbprincipalname', self.principal), ('cn', 'services'),
('cn', 'accounts'), self.suffix)
entry = self.admin_conn.get_entry(dn)
entry = api.Backend.ldap2.get_entry(dn)
entry.setdefault('userCertificate', []).append(self.dercert)
try:
self.admin_conn.update_entry(entry)
api.Backend.ldap2.update_entry(entry)
except Exception as e:
root_logger.critical("Could not add certificate to service %s entry: %s" % (self.principal, str(e)))
def import_ca_certs(self, db, ca_is_configured, conn=None):
if conn is None:
conn = self.admin_conn
conn = api.Backend.ldap2
try:
ca_certs = certstore.get_ca_certs_nss(
@ -453,7 +446,8 @@ class Service(object):
# enable disabled service
try:
entry = self.admin_conn.get_entry(entry_name, ['ipaConfigString'])
entry = api.Backend.ldap2.get_entry(
entry_name, ['ipaConfigString'])
except errors.NotFound:
pass
else:
@ -465,7 +459,7 @@ class Service(object):
entry.setdefault('ipaConfigString', []).append(u'enabledService')
try:
self.admin_conn.update_entry(entry)
api.Backend.ldap2.update_entry(entry)
except errors.EmptyModlist:
root_logger.debug("service %s startup entry already enabled", name)
return
@ -477,7 +471,7 @@ class Service(object):
return
order = SERVICE_LIST[name][1]
entry = self.admin_conn.make_entry(
entry = api.Backend.ldap2.make_entry(
entry_name,
objectclass=["nsContainer", "ipaConfigObject"],
cn=[name],
@ -486,7 +480,7 @@ class Service(object):
)
try:
self.admin_conn.add_entry(entry)
api.Backend.ldap2.add_entry(entry)
except (errors.DuplicateEntry) as e:
root_logger.debug("failed to add service %s startup entry", name)
raise e
@ -497,13 +491,13 @@ class Service(object):
entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'),
('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
search_kw = {'ipaConfigString': u'enabledService'}
filter = self.admin_conn.make_filter(search_kw)
filter = api.Backend.ldap2.make_filter(search_kw)
try:
entries, _truncated = self.admin_conn.find_entries(
entries, _truncated = api.Backend.ldap2.find_entries(
filter=filter,
attrs_list=['ipaConfigString'],
base_dn=entry_dn,
scope=self.admin_conn.SCOPE_BASE)
scope=api.Backend.ldap2.SCOPE_BASE)
except errors.NotFound:
root_logger.debug("service %s startup entry already disabled", name)
return
@ -518,7 +512,7 @@ class Service(object):
break
try:
self.admin_conn.update_entry(entry)
api.Backend.ldap2.update_entry(entry)
except errors.EmptyModlist:
pass
except:
@ -531,7 +525,7 @@ class Service(object):
entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'),
('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
try:
self.admin_conn.delete_entry(entry_dn)
api.Backend.ldap2.delete_entry(entry_dn)
except errors.NotFound:
root_logger.debug("service %s container already removed", name)
else: