IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-28 17:14:38 -06:00
Code Issues Packages Projects Releases Wiki Activity

Shift search base for users and groups to "cn=accounts, baseDN"

Browse Source 
450552
This commit is contained in:
Rob Crittenden 2008-07-29 08:55:27 -04:00
parent bae3a2101f
commit 6efb547987
1 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
ipa-server/xmlrpc-server/funcs.py
View File

@ -113,6 +113,7 @@ class IPAServer:
if _LDAPPool is None: if _LDAPPool is None:
_LDAPPool = IPAConnPool(128) _LDAPPool = IPAConnPool(128)
self.basedn = ipautil.realm_to_suffix(self.realm) self.basedn = ipautil.realm_to_suffix(self.realm)
self.accountsdn = "cn=accounts," + self.basedn
self.scope = ldap.SCOPE_SUBTREE self.scope = ldap.SCOPE_SUBTREE
self.princ = None self.princ = None
self.krbccache = None self.krbccache = None
@ -132,7 +133,7 @@ class IPAServer:
# The only anonymous search we should have # The only anonymous search we should have
conn = _LDAPPool.getConn(self.host,self.sslport,self.bindca,self.bindcert,self.bindkey,None,None,debug) conn = _LDAPPool.getConn(self.host,self.sslport,self.bindca,self.bindcert,self.bindkey,None,None,debug)
try: try:
ent = conn.getEntry(self.basedn, self.scope, searchfilter, ['dn']) ent = conn.getEntry(self.accountsdn, self.scope, searchfilter, ['dn'])
finally: finally:
_LDAPPool.releaseConn(conn) _LDAPPool.releaseConn(conn)
@ -427,7 +428,7 @@ class IPAServer:
logging.info("IPA: get_entry_by_cn '%s'" % cn) logging.info("IPA: get_entry_by_cn '%s'" % cn)
cn = self.__safe_filter(cn) cn = self.__safe_filter(cn)
searchfilter = "(cn=" + cn + ")" searchfilter = "(cn=" + cn + ")"
return self.__get_sub_entry(self.basedn, searchfilter, sattrs, opts) return self.__get_sub_entry(self.accountsdn, searchfilter, sattrs, opts)
def update_entry (self, oldentry, newentry, opts=None): def update_entry (self, oldentry, newentry, opts=None):
"""Update an entry in LDAP """Update an entry in LDAP
@ -459,7 +460,7 @@ class IPAServer:
searchfilter = "(&(uid=%s)(objectclass=posixAccount))" % uid searchfilter = "(&(uid=%s)(objectclass=posixAccount))" % uid
try: try:
entry = self.__get_sub_entry(self.basedn, searchfilter, ['dn','uid'], opts) entry = self.__get_sub_entry(self.accountsdn, searchfilter, ['dn','uid'], opts)
return False return False
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
return True return True
@ -497,7 +498,7 @@ class IPAServer:
logging.info("IPA: get_user_by_uid '%s'" % uid) logging.info("IPA: get_user_by_uid '%s'" % uid)
uid = self.__safe_filter(uid) uid = self.__safe_filter(uid)
searchfilter = "(uid=" + uid + ")" searchfilter = "(uid=" + uid + ")"
return self.__get_sub_entry(self.basedn, searchfilter, sattrs, opts) return self.__get_sub_entry(self.accountsdn, searchfilter, sattrs, opts)
def get_user_by_principal(self, principal, sattrs, opts=None): def get_user_by_principal(self, principal, sattrs, opts=None):
"""Get a user entry searching by Kerberos Principal Name. """Get a user entry searching by Kerberos Principal Name.
@ -511,7 +512,7 @@ class IPAServer:
raise ipaerror.gen_exception(ipaerror.INPUT_INVALID_PARAMETER) raise ipaerror.gen_exception(ipaerror.INPUT_INVALID_PARAMETER)
searchfilter = "(krbPrincipalName="+self.__safe_filter(principal)+")" searchfilter = "(krbPrincipalName="+self.__safe_filter(principal)+")"
logging.info("IPA: get_user_by_principal '%s'" % principal) logging.info("IPA: get_user_by_principal '%s'" % principal)
return self.__get_sub_entry(self.basedn, searchfilter, sattrs, opts) return self.__get_sub_entry(self.accountsdn, searchfilter, sattrs, opts)
def get_user_by_email (self, email, sattrs, opts=None): def get_user_by_email (self, email, sattrs, opts=None):
"""Get a specific user's entry. Return as a dict of values. """Get a specific user's entry. Return as a dict of values.
@ -540,7 +541,7 @@ class IPAServer:
searchfilter = "(&(objectClass=person)(manager=%s))" % manager_dn searchfilter = "(&(objectClass=person)(manager=%s))" % manager_dn
try: try:
return self.__get_list(self.basedn, searchfilter, sattrs, opts) return self.__get_list(self.accountsdn, searchfilter, sattrs, opts)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
return [] return []
@ -916,7 +917,7 @@ class IPAServer:
conn = self.getConnection(opts) conn = self.getConnection(opts)
try: try:
all_users = conn.getList(self.basedn, self.scope, searchfilter, None) all_users = conn.getList(self.accountsdn, self.scope, searchfilter, None)
finally: finally:
self.releaseConnection(conn) self.releaseConnection(conn)
@ -973,14 +974,14 @@ class IPAServer:
conn = self.getConnection(opts) conn = self.getConnection(opts)
try: try:
try: try:
exact_results = conn.getListAsync(self.basedn, self.scope, exact_results = conn.getListAsync(self.accountsdn, self.scope,
exact_match_filter, sattrs, 0, None, None, timelimit, exact_match_filter, sattrs, 0, None, None, timelimit,
sizelimit) sizelimit)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
exact_results = [0] exact_results = [0]
try: try:
partial_results = conn.getListAsync(self.basedn, self.scope, partial_results = conn.getListAsync(self.accountsdn, self.scope,
partial_match_filter, sattrs, 0, None, None, timelimit, partial_match_filter, sattrs, 0, None, None, timelimit,
sizelimit) sizelimit)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
@ -1243,7 +1244,7 @@ class IPAServer:
searchfilter = "(&(cn=%s)(objectclass=posixGroup))" % cn searchfilter = "(&(cn=%s)(objectclass=posixGroup))" % cn
try: try:
entry = self.__get_sub_entry(self.basedn, searchfilter, ['dn','cn'], opts) entry = self.__get_sub_entry(self.accountsdn, searchfilter, ['dn','cn'], opts)
return False return False
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
return True return True
@ -1269,7 +1270,7 @@ class IPAServer:
searchfilter = "(&(objectClass=posixGroup)(member=%s))" % member_dn searchfilter = "(&(objectClass=posixGroup)(member=%s))" % member_dn
try: try:
return self.__get_list(self.basedn, searchfilter, sattrs, opts) return self.__get_list(self.accountsdn, searchfilter, sattrs, opts)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
return [] return []
@ -1364,14 +1365,14 @@ class IPAServer:
conn = self.getConnection(opts) conn = self.getConnection(opts)
try: try:
try: try:
exact_results = conn.getListAsync(self.basedn, self.scope, exact_results = conn.getListAsync(self.accountsdn, self.scope,
exact_match_filter, sattrs, 0, None, None, timelimit, exact_match_filter, sattrs, 0, None, None, timelimit,
sizelimit) sizelimit)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
exact_results = [0] exact_results = [0]
try: try:
partial_results = conn.getListAsync(self.basedn, self.scope, partial_results = conn.getListAsync(self.accountsdn, self.scope,
partial_match_filter, sattrs, 0, None, None, timelimit, partial_match_filter, sattrs, 0, None, None, timelimit,
sizelimit) sizelimit)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
@ -1892,7 +1893,7 @@ class IPAServer:
conn = self.getConnection(opts) conn = self.getConnection(opts)
try: try:
try: try:
results = conn.getListAsync(self.basedn, self.scope, results = conn.getListAsync(self.accountsdn, self.scope,
searchfilter, attr_list, 0, None, None, timelimit, searchfilter, attr_list, 0, None, None, timelimit,
sizelimit) sizelimit)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
@ -1961,7 +1962,7 @@ class IPAServer:
searchfilter = "(&(krbprincipalname=%s)(objectclass=krbPrincipal))" % name searchfilter = "(&(krbprincipalname=%s)(objectclass=krbPrincipal))" % name
try: try:
entry = self.__get_sub_entry(self.basedn, searchfilter, ['dn','krbprincipalname'], opts) entry = self.__get_sub_entry(self.accountsdn, searchfilter, ['dn','krbprincipalname'], opts)
return False return False
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
return True return True
@ -2141,8 +2142,9 @@ class IPAServer:
# Configuration support # Configuration support
def get_ipa_config(self, opts=None): def get_ipa_config(self, opts=None):
"""Retrieve the IPA configuration""" """Retrieve the IPA configuration"""
searchfilter = "cn=ipaconfig"
try: try:
config = self.get_entry_by_cn("ipaconfig", None, opts) config = self.__get_sub_entry("cn=etc," + self.basedn, searchfilter, None, opts)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
raise ipaerror.gen_exception(ipaerror.LDAP_NO_CONFIG) raise ipaerror.gen_exception(ipaerror.LDAP_NO_CONFIG)