Remove some uses of raw python-ldap

Part of the work for: https://fedorahosted.org/freeipa/ticket/2660

ipaserver/install/krbinstance.py

@@ -37,8 +37,6 @@ from ipapython.dn import DN
 from ipaserver.install import replication
 from ipaserver.install import dsinstance
 
-import ldap
-
 import pyasn1.codec.ber.decoder
 import struct
 
@@ -260,7 +258,7 @@ class KrbInstance(service.Service):
         try:
             res = self.admin_conn.get_entries(
                 DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')),
-                ldap.SCOPE_ONELEVEL,
+                self.admin_conn.SCOPE_ONELEVEL,
                 "(objectclass=nsSaslMapping)")
             for r in res:
                 try:
@@ -360,8 +358,8 @@ class KrbInstance(service.Service):
 
     def __write_stash_from_ds(self):
         try:
-            entries = self.admin_conn.get_entries(self.get_realm_suffix(),
-                                                  ldap.SCOPE_SUBTREE)
+            entries = self.admin_conn.get_entries(
+                self.get_realm_suffix(), self.admin_conn.SCOPE_SUBTREE)
             # TODO: Ensure we got only one entry
             entry = entries[0]
         except errors.NotFound, e:

ipaserver/install/plugins/rename_managed.py

@@ -22,7 +22,6 @@ from ipaserver.install.plugins.baseupdate import PreUpdate, PostUpdate
 from ipalib import api, errors
 from ipapython import ipautil
 from ipapython.dn import DN, EditableDN
-import ldap as _ldap
 
 def entry_to_update(entry):
     """
@@ -66,9 +65,9 @@ class GenerateUpdateMixin(object):
 
         # If the old entries don't exist the server has already been updated.
         try:
-            (definitions_managed_entries, truncated) = ldap.find_entries(
-                searchfilter, ['*'], old_definition_container, _ldap.SCOPE_ONELEVEL, normalize=False
-            )
+            definitions_managed_entries, truncated = ldap.find_entries(
+                searchfilter, ['*'], old_definition_container,
+                ldap.SCOPE_ONELEVEL, normalize=False)
         except errors.NotFound, e:
             return (False, update_list)
 

ipaserver/install/service.py

@@ -24,8 +24,6 @@ import pwd
 import time
 import datetime
 
-import ldap
-
 from ipapython import sysrestore
 from ipapython import ipautil
 from ipapython import dogtag
@@ -249,10 +247,12 @@ class Service(object):
             self.ldap_disconnect()
         self.ldap_connect()
 
-        dn = DN(('krbprincipalname', self.principal), ('cn', 'services'), ('cn', 'accounts'), self.suffix)
-        mod = [(ldap.MOD_ADD, 'userCertificate', self.dercert)]
+        dn = DN(('krbprincipalname', self.principal), ('cn', 'services'),
+                ('cn', 'accounts'), self.suffix)
+        entry = self.admin_conn.get_entry(dn)
+        entry.setdefault('userCertificate', []).append(self.dercert)
         try:
-            self.admin_conn.modify_s(dn, mod)
+            self.admin_conn.update_entry(entry)
         except Exception, e:
             root_logger.critical("Could not add certificate to service %s entry: %s" % (self.principal, str(e)))
 
@@ -387,7 +387,7 @@ class Service(object):
 
         try:
             self.admin_conn.add_entry(entry)
-        except (ldap.ALREADY_EXISTS, errors.DuplicateEntry), e:
+        except (errors.DuplicateEntry), e:
             root_logger.debug("failed to add %s Service startup entry" % name)
             raise e
 

ipaserver/plugins/dogtag.py

@@ -237,12 +237,10 @@ digits and nothing else follows.
 '''
 
 from lxml import etree
-import urllib
 import urllib2
 import datetime
 import time
 from ipapython.dn import DN
-from ldap.filter import escape_filter_chars
 import ipapython.dogtag
 from ipapython import ipautil
 
@@ -1267,11 +1265,17 @@ class ra(rabase.rabase):
 
         Check if a specified host is a master for a specified service.
         """
-        base_dn = DN(('cn', host), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
-        filter = '(&(objectClass=ipaConfigObject)(cn=%s)(ipaConfigString=enabledService))' % escape_filter_chars(service)
+        ldap2 = self.api.Backend.ldap2
+        base_dn = DN(('cn', host), ('cn', 'masters'), ('cn', 'ipa'),
+                     ('cn', 'etc'), api.env.basedn)
+        filter_attrs = {
+            'objectClass': 'ipaConfigObject',
+            'cn': service,
+            'ipaConfigString': 'enabledService',
+        }
+        filter = ldap2.make_filter(filter_attrs, rules='&')
         try:
-            ldap2 = self.api.Backend.ldap2
-            ent,trunc = ldap2.find_entries(filter=filter, base_dn=base_dn)
+            ent, trunc = ldap2.find_entries(filter=filter, base_dn=base_dn)
             if len(ent):
                 return True
         except Exception, e:
@@ -1286,11 +1290,17 @@ class ra(rabase.rabase):
 
         Select any host which is a master for a specified service.
         """
-        base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
-        filter = '(&(objectClass=ipaConfigObject)(cn=%s)(ipaConfigString=enabledService))' % escape_filter_chars(service)
+        ldap2 = self.api.Backend.ldap2
+        base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
+                     api.env.basedn)
+        filter_attrs = {
+            'objectClass': 'ipaConfigObject',
+            'cn': service,
+            'ipaConfigString': 'enabledService',
+        }
+        filter = ldap2.make_filter(filter_attrs, rules='&')
         try:
-            ldap2 = self.api.Backend.ldap2
-            ent,trunc = ldap2.find_entries(filter=filter, base_dn=base_dn)
+            ent, trunc = ldap2.find_entries(filter=filter, base_dn=base_dn)
             if len(ent):
                 entry = random.choice(ent)
                 dn = entry[0]