From c1f275f9ebb7020bf9b966f86720c2788cffe64b Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Mon, 4 Dec 2017 17:29:05 +0100 Subject: [PATCH] Update to python-ldap 3.0.0 Replace python3-pyldap with python3-ldap. Remove some old code for compatibility with very old python-ldap. Signed-off-by: Christian Heimes Reviewed-By: Rob Crittenden --- freeipa.spec.in | 23 +++++++++++++---------- ipapython/ipaldap.py | 15 +++++++++++++++ ipapython/setup.py | 4 ++-- ipaserver/dcerpc.py | 16 ++++++---------- ipaserver/dnssec/syncrepl.py | 2 -- ipaserver/plugins/ldap2.py | 15 +-------------- ipaserver/setup.py | 3 +-- ipasetup.py.in | 2 +- ipatests/setup.py | 3 +-- 9 files changed, 40 insertions(+), 43 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 48fdb93f5..f2be966e0 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -43,6 +43,7 @@ %global samba_version 4.7.0 %global selinux_policy_version 3.12.1-153 %global slapi_nis_version 0.56.0-4 +%global python_ldap_version 2.4.15 %else # 1.15.1-7: certauth (http://krbdev.mit.edu/rt/Ticket/Display.html?id=8561) %global krb5_version 1.15.1-7 @@ -52,8 +53,10 @@ %global samba_version 2:4.7.0 %global selinux_policy_version 3.13.1-158.4 %global slapi_nis_version 0.56.1 +%global python_ldap_version 3.0.0 %endif + %define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+') %global plugin_dir %{_libdir}/dirsrv/plugins @@ -143,7 +146,7 @@ BuildRequires: python-lesscpy # Build dependencies for makeapi/makeaci # makeapi/makeaci is using Python 2 only for now # -BuildRequires: python-ldap +BuildRequires: python2-ldap >= %{python_ldap_version} BuildRequires: python2-netaddr BuildRequires: python2-pyasn1 BuildRequires: python2-pyasn1-modules @@ -252,7 +255,7 @@ BuildRequires: python3-augeas BuildRequires: python3-netaddr BuildRequires: python3-pyasn1 BuildRequires: python3-pyasn1-modules -BuildRequires: python3-pyldap +BuildRequires: python3-ldap >= %{python_ldap_version} %endif # with_python3 %endif # with_lint @@ -283,10 +286,10 @@ Requires: %{name}-client = %{version}-%{release} Requires: %{name}-common = %{version}-%{release} %if 0%{?with_python3} Requires: python3-ipaserver = %{version}-%{release} -Requires: python3-pyldap >= 2.4.15 +Requires: python3-ldap >= %{python_ldap_version} %else Requires: python2-ipaserver = %{version}-%{release} -Requires: python-ldap >= 2.4.15 +Requires: python2-ldap >= %{python_ldap_version} %endif # 1.3.7.6-1: https://bugzilla.redhat.com/show_bug.cgi?id=1488295 Requires: 389-ds-base >= 1.3.7.6-1 @@ -385,7 +388,7 @@ Requires: %{name}-server-common = %{version}-%{release} Requires: %{name}-common = %{version}-%{release} Requires: python2-ipaclient = %{version}-%{release} Requires: python2-custodia >= 0.3.1 -Requires: python-ldap >= 2.4.15 +Requires: python2-ldap >= %{python_ldap_version} Requires: python2-lxml Requires: python2-gssapi >= 1.2.0-5 Requires: python2-sssdconfig @@ -418,7 +421,7 @@ Requires: %{name}-common = %{version}-%{release} Requires: python3-ipaclient = %{version}-%{release} Requires: python3-custodia >= 0.3.1 # we need pre-requires since earlier versions may break upgrade -Requires(pre): python3-pyldap >= 2.4.35.1-2 +Requires(pre): python3-ldap >= %{python_ldap_version} Requires: python3-lxml Requires: python3-gssapi >= 1.2.0 Requires: python3-sssdconfig @@ -541,11 +544,11 @@ Requires: %{name}-common = %{version}-%{release} %if 0%{?with_python3} Requires: python3-gssapi >= 1.2.0-5 Requires: python3-ipaclient = %{version}-%{release} -Requires: python3-pyldap +Requires: python3-ldap >= %{python_ldap_version} %else Requires: python2-gssapi >= 1.2.0-5 Requires: python2-ipaclient = %{version}-%{release} -Requires: python-ldap +Requires: python2-ldap >= %{python_ldap_version} %endif Requires: cyrus-sasl-gssapi%{?_isa} Requires: ntp @@ -722,7 +725,7 @@ Requires: python2-six # 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150 Requires: python2-jwcrypto >= 0.4.2 Requires: python2-cffi -Requires: python-ldap >= 2.4.15 +Requires: python2-ldap >= %{python_ldap_version} Requires: python2-requests Requires: python2-dns >= 1.15 Requires: python2-enum34 @@ -773,7 +776,7 @@ Requires: python3-six Requires: python3-jwcrypto >= 0.4.2 Requires: python3-cffi # we need pre-requires since earlier versions may break upgrade -Requires(pre): python3-pyldap >= 2.4.35.1-2 +Requires(pre): python3-ldap >= %{python_ldap_version} Requires: python3-requests Requires: python3-dns >= 1.15 Requires: python3-netifaces >= 0.10.4 diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index 60c5b9372..3255fc1d7 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -29,6 +29,7 @@ import contextlib import collections import os import pwd +import warnings # pylint: disable=import-error from six.moves.urllib.parse import urlparse @@ -76,6 +77,20 @@ TRUNCATED_ADMIN_LIMIT = object() DIRMAN_DN = DN(('cn', 'directory manager')) +if six.PY2: + # XXX silence python-ldap's BytesWarnings + warnings.filterwarnings( + action="ignore", + message="Under Python 2, python-ldap uses bytes", + category=BytesWarning + ) + warnings.filterwarnings( + action="ignore", + message="Received non-bytes value", + category=BytesWarning + ) + + class _ServerSchema(object): ''' Properties of a schema retrieved from an LDAP server. diff --git a/ipapython/setup.py b/ipapython/setup.py index b982577d9..df2448fee 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -45,11 +45,11 @@ if __name__ == '__main__': "ipaplatform", "netaddr", "netifaces", + "python-ldap", "six", ], extras_require={ - ":python_version<'3'": ["enum34", "python-ldap"], - ":python_version>='3'": ["pyldap"], + ":python_version<'3'": ["enum34"], "install": ["dbus-python"], # for certmonger }, ) diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index ff7183409..5a8dc5575 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -185,17 +185,13 @@ def assess_dcerpc_error(error): class ExtendedDNControl(LDAPControl): - # This class attempts to implement LDAP control that would work - # with both python-ldap 2.4.x and 2.3.x, thus there is mix of properties - # from both worlds and encodeControlValue has default parameter def __init__(self): - self.controlValue = 1 - self.controlType = "1.2.840.113556.1.4.529" - self.criticality = False - self.integerValue = 1 - - def encodeControlValue(self, value=None): - return b'0\x03\x02\x01\x01' + LDAPControl.__init__( + self, + controlType="1.2.840.113556.1.4.529", + criticality=False, + encodedControlValue=b'0\x03\x02\x01\x01' + ) class DomainValidator(object): diff --git a/ipaserver/dnssec/syncrepl.py b/ipaserver/dnssec/syncrepl.py index 463222026..f23bf97ef 100644 --- a/ipaserver/dnssec/syncrepl.py +++ b/ipaserver/dnssec/syncrepl.py @@ -9,9 +9,7 @@ to a local dict. import logging -# Import the python-ldap modules import ldap -# Import specific classes from python-ldap from ldap.cidict import cidict from ldap.ldapobject import ReconnectLDAPObject from ldap.syncrepl import SyncreplConsumer diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 07d6f354e..104406798 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -38,20 +38,7 @@ from ipapython.dn import DN from ipapython.ipaldap import (LDAPClient, AUTOBIND_AUTO, AUTOBIND_ENABLED, AUTOBIND_DISABLED) - -try: - from ldap.controls.simple import GetEffectiveRightsControl -except ImportError: - """ - python-ldap 2.4.x introduced a new API for effective rights control, which - needs to be used or otherwise bind dn is not passed correctly. The following - class is created for backward compatibility with python-ldap 2.3.x. - Relevant BZ: https://bugzilla.redhat.com/show_bug.cgi?id=802675 - """ - from ldap.controls import LDAPControl - class GetEffectiveRightsControl(LDAPControl): - def __init__(self, criticality, authzId=None): - LDAPControl.__init__(self, '1.3.6.1.4.1.42.2.27.9.5.2', criticality, authzId) +from ldap.controls.simple import GetEffectiveRightsControl from ipalib import Registry, errors, _ from ipalib.crud import CrudBackend diff --git a/ipaserver/setup.py b/ipaserver/setup.py index 96af1a7e8..46ce7505a 100755 --- a/ipaserver/setup.py +++ b/ipaserver/setup.py @@ -62,6 +62,7 @@ if __name__ == '__main__': "requests", "six", "python-augeas", + "python-ldap", ], entry_points={ 'custodia.authorizers': [ @@ -72,8 +73,6 @@ if __name__ == '__main__': ], }, extras_require={ - ":python_version<'3'": ["python-ldap"], - ":python_version>='3'": ["pyldap"], # These packages are currently not available on PyPI. "dcerpc": ["samba", "pysss", "pysss_nss_idmap"], "hbactest": ["pyhbac"], diff --git a/ipasetup.py.in b/ipasetup.py.in index 426cbdb6e..4827ed045 100644 --- a/ipasetup.py.in +++ b/ipasetup.py.in @@ -81,7 +81,7 @@ PACKAGE_VERSION = { 'jwcrypto': 'jwcrpyto >= 0.4.2', 'kdcproxy': 'kdcproxy >= 0.3', 'netifaces': 'netifaces >= 0.10.4', - 'pyldap': 'pyldap >= 2.4.15', + 'python-ldap': 'python-ldap >= 3.0.0b1', # install --pre 'python-yubico': 'python-yubico >= 1.2.3', 'qrcode': 'qrcode >= 5.0', } diff --git a/ipatests/setup.py b/ipatests/setup.py index de98648f9..68a67da5f 100644 --- a/ipatests/setup.py +++ b/ipatests/setup.py @@ -71,11 +71,10 @@ if __name__ == '__main__': "polib", "pytest", "pytest_multihost", + "python-ldap", "six", ], extras_require={ - ":python_version<'3'": ["python-ldap"], - ":python_version>='3'": ["pyldap"], "integration": ["dbus-python", "pyyaml", "ipaserver"], "ipaserver": ["ipaserver"], "webui": ["selenium", "pyyaml", "ipaserver"],