IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Convert remaining frontend code to LDAPEntry API.

Browse Source
This commit is contained in:
Jan Cholasta
2013-10-31 16:54:21 +00:00
committed by Petr Viktorin
parent 5737eaf134
commit c2bd6f365d
28 changed files with 370 additions and 350 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ipalib/plugins/aci.py
View File

@@ -367,17 +367,16 @@ def _aci_to_kw(ldap, a, test=False, pkey_only=False):
groupdn = DN(groupdn)
if len(groupdn) and groupdn[0].attr == 'cn':
dn = DN()
entry = {}
entry = ldap.make_entry(dn)
try:
entry = ldap.get_entry(groupdn, ['cn'])
dn = entry.dn
except errors.NotFound, e:
# FIXME, use real name here
if test:
dn = DN(('cn', 'test'), api.env.container_permission,
api.env.basedn)
entry = {'cn': [u'test']}
if api.env.container_permission in dn:
entry = ldap.make_entry(dn, {'cn': [u'test']})
if api.env.container_permission in entry.dn:
kw['permission'] = entry['cn'][0]
else:
if 'cn' in entry:
@@ -539,7 +538,6 @@ class aci_add(crud.Create):
newaci = _make_aci(ldap, None, aciname, kw)
entry = ldap.get_entry(self.api.env.basedn, ['aci'])
dn = entry.dn
acis = _convert_strings_to_acis(entry.get('aci', []))
for a in acis:
@@ -584,7 +582,6 @@ class aci_del(crud.Delete):
ldap = self.api.Backend.ldap2
entry = ldap.get_entry(self.api.env.basedn, ['aci'])
dn = entry.dn
acistrs = entry.get('aci', [])
acis = _convert_strings_to_acis(acistrs)
@@ -704,7 +701,6 @@ class aci_find(crud.Search):
ldap = self.api.Backend.ldap2
entry = ldap.get_entry(self.api.env.basedn, ['aci'])
dn = entry.dn
acis = _convert_strings_to_acis(entry.get('aci', []))
results = []
@@ -754,7 +750,8 @@ class aci_find(crud.Search):
pass
else:
for a in acis:
if a.bindrule['expression'] != ('ldap:///%s' % dn):
uri = 'ldap:///%s' % entry.dn
if a.bindrule['expression'] != uri:
results.remove(a)
acis = list(results)

18
ipalib/plugins/automember.py
View File

@@ -300,7 +300,7 @@ class automember_add_condition(LDAPUpdate):
assert isinstance(dn, DN)
# Check to see if the automember rule exists
try:
(tdn, test_attrs) = ldap.get_entry(dn, [])
dn = ldap.get_entry(dn, []).dn
except errors.NotFound:
raise errors.NotFound(reason=_(u'Auto member rule: %s not found!') % keys[0])
# Define container key
@@ -318,7 +318,7 @@ class automember_add_condition(LDAPUpdate):
entry_attrs[attr] = [key + condition for condition in options[attr]]
completed += len(entry_attrs[attr])
try:
(dn, old_entry) = ldap.get_entry(dn, [attr])
old_entry = ldap.get_entry(dn, [attr])
for regex in old_entry.keys():
if not isinstance(entry_attrs[regex], (list, tuple)):
entry_attrs[regex] = [entry_attrs[regex]]
@@ -339,7 +339,7 @@ class automember_add_condition(LDAPUpdate):
# Make sure to returned the failed results if there is nothing to remove
if completed == 0:
(dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
ldap.get_entry(dn, attrs_list)
raise errors.EmptyModlist
return dn
@@ -386,7 +386,7 @@ class automember_remove_condition(LDAPUpdate):
assert isinstance(dn, DN)
# Check to see if the automember rule exists
try:
(tdn, test_attrs) = ldap.get_entry(dn, [])
ldap.get_entry(dn, [])
except errors.NotFound:
raise errors.NotFound(reason=_(u'Auto member rule: %s not found!') % keys[0])
@@ -402,13 +402,13 @@ class automember_remove_condition(LDAPUpdate):
failed = {'failed': {}}
# Check to see if there are existing exclusive conditions present.
(dn, exclude_present) = ldap.get_entry(dn, [EXCLUDE_RE])
dn = ldap.get_entry(dn, [EXCLUDE_RE]).dn
for attr in (INCLUDE_RE, EXCLUDE_RE):
failed['failed'][attr] = []
if attr in options and options[attr]:
entry_attrs[attr] = [key + condition for condition in options[attr]]
(dn, entry_attrs_) = ldap.get_entry(dn, [attr])
entry_attrs_ = ldap.get_entry(dn, [attr])
old_entry = entry_attrs_.get(attr, [])
for regex in entry_attrs[attr]:
if regex in old_entry:
@@ -427,7 +427,7 @@ class automember_remove_condition(LDAPUpdate):
# Make sure to returned the failed results if there is nothing to remove
if completed == 0:
(dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
ldap.get_entry(dn, attrs_list)
raise errors.EmptyModlist
return dn
@@ -557,13 +557,13 @@ class automember_default_group_remove(LDAPUpdate):
api.env.basedn)
attr = 'automemberdefaultgroup'
(dn, entry_attrs_) = ldap.get_entry(dn, [attr])
entry_attrs_ = ldap.get_entry(dn, [attr])
if attr not in entry_attrs_:
raise errors.NotFound(reason=_(u'No default (fallback) group set'))
else:
entry_attrs[attr] = []
return dn
return entry_attrs_.dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)

10
ipalib/plugins/automount.py
View File

@@ -603,11 +603,11 @@ class automountmap_del(LDAPDelete):
assert isinstance(dn, DN)
# delete optional parental connection (direct maps may not have this)
try:
(dn_, entry_attrs) = ldap.find_entry_by_attr(
entry_attrs = ldap.find_entry_by_attr(
'automountinformation', keys[0], 'automount',
base_dn=DN(self.obj.container_dn, api.env.basedn)
)
ldap.delete_entry(dn_)
ldap.delete_entry(entry_attrs)
except errors.NotFound:
pass
return True
@@ -715,7 +715,7 @@ class automountkey(LDAPObject):
# First we look with the information given, then try to search for
# the right entry.
try:
(dn, entry_attrs) = ldap.get_entry(dn, ['*'])
dn = ldap.get_entry(dn, ['*']).dn
except errors.NotFound:
if kwargs.get('automountinformation', False):
sfilter = '(&(automountkey=%s)(automountinformation=%s))' % \
@@ -732,7 +732,7 @@ class automountkey(LDAPObject):
raise errors.NotFound(reason=_('More than one entry with key %(key)s found, use --info to select specific entry.') % dict(key=pkey))
if truncated:
raise errors.LimitsExceeded()
dn = entries[0][0]
dn = entries[0].dn
return dn
@@ -955,7 +955,7 @@ class automountkey_mod(LDAPUpdate):
# automountinformation attribute of existing LDAP object needs
# to be retrieved so that RDN can be generated
dn = self.obj.get_dn(*keys, **options)
(dn_, entry_attrs_) = ldap.get_entry(dn, ['automountinformation'])
entry_attrs_ = ldap.get_entry(dn, ['automountinformation'])
new_info = entry_attrs_.get('automountinformation', [])[0]
# automounkey attribute cannot be overwritten so that get_dn()

169
ipalib/plugins/baseldap.py
View File

@@ -203,8 +203,8 @@ def get_effective_rights(ldap, dn, attrs=None):
attrs = ['*', 'nsaccountlock', 'cospriority']
rights = ldap.get_effective_rights(dn, attrs)
rdict = {}
if 'attributelevelrights' in rights[1]:
rights = rights[1]['attributelevelrights']
if 'attributelevelrights' in rights:
rights = rights['attributelevelrights']
rights = rights[0].split(', ')
for r in rights:
(k,v) = r.split(':')
@@ -262,7 +262,7 @@ def wait_for_value(ldap, dn, attr, value):
# FIXME: put a try/except around here? I think it is probably better
# to just let the exception filter up to the caller.
(dn, entry_attrs) = ldap.get_entry( dn, ['*'])
entry_attrs = ldap.get_entry(dn, ['*'])
if attr in entry_attrs:
if isinstance(entry_attrs[attr], (list, tuple)):
values = map(lambda y:y.lower(), entry_attrs[attr])
@@ -332,8 +332,8 @@ def add_external_post_callback(memberattr, membertype, externalattr, ldap, compl
# Sift through the failures. We assume that these are all
# entries that aren't stored in IPA, aka external entries.
if memberattr in failed and membertype in failed[memberattr]:
(dn, entry_attrs_) = ldap.get_entry(dn, [externalattr])
assert isinstance(dn, DN)
entry_attrs_ = ldap.get_entry(dn, [externalattr])
dn = entry_attrs_.dn
members = entry_attrs.get(memberattr, [])
external_entries = entry_attrs_.get(externalattr, [])
lc_external_entries = set(e.lower() for e in external_entries)
@@ -364,8 +364,9 @@ def add_external_post_callback(memberattr, membertype, externalattr, ldap, compl
failed_entries.append(membername)
if completed_external:
entry_attrs_[externalattr] = external_entries
try:
ldap.update_entry(dn, {externalattr: external_entries})
ldap.update_entry(entry_attrs_)
except errors.EmptyModlist:
pass
failed[memberattr][membertype] = failed_entries
@@ -378,7 +379,8 @@ def remove_external_post_callback(memberattr, membertype, externalattr, ldap, co
# Run through the failures and gracefully remove any member defined
# as an external member.
if memberattr in failed and membertype in failed[memberattr]:
(dn, entry_attrs_) = ldap.get_entry(dn, [externalattr])
entry_attrs_ = ldap.get_entry(dn, [externalattr])
dn = entry_attrs_.dn
external_entries = entry_attrs_.get(externalattr, [])
failed_entries = []
completed_external = 0
@@ -398,8 +400,9 @@ def remove_external_post_callback(memberattr, membertype, externalattr, ldap, co
failed_entries.append(membername)
if completed_external:
entry_attrs_[externalattr] = external_entries
try:
ldap.update_entry(dn, {externalattr: external_entries})
ldap.update_entry(entry_attrs_)
except errors.EmptyModlist:
pass
failed[memberattr][membertype] = failed_entries
@@ -415,7 +418,7 @@ def host_is_master(ldap, fqdn):
"""
master_dn = DN(('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
try:
(dn, entry_attrs) = ldap.get_entry(master_dn, ['objectclass'])
ldap.get_entry(master_dn, ['objectclass'])
raise errors.ValidationError(name='hostname', error=_('An IPA master host cannot be deleted or disabled'))
except errors.NotFound:
# Good, not a master
@@ -478,14 +481,14 @@ class LDAPObject(Object):
parent_dn = DN(self.container_dn, api.env.basedn)
if self.rdn_attribute:
try:
(dn, entry_attrs) = self.backend.find_entry_by_attr(
entry_attrs = self.backend.find_entry_by_attr(
self.primary_key.name, keys[-1], self.object_class, [''],
DN(self.container_dn, api.env.basedn)
)
except errors.NotFound:
pass
else:
return dn
return entry_attrs.dn
if self.primary_key and keys[-1] is not None:
return self.backend.make_dn_from_attr(
self.primary_key.name, keys[-1], parent_dn
@@ -502,7 +505,7 @@ class LDAPObject(Object):
assert isinstance(dn, DN)
try:
if self.rdn_attribute:
(dn, entry_attrs) = self.backend.get_entry(
entry_attrs = self.backend.get_entry(
dn, [self.primary_key.name]
)
try:
@@ -609,7 +612,7 @@ class LDAPObject(Object):
json_dict['primary_key'] = self.primary_key.name
objectclasses = self.object_class
if self.object_class_config:
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
objectclasses = config.get(
self.object_class_config, objectclasses
)
@@ -872,7 +875,7 @@ last, after all sets and adds."""),
if needldapattrs:
try:
(dn, old_entry) = self._exc_wrapper(keys, options, ldap.get_entry)(
old_entry = self._exc_wrapper(keys, options, ldap.get_entry)(
dn, needldapattrs
)
except errors.NotFound:
@@ -1004,15 +1007,16 @@ class LDAPCreate(BaseLDAPCommand, crud.Create):
def execute(self, *keys, **options):
ldap = self.obj.backend
entry_attrs = self.args_options_2_entry(*keys, **options)
entry_attrs = ldap.make_entry(DN(), entry_attrs)
dn = self.obj.get_dn(*keys, **options)
entry_attrs = ldap.make_entry(
dn, self.args_options_2_entry(*keys, **options))
self.process_attr_options(entry_attrs, None, keys, options)
entry_attrs['objectclass'] = deepcopy(self.obj.object_class)
if self.obj.object_class_config:
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
entry_attrs['objectclass'] = config.get(
self.obj.object_class_config, entry_attrs['objectclass']
)
@@ -1020,8 +1024,6 @@ class LDAPCreate(BaseLDAPCommand, crud.Create):
if self.obj.uuid_attribute:
entry_attrs[self.obj.uuid_attribute] = 'autogenerate'
dn = self.obj.get_dn(*keys, **options)
assert isinstance(dn, DN)
if self.obj.rdn_attribute:
try:
dn_attr = dn[0].attr
@@ -1029,10 +1031,9 @@ class LDAPCreate(BaseLDAPCommand, crud.Create):
dn_attr = None
if dn_attr != self.obj.primary_key.name:
self.obj.handle_duplicate_entry(*keys)
dn = ldap.make_dn(
entry_attrs.dn = ldap.make_dn(
entry_attrs, self.obj.rdn_attribute,
DN(self.obj.container_dn, api.env.basedn)
)
DN(self.obj.container_dn, api.env.basedn))
if options.get('all', False):
attrs_list = ['*'] + self.obj.default_attributes
@@ -1044,16 +1045,16 @@ class LDAPCreate(BaseLDAPCommand, crud.Create):
attrs_list = list(attrs_list)
for callback in self.get_callbacks('pre'):
dn = callback(
self, ldap, dn, entry_attrs, attrs_list, *keys, **options)
assert isinstance(dn, DN)
entry_attrs.dn = callback(
self, ldap, entry_attrs.dn, entry_attrs, attrs_list,
*keys, **options)
_check_single_value_attrs(self.params, entry_attrs)
_check_limit_object_class(self.api.Backend.ldap2.schema.attribute_types(self.obj.limit_object_classes), entry_attrs.keys(), allow_only=True)
_check_limit_object_class(self.api.Backend.ldap2.schema.attribute_types(self.obj.disallow_object_classes), entry_attrs.keys(), allow_only=False)
try:
self._exc_wrapper(keys, options, ldap.add_entry)(dn, entry_attrs)
self._exc_wrapper(keys, options, ldap.add_entry)(entry_attrs)
except errors.NotFound:
parent = self.obj.parent_object
if parent:
@@ -1078,25 +1079,23 @@ class LDAPCreate(BaseLDAPCommand, crud.Create):
object_class = self.obj.object_class
else:
object_class = None
(dn, entry_attrs) = self._exc_wrapper(keys, options, ldap.find_entry_by_attr)(
entry_attrs = self._exc_wrapper(keys, options, ldap.find_entry_by_attr)(
self.obj.primary_key.name, keys[-1], object_class, attrs_list,
DN(self.obj.container_dn, api.env.basedn)
)
assert isinstance(dn, DN)
else:
(dn, entry_attrs) = self._exc_wrapper(keys, options, ldap.get_entry)(
dn, attrs_list
)
assert isinstance(dn, DN)
entry_attrs = self._exc_wrapper(keys, options, ldap.get_entry)(
entry_attrs.dn, attrs_list)
except errors.NotFound:
self.obj.handle_not_found(*keys)
for callback in self.get_callbacks('post'):
dn = callback(self, ldap, dn, entry_attrs, *keys, **options)
entry_attrs.dn = callback(
self, ldap, entry_attrs.dn, entry_attrs, *keys, **options)
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
assert isinstance(dn, DN)
dn = entry_attrs.dn
entry_attrs = entry_to_dict(entry_attrs, **options)
entry_attrs['dn'] = dn
@@ -1204,23 +1203,23 @@ class LDAPRetrieve(LDAPQuery):
assert isinstance(dn, DN)
try:
(dn, entry_attrs) = self._exc_wrapper(keys, options, ldap.get_entry)(
entry_attrs = self._exc_wrapper(keys, options, ldap.get_entry)(
dn, attrs_list
)
assert isinstance(dn, DN)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if options.get('rights', False) and options.get('all', False):
entry_attrs['attributelevelrights'] = get_effective_rights(ldap, dn)
entry_attrs['attributelevelrights'] = get_effective_rights(
ldap, entry_attrs.dn)
for callback in self.get_callbacks('post'):
dn = callback(self, ldap, dn, entry_attrs, *keys, **options)
assert isinstance(dn, DN)
entry_attrs.dn = callback(
self, ldap, entry_attrs.dn, entry_attrs, *keys, **options)
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
assert isinstance(dn, DN)
dn = entry_attrs.dn
entry_attrs = entry_to_dict(entry_attrs, **options)
entry_attrs['dn'] = dn
@@ -1282,10 +1281,7 @@ class LDAPUpdate(LDAPQuery, crud.Update):
raise errors.EmptyModlist()
dn = self.obj.get_dn(*keys, **options)
assert isinstance(dn, DN)
entry_attrs = self.args_options_2_entry(**options)
entry_attrs = ldap.make_entry(dn, entry_attrs)
entry_attrs = ldap.make_entry(dn, self.args_options_2_entry(**options))
self.process_attr_options(entry_attrs, dn, keys, options)
@@ -1302,9 +1298,9 @@ class LDAPUpdate(LDAPQuery, crud.Update):
_check_empty_attrs(self.obj.params, entry_attrs)
for callback in self.get_callbacks('pre'):
dn = callback(
self, ldap, dn, entry_attrs, attrs_list, *keys, **options)
assert isinstance(dn, DN)
entry_attrs.dn = callback(
self, ldap, entry_attrs.dn, entry_attrs, attrs_list,
*keys, **options)
_check_limit_object_class(self.api.Backend.ldap2.schema.attribute_types(self.obj.limit_object_classes), entry_attrs.keys(), allow_only=True)
_check_limit_object_class(self.api.Backend.ldap2.schema.attribute_types(self.obj.disallow_object_classes), entry_attrs.keys(), allow_only=False)
@@ -1318,11 +1314,12 @@ class LDAPUpdate(LDAPQuery, crud.Update):
if self.obj.rdn_is_primary_key and self.obj.primary_key.name in entry_attrs:
# RDN change
self._exc_wrapper(keys, options, ldap.update_entry_rdn)(dn,
RDN((self.obj.primary_key.name, entry_attrs[self.obj.primary_key.name])))
self._exc_wrapper(keys, options, ldap.update_entry_rdn)(
entry_attrs.dn,
RDN((self.obj.primary_key.name,
entry_attrs[self.obj.primary_key.name])))
rdnkeys = keys[:-1] + (entry_attrs[self.obj.primary_key.name], )
dn = self.obj.get_dn(*rdnkeys)
assert isinstance(dn, DN)
entry_attrs.dn = self.obj.get_dn(*rdnkeys)
del entry_attrs[self.obj.primary_key.name]
options['rdnupdate'] = True
rdnupdate = True
@@ -1331,10 +1328,8 @@ class LDAPUpdate(LDAPQuery, crud.Update):
# to decide what to do. An EmptyModlist in this context doesn't
# mean an error occurred, just that there were no other updates to
# perform.
assert isinstance(dn, DN)
update = self._exc_wrapper(keys, options, ldap.get_entry)(
dn, entry_attrs.keys())
entry_attrs.dn, entry_attrs.keys())
update.update(entry_attrs)
self._exc_wrapper(keys, options, ldap.update_entry)(update)
@@ -1345,20 +1340,20 @@ class LDAPUpdate(LDAPQuery, crud.Update):
self.obj.handle_not_found(*keys)
try:
(dn, entry_attrs) = self._exc_wrapper(keys, options, ldap.get_entry)(
dn, attrs_list
)
entry_attrs = self._exc_wrapper(keys, options, ldap.get_entry)(
entry_attrs.dn, attrs_list)
except errors.NotFound:
raise errors.MidairCollision(
format=_('the entry was deleted while being modified')
)
if options.get('rights', False) and options.get('all', False):
entry_attrs['attributelevelrights'] = get_effective_rights(ldap, dn)
entry_attrs['attributelevelrights'] = get_effective_rights(
ldap, entry_attrs.dn)
for callback in self.get_callbacks('post'):
dn = callback(self, ldap, dn, entry_attrs, *keys, **options)
assert isinstance(dn, DN)
entry_attrs.dn = callback(
self, ldap, entry_attrs.dn, entry_attrs, *keys, **options)
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
@@ -1414,8 +1409,8 @@ class LDAPDelete(LDAPMultiQuery):
except errors.NotFound:
break
else:
for (dn_, entry_attrs) in subentries:
delete_subtree(dn_)
for entry_attrs in subentries:
delete_subtree(entry_attrs.dn)
try:
self._exc_wrapper(nkeys, options, ldap.delete_entry)(base_dn)
except errors.NotFound:
@@ -1577,21 +1572,20 @@ class LDAPAddMember(LDAPModMember):
attrs_list = list(attrs_list)
try:
(dn, entry_attrs) = self._exc_wrapper(keys, options, ldap.get_entry)(
entry_attrs = self._exc_wrapper(keys, options, ldap.get_entry)(
dn, attrs_list
)
except errors.NotFound:
self.obj.handle_not_found(*keys)
for callback in self.get_callbacks('post'):
(completed, dn) = callback(
self, ldap, completed, failed, dn, entry_attrs, *keys,
**options)
assert isinstance(dn, DN)
(completed, entry_attrs.dn) = callback(
self, ldap, completed, failed, entry_attrs.dn, entry_attrs,
*keys, **options)
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
assert isinstance(dn, DN)
dn = entry_attrs.dn
entry_attrs = entry_to_dict(entry_attrs, **options)
entry_attrs['dn'] = dn
@@ -1680,21 +1674,20 @@ class LDAPRemoveMember(LDAPModMember):
time.sleep(.3)
try:
(dn, entry_attrs) = self._exc_wrapper(keys, options, ldap.get_entry)(
entry_attrs = self._exc_wrapper(keys, options, ldap.get_entry)(
dn, attrs_list
)
except errors.NotFound:
self.obj.handle_not_found(*keys)
for callback in self.get_callbacks('post'):
(completed, dn) = callback(
self, ldap, completed, failed, dn, entry_attrs, *keys,
**options)
assert isinstance(dn, DN)
(completed, entry_attrs.dn) = callback(
self, ldap, completed, failed, entry_attrs.dn, entry_attrs,
*keys, **options)
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
assert isinstance(dn, DN)
dn = entry_attrs.dn
entry_attrs = entry_to_dict(entry_attrs, **options)
entry_attrs['dn'] = dn
@@ -1857,7 +1850,7 @@ class LDAPSearch(BaseLDAPCommand, crud.Search):
else:
search_attrs = self.obj.default_attributes
if self.obj.search_attributes_config:
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
config_attrs = config.get(
self.obj.search_attributes_config, [])
if len(config_attrs) == 1 and (
@@ -1899,12 +1892,12 @@ class LDAPSearch(BaseLDAPCommand, crud.Search):
if self.sort_result_entries:
if self.obj.primary_key:
def sort_key(x):
return x[1][self.obj.primary_key.name][0].lower()
return x[self.obj.primary_key.name][0].lower()
entries.sort(key=sort_key)
if not options.get('raw', False):
for e in entries:
self.obj.convert_attribute_members(e[1], *args, **options)
self.obj.convert_attribute_members(e, *args, **options)
for (i, e) in enumerate(entries):
entries[i] = entry_to_dict(e, **options)
@@ -2036,16 +2029,15 @@ class LDAPAddReverseMember(LDAPModReverseMember):
failed['member'][self.reverse_attr].append((attr, unicode(msg)))
# Update the member data.
(dn, entry_attrs) = ldap.get_entry(dn, ['*'])
entry_attrs = ldap.get_entry(dn, ['*'])
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
for callback in self.get_callbacks('post'):
(completed, dn) = callback(
self, ldap, completed, failed, dn, entry_attrs, *keys,
**options)
assert isinstance(dn, DN)
(completed, entry_attrs.dn) = callback(
self, ldap, completed, failed, entry_attrs.dn, entry_attrs,
*keys, **options)
assert isinstance(dn, DN)
dn = entry_attrs.dn
entry_attrs = entry_to_dict(entry_attrs, **options)
entry_attrs['dn'] = dn
@@ -2141,16 +2133,15 @@ class LDAPRemoveReverseMember(LDAPModReverseMember):
failed['member'][self.reverse_attr].append((attr, unicode(msg)))
# Update the member data.
(dn, entry_attrs) = ldap.get_entry(dn, ['*'])
entry_attrs = ldap.get_entry(dn, ['*'])
self.obj.convert_attribute_members(entry_attrs, *keys, **options)
for callback in self.get_callbacks('post'):
(completed, dn) = callback(
self, ldap, completed, failed, dn, entry_attrs, *keys,
**options)
assert isinstance(dn, DN)
(completed, entry_attrs.dn) = callback(
self, ldap, completed, failed, entry_attrs.dn, entry_attrs,
*keys, **options)
assert isinstance(dn, DN)
dn = entry_attrs.dn
entry_attrs = entry_to_dict(entry_attrs, **options)
entry_attrs['dn'] = dn

6
ipalib/plugins/config.py
View File

@@ -232,7 +232,7 @@ class config_mod(LDAPUpdate):
if kw:
config = ldap.get_ipa_config(kw.values())
for (k, v) in kw.iteritems():
allowed_attrs = ldap.get_allowed_attributes(config[1][v])
allowed_attrs = ldap.get_allowed_attributes(config[v])
fields = entry_attrs[k].split(',')
for a in fields:
a = a.strip()
@@ -285,7 +285,7 @@ class config_mod(LDAPUpdate):
error=error_message)
else:
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
defaultuser = config.get('ipaselinuxusermapdefault', [None])[0]
if 'ipaselinuxusermaporder' in entry_attrs:
@@ -307,7 +307,7 @@ class config_mod(LDAPUpdate):
error=error_message)
else:
if not config:
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
order = config['ipaselinuxusermaporder']
userlist = order[0].split('$')
if defaultuser and defaultuser not in userlist:

70
ipalib/plugins/dns.py
View File

@@ -1716,7 +1716,7 @@ class dnszone(LDAPObject):
test_dn = super(dnszone, self).get_dn(zone, **options)
try:
(dn, entry_attrs) = self.backend.get_entry(test_dn, [''])
dn = self.backend.get_entry(test_dn, ['']).dn
except errors.NotFound:
pass
@@ -1982,9 +1982,12 @@ class dnszone_disable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(*keys, **options)
entry = ldap.get_entry(dn, ['idnszoneactive'])
entry['idnszoneactive'] = ['FALSE']
try:
ldap.update_entry(dn, {'idnszoneactive': 'FALSE'})
ldap.update_entry(entry)
except errors.EmptyModlist:
pass
@@ -2003,9 +2006,12 @@ class dnszone_enable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(*keys, **options)
entry = ldap.get_entry(dn, ['idnszoneactive'])
entry['idnszoneactive'] = ['TRUE']
try:
ldap.update_entry(dn, {'idnszoneactive': 'TRUE'})
ldap.update_entry(entry)
except errors.EmptyModlist:
pass
@@ -2024,7 +2030,7 @@ class dnszone_add_permission(LDAPQuery):
dn = self.obj.get_dn(*keys, **options)
try:
(dn_, entry_attrs) = ldap.get_entry(dn, ['objectclass'])
entry_attrs = ldap.get_entry(dn, ['objectclass'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -2033,14 +2039,16 @@ class dnszone_add_permission(LDAPQuery):
ipapermissiontype=u'SYSTEM'
)['result']
update = {}
dnszone_ocs = entry_attrs.get('objectclass')
if dnszone_ocs:
dnszone_ocs.append('ipadnszone')
update['objectclass'] = list(set(dnszone_ocs))
for oc in dnszone_ocs:
if oc.lower() == 'ipadnszone':
break
else:
dnszone_ocs.append('ipadnszone')
update['managedby'] = [permission['dn']]
ldap.update_entry(dn, update)
entry_attrs['managedby'] = [permission['dn']]
ldap.update_entry(entry_attrs)
return dict(
result=True,
@@ -2058,11 +2066,15 @@ class dnszone_remove_permission(LDAPQuery):
def execute(self, *keys, **options):
ldap = self.obj.backend
dn = self.obj.get_dn(*keys, **options)
try:
ldap.update_entry(dn, {'managedby': None})
entry = ldap.get_entry(dn, ['managedby'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
entry['managedby'] = None
try:
ldap.update_entry(entry)
except errors.EmptyModlist:
# managedBy attribute is clean, lets make sure there is also no
# dangling DNS zone permission
@@ -2177,7 +2189,7 @@ class dnsrecord(LDAPObject):
# zone must exist
ldap = self.api.Backend.ldap2
try:
(dn_, zone) = ldap.get_entry(dn, [])
ldap.get_entry(dn, [])
except errors.NotFound:
self.api.Object['dnszone'].handle_not_found(keys[-2])
return self.api.Object[self.parent_object].get_dn(*keys[:-1], **options)
@@ -2200,10 +2212,8 @@ class dnsrecord(LDAPObject):
entries = ldap.find_entries(filter=ldap_filter, base_dn=base_dn)[0]
for entry in entries:
master_dn = entry[0]
assert isinstance(master_dn, DN)
try:
master = master_dn[1]['cn']
master = entry.dn[1]['cn']
dns_masters.append(master)
except (IndexError, KeyError):
pass
@@ -2227,8 +2237,11 @@ class dnsrecord(LDAPObject):
raise errors.OptionError(no_option_msg)
def get_record_entry_attrs(self, entry_attrs):
return dict((attr, val) for attr,val in entry_attrs.iteritems() \
if attr in self.params and not self.params[attr].primary_key)
entry_attrs = entry_attrs.copy()
for attr in entry_attrs.keys():
if attr not in self.params or self.params[attr].primary_key:
del entry_attrs[attr]
return entry_attrs
def postprocess_record(self, record, **options):
if options.get('structured', False):
@@ -2498,7 +2511,7 @@ class dnsrecord_add(LDAPCreate):
# We always want to retrieve all DNS record attributes to test for
# record type collisions (#2601)
try:
(dn_, old_entry) = ldap.get_entry(dn, _record_attributes)
old_entry = ldap.get_entry(dn, _record_attributes)
except errors.NotFound:
old_entry = None
else:
@@ -2523,9 +2536,10 @@ class dnsrecord_add(LDAPCreate):
# Update can be safely run as old record values has been
# already merged in pre_callback
ldap = self.obj.backend
dn = call_args[0]
entry_attrs = self.obj.get_record_entry_attrs(call_args[1])
ldap.update_entry(dn, entry_attrs, **call_kwargs)
entry_attrs = self.obj.get_record_entry_attrs(call_args[0])
update = ldap.get_entry(entry_attrs.dn, entry_attrs.keys())
update.update(entry_attrs)
ldap.update_entry(update, **call_kwargs)
return
raise exc
@@ -2592,7 +2606,7 @@ class dnsrecord_mod(LDAPUpdate):
# current entry is needed in case of per-dns-record-part updates and
# for record type collision check
try:
(dn_, old_entry) = ldap.get_entry(dn, _record_attributes)
old_entry = ldap.get_entry(dn, _record_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -2627,7 +2641,7 @@ class dnsrecord_mod(LDAPUpdate):
keys = keys[:-1] + (rename,)
dn = self.obj.get_dn(*keys, **options)
ldap = self.obj.backend
(dn_, old_entry) = ldap.get_entry(dn, _record_attributes)
old_entry = ldap.get_entry(dn, _record_attributes)
del_all = True
for attr in old_entry.keys():
@@ -2744,7 +2758,7 @@ class dnsrecord_del(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
try:
(dn_, old_entry) = ldap.get_entry(dn, _record_attributes)
old_entry = ldap.get_entry(dn, _record_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -2910,10 +2924,10 @@ class dnsrecord_find(LDAPSearch):
if entries:
zone_obj = self.api.Object[self.obj.parent_object]
zone_dn = zone_obj.get_dn(args[0])
if entries[0][0] == zone_dn:
entries[0][1][zone_obj.primary_key.name] = [_dns_zone_record]
if entries[0].dn == zone_dn:
entries[0][zone_obj.primary_key.name] = [_dns_zone_record]
for entry in entries:
self.obj.postprocess_record(entry[1], **options)
self.obj.postprocess_record(entry, **options)
return truncated
@@ -3016,7 +3030,7 @@ class dnsconfig(LDAPObject):
return DN(api.env.container_dns, api.env.basedn)
def get_dnsconfig(self, ldap):
(dn, entry) = ldap.get_entry(self.get_dn(), None)
entry = ldap.get_entry(self.get_dn(), None)
return entry

26
ipalib/plugins/group.py
View File

@@ -217,7 +217,7 @@ class group_del(LDAPDelete):
def pre_callback(self, ldap, dn, *keys, **options):
assert isinstance(dn, DN)
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
def_primary_group = config.get('ipadefaultprimarygroup', '')
def_primary_group_dn = group_dn = self.obj.get_dn(def_primary_group)
if dn == def_primary_group_dn:
@@ -272,7 +272,8 @@ class group_mod(LDAPUpdate):
reason=u'Cannot be renamed')
if ('posix' in options and options['posix']) or 'gidnumber' in options:
(dn, old_entry_attrs) = ldap.get_entry(dn, ['objectclass'])
old_entry_attrs = ldap.get_entry(dn, ['objectclass'])
dn = old_entry_attrs.dn
if 'ipaexternalgroup' in old_entry_attrs['objectclass']:
raise errors.ExternalGroupViolation()
if 'posixgroup' in old_entry_attrs['objectclass']:
@@ -288,7 +289,8 @@ class group_mod(LDAPUpdate):
if is_protected_group:
raise errors.ProtectedEntryError(label=u'group', key=keys[-1],
reason=u'Cannot support external non-IPA members')
(dn, old_entry_attrs) = ldap.get_entry(dn, ['objectclass'])
old_entry_attrs = ldap.get_entry(dn, ['objectclass'])
dn = old_entry_attrs.dn
if 'posixgroup' in old_entry_attrs['objectclass']:
raise errors.PosixGroupViolation()
if 'ipaexternalgroup' in old_entry_attrs['objectclass']:
@@ -367,7 +369,7 @@ class group_find(LDAPSearch):
# filter based on 'criteria' argument
search_kw = {}
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
attrs = config.get(self.obj.search_attributes_config, [])
if len(attrs) == 1 and isinstance(attrs[0], basestring):
search_attrs = attrs[0].split(',')
@@ -520,7 +522,7 @@ class group_detach(LDAPQuery):
user_dn = self.api.Object['user'].get_dn(*keys)
try:
(user_dn, user_attrs) = ldap.get_entry(user_dn)
user_attrs = ldap.get_entry(user_dn)
except errors.NotFound:
self.obj.handle_not_found(*keys)
is_managed = self.obj.has_objectclass(user_attrs['objectclass'], 'mepmanagedentry')
@@ -528,7 +530,7 @@ class group_detach(LDAPQuery):
not (ldap.can_write(user_dn, "mepManagedEntry")) and is_managed):
raise errors.ACIError(info=_('not allowed to modify user entries'))
(group_dn, group_attrs) = ldap.get_entry(group_dn)
group_attrs = ldap.get_entry(group_dn)
is_managed = self.obj.has_objectclass(group_attrs['objectclass'], 'mepmanagedby')
if (not ldap.can_write(group_dn, "objectclass") or
not (ldap.can_write(group_dn, "mepManagedBy")) and is_managed):
@@ -538,14 +540,14 @@ class group_detach(LDAPQuery):
try:
i = objectclasses.index('mepOriginEntry')
del objectclasses[i]
update_attrs = {'objectclass': objectclasses, 'mepManagedEntry': None}
ldap.update_entry(user_dn, update_attrs)
user_attrs['mepManagedEntry'] = None
ldap.update_entry(user_attrs)
except ValueError:
# Somehow the user isn't managed, let it pass for now. We'll
# let the group throw "Not managed".
pass
(group_dn, group_attrs) = ldap.get_entry(group_dn)
group_attrs = ldap.get_entry(group_dn)
objectclasses = group_attrs['objectclass']
try:
i = objectclasses.index('mepManagedEntry')
@@ -555,14 +557,14 @@ class group_detach(LDAPQuery):
del objectclasses[i]
# Make sure the resulting group has the default group objectclasses
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
def_objectclass = config.get(
self.obj.object_class_config, objectclasses
)
objectclasses = list(set(def_objectclass + objectclasses))
update_attrs = {'objectclass': objectclasses, 'mepManagedBy': None}
ldap.update_entry(group_dn, update_attrs)
group_attrs['mepManagedBy'] = None
ldap.update_entry(group_attrs)
return dict(
result=True,

46
ipalib/plugins/hbacrule.py
View File

@@ -253,7 +253,8 @@ class hbacrule_mod(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
try:
(dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
entry_attrs = ldap.get_entry(dn, attrs_list)
dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -294,15 +295,18 @@ class hbacrule_enable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(cn)
entry_attrs = {'ipaenabledflag': 'TRUE'}
try:
ldap.update_entry(dn, entry_attrs)
except errors.EmptyModlist:
pass
entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
except errors.NotFound:
self.obj.handle_not_found(cn)
entry_attrs['ipaenabledflag'] = ['TRUE']
try:
ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
pass
return dict(
result=True,
value=cn,
@@ -321,15 +325,18 @@ class hbacrule_disable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(cn)
entry_attrs = {'ipaenabledflag': 'FALSE'}
try:
ldap.update_entry(dn, entry_attrs)
except errors.EmptyModlist:
pass
entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
except errors.NotFound:
self.obj.handle_not_found(cn)
entry_attrs['ipaenabledflag'] = ['FALSE']
try:
ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
pass
return dict(
result=True,
value=cn,
@@ -355,12 +362,12 @@ class hbacrule_add_accesstime(LDAPQuery):
dn = self.obj.get_dn(cn)
(dn, entry_attrs) = ldap.get_entry(dn, ['accesstime'])
entry_attrs = ldap.get_entry(dn, ['accesstime'])
entry_attrs.setdefault('accesstime', []).append(
options['accesstime']
)
try:
ldap.update_entry(dn, entry_attrs)
ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
pass
except errors.NotFound:
@@ -395,12 +402,12 @@ class hbacrule_remove_accesstime(LDAPQuery):
dn = self.obj.get_dn(cn)
(dn, entry_attrs) = ldap.get_entry(dn, ['accesstime'])
entry_attrs = ldap.get_entry(dn, ['accesstime'])
try:
entry_attrs.setdefault('accesstime', []).remove(
options['accesstime']
)
ldap.update_entry(dn, entry_attrs)
ldap.update_entry(entry_attrs)
except (ValueError, errors.EmptyModlist):
pass
except errors.NotFound:
@@ -428,7 +435,8 @@ class hbacrule_add_user(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
(dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
if 'usercategory' in entry_attrs and \
@@ -458,7 +466,8 @@ class hbacrule_add_host(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
(dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
if 'hostcategory' in entry_attrs and \
@@ -512,7 +521,8 @@ class hbacrule_add_service(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
(dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
if 'servicecategory' in entry_attrs and \

2
ipalib/plugins/hbactest.py
View File

@@ -405,7 +405,7 @@ class hbactest(Command):
request.user.groups = []
else:
groups = []
for dn, entry in entries:
for entry in entries:
memberof_dns = entry.get('memberof', [])
for memberof_dn in memberof_dns:
if memberof_dn.endswith(group_container):

35
ipalib/plugins/host.py
View File

@@ -340,9 +340,10 @@ class host(LDAPObject):
self.backend.get_entry(dn, [''])
except errors.NotFound:
try:
(dn, entry_attrs) = self.backend.find_entry_by_attr(
entry_attrs = self.backend.find_entry_by_attr(
'serverhostname', hostname, self.object_class, [''],
DN(self.container_dn, api.env.basedn))
dn = entry_attrs.dn
except errors.NotFound:
pass
return dn
@@ -359,7 +360,7 @@ class host(LDAPObject):
filter=host_filter, attrs_list=host_attrs)
for host in hosts:
managed_hosts.append(host[0])
managed_hosts.append(host.dn)
except errors.NotFound:
return []
@@ -581,7 +582,7 @@ class host_del(LDAPDelete):
if self.api.env.enable_ra:
try:
(dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate'])
entry_attrs = ldap.get_entry(dn, ['usercertificate'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
cert = entry_attrs.single_value.get('usercertificate')
@@ -651,7 +652,7 @@ class host_mod(LDAPUpdate):
if 'locality' in entry_attrs:
entry_attrs['l'] = entry_attrs['locality']
if 'krbprincipalname' in entry_attrs:
(dn, entry_attrs_old) = ldap.get_entry(
entry_attrs_old = ldap.get_entry(
dn, ['objectclass', 'krbprincipalname']
)
if 'krbprincipalname' in entry_attrs_old:
@@ -665,7 +666,7 @@ class host_mod(LDAPUpdate):
if cert:
if self.api.env.enable_ra:
x509.verify_cert_subject(ldap, keys[-1], cert)
(dn, entry_attrs_old) = ldap.get_entry(dn, ['usercertificate'])
entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
oldcert = entry_attrs_old.single_value.get('usercertificate')
if oldcert:
oldcert = x509.normalize_certificate(oldcert)
@@ -703,9 +704,7 @@ class host_mod(LDAPUpdate):
if 'objectclass' in entry_attrs:
obj_classes = entry_attrs['objectclass']
else:
(_dn, _entry_attrs) = ldap.get_entry(
dn, ['objectclass']
)
_entry_attrs = ldap.get_entry(dn, ['objectclass'])
obj_classes = _entry_attrs['objectclass']
if 'ieee802device' not in obj_classes:
obj_classes.append('ieee802device')
@@ -725,7 +724,7 @@ class host_mod(LDAPUpdate):
if 'objectclass' in entry_attrs:
obj_classes = entry_attrs['objectclass']
else:
(_dn, _entry_attrs) = ldap.get_entry(dn, ['objectclass'])
_entry_attrs = ldap.get_entry(dn, ['objectclass'])
obj_classes = entry_attrs['objectclass'] = _entry_attrs['objectclass']
if 'ipasshhost' not in obj_classes:
obj_classes.append('ipasshhost')
@@ -792,7 +791,7 @@ class host_find(LDAPSearch):
for pkey in options.get('man_host', []):
dn = self.obj.get_dn(pkey)
try:
(dn, entry_attrs) = ldap.get_entry(dn, ['managedby'])
entry_attrs = ldap.get_entry(dn, ['managedby'])
except errors.NotFound:
self.obj.handle_not_found(pkey)
hosts.append(set(entry_attrs.get('managedby', '')))
@@ -809,7 +808,7 @@ class host_find(LDAPSearch):
for pkey in options.get('not_man_host', []):
dn = self.obj.get_dn(pkey)
try:
(dn, entry_attrs) = ldap.get_entry(dn, ['managedby'])
entry_attrs = ldap.get_entry(dn, ['managedby'])
except errors.NotFound:
self.obj.handle_not_found(pkey)
not_hosts += entry_attrs.get('managedby', [])
@@ -830,11 +829,10 @@ class host_find(LDAPSearch):
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return truncated
for entry in entries:
(dn, entry_attrs) = entry
for entry_attrs in entries:
set_certificate_attrs(entry_attrs)
set_kerberos_attrs(entry_attrs, options)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
self.obj.get_password_attributes(ldap, entry_attrs.dn, entry_attrs)
self.obj.suppress_netgroup_memberof(ldap, entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
@@ -842,9 +840,9 @@ class host_find(LDAPSearch):
entry_attrs['has_keytab'] = False
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(entry[0])
entry_attrs['managing'] = self.obj.get_managed_hosts(entry_attrs.dn)
convert_sshpubkey_post(ldap, dn, entry_attrs)
convert_sshpubkey_post(ldap, entry_attrs.dn, entry_attrs)
return truncated
@@ -941,7 +939,7 @@ class host_disable(LDAPQuery):
dn = self.obj.get_dn(*keys, **options)
try:
(dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate'])
entry_attrs = ldap.get_entry(dn, ['usercertificate'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
cert = entry_attrs.single_value.get('usercertificate')
@@ -972,7 +970,8 @@ class host_disable(LDAPQuery):
raise nsprerr
# Remove the usercertificate altogether
ldap.update_entry(dn, {'usercertificate': None})
entry_attrs['usercertificate'] = None
ldap.update_entry(entry_attrs)
done_work = True
self.obj.get_password_attributes(ldap, dn, entry_attrs)

3
ipalib/plugins/hostgroup.py
View File

@@ -188,8 +188,7 @@ class hostgroup_find(LDAPSearch):
if options.get('pkey_only', False):
return truncated
for entry in entries:
(dn, entry_attrs) = entry
self.obj.suppress_netgroup_memberof(ldap, dn, entry_attrs)
self.obj.suppress_netgroup_memberof(ldap, entry.dn, entry)
return truncated
api.register(hostgroup_find)

10
ipalib/plugins/idrange.py
View File

@@ -551,9 +551,9 @@ class idrange_del(LDAPDelete):
def pre_callback(self, ldap, dn, *keys, **options):
try:
(old_dn, old_attrs) = ldap.get_entry(dn, ['ipabaseid',
'ipaidrangesize',
'ipanttrusteddomainsid'])
old_attrs = ldap.get_entry(dn, ['ipabaseid',
'ipaidrangesize',
'ipanttrusteddomainsid'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -595,7 +595,7 @@ class idrange_find(LDAPSearch):
return (filters, base_dn, ldap.SCOPE_ONELEVEL)
def post_callback(self, ldap, entries, truncated, *args, **options):
for dn, entry in entries:
for entry in entries:
self.obj.handle_iparangetype(entry, options)
return truncated
@@ -629,7 +629,7 @@ class idrange_mod(LDAPUpdate):
attrs_list.append('objectclass')
try:
(old_dn, old_attrs) = ldap.get_entry(dn, ['*'])
old_attrs = ldap.get_entry(dn, ['*'])
except errors.NotFound:
self.obj.handle_not_found(*keys)

6
ipalib/plugins/krbtpolicy.py
View File

@@ -166,15 +166,17 @@ class krbtpolicy_reset(LDAPQuery):
else:
def_values = _default_values
entry = ldap.get_entry(dn, def_values.keys())
entry.update(def_values)
try:
ldap.update_entry(dn, def_values)
ldap.update_entry(entry)
except errors.EmptyModlist:
pass
if keys[-1] is not None:
# policy for user was deleted, retrieve global policy
dn = self.obj.get_dn(None)
(dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
entry_attrs = entry_to_dict(entry_attrs, **options)

77
ipalib/plugins/migration.py
View File

@@ -158,7 +158,7 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs
% (entry_attrs['gidnumber'][0], pkey))
elif entry_attrs['gidnumber'][0] not in valid_gids:
try:
(remote_dn, remote_entry) = ds_ldap.find_entry_by_attr(
remote_entry = ds_ldap.find_entry_by_attr(
'gidnumber', entry_attrs['gidnumber'][0], 'posixgroup',
[''], search_bases['group']
)
@@ -238,7 +238,7 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs
pkey, value, type(value), attr, e)
continue
try:
(remote_dn, remote_entry) = ds_ldap.get_entry(value, [api.Object.user.primary_key.name, api.Object.group.primary_key.name])
remote_entry = ds_ldap.get_entry(value, [api.Object.user.primary_key.name, api.Object.group.primary_key.name])
except errors.NotFound:
api.log.warn('%s: attribute %s refers to non-existent entry %s' % (pkey, attr, value))
continue
@@ -270,9 +270,10 @@ def _post_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx):
if 'description' in entry_attrs and NO_UPG_MAGIC in entry_attrs['description']:
entry_attrs['description'].remove(NO_UPG_MAGIC)
update_attrs = dict(description = entry_attrs['description'])
try:
ldap.update_entry(dn, update_attrs)
update_attrs = ldap.get_entry(dn, ['description'])
update_attrs['description'] = entry_attrs['description']
ldap.update_entry(update_attrs)
except (errors.EmptyModlist, errors.NotFound):
pass
@@ -292,17 +293,17 @@ def _update_default_group(ldap, pkey, config, ctx, force):
except errors.NotFound:
return
new_members = []
(group_dn, group_entry_attrs) = ldap.get_entry(group_dn, ['member'])
group_entry_attrs = ldap.get_entry(group_dn, ['member'])
for m in result:
if m[0] not in group_entry_attrs.get('member', []):
new_members.append(m[0])
if m.dn not in group_entry_attrs.get('member', []):
new_members.append(m.dn)
if len(new_members) > 0:
members = group_entry_attrs.get('member', [])
members.extend(new_members)
group_entry_attrs['member'] = members
try:
ldap.update_entry(group_dn, group_entry_attrs)
ldap.update_entry(group_entry_attrs)
except errors.EmptyModlist:
pass
@@ -406,8 +407,9 @@ def _group_exc_callback(ldap, dn, entry_attrs, exc, options):
if options.get('groupoverwritegid', False) and \
entry_attrs.get('gidnumber') is not None:
try:
new_entry_attrs = {'gidnumber':entry_attrs['gidnumber']}
ldap.update_entry(dn, new_entry_attrs)
new_entry_attrs = ldap.get_entry(dn, ['gidnumber'])
new_entry_attrs['gidnumber'] = entry_attrs['gidnumber']
ldap.update_entry(new_entry_attrs)
except errors.EmptyModlist:
# no change to the GID
pass
@@ -747,7 +749,7 @@ can use their Kerberos accounts.''')
def_group = config.get('ipadefaultprimarygroup')
context['def_group_dn'] = api.Object.group.get_dn(def_group)
try:
(g_dn, g_attrs) = ldap.get_entry(context['def_group_dn'], ['gidnumber', 'cn'])
g_attrs = ldap.get_entry(context['def_group_dn'], ['gidnumber', 'cn'])
except errors.NotFound:
error_msg = _('Default group for new users not found')
raise errors.NotFound(reason=error_msg)
@@ -760,20 +762,11 @@ can use their Kerberos accounts.''')
invalid_gids = []
migrate_cnt = 0
context['migrate_cnt'] = 0
for (dn, entry_attrs) in entries:
for entry_attrs in entries:
context['migrate_cnt'] = migrate_cnt
s = datetime.datetime.now()
if dn is None: # LDAP search reference
failed[ldap_obj_name][entry_attrs[0]] = unicode(_ref_err_msg)
continue
try:
dn = DN(dn)
except ValueError:
failed[ldap_obj_name][dn] = unicode(_dn_err_msg)
continue
ava = dn[0][0]
ava = entry_attrs.dn[0][0]
if ava.attr == ldap_obj.primary_key.name:
# In case if pkey attribute is in the migrated object DN
# and the original LDAP is multivalued, make sure that
@@ -785,8 +778,7 @@ can use their Kerberos accounts.''')
if pkey in exclude:
continue
dn = ldap_obj.get_dn(pkey)
assert isinstance(dn, DN)
entry_attrs.dn = ldap_obj.get_dn(pkey)
entry_attrs['objectclass'] = list(
set(
config.get(
@@ -799,28 +791,29 @@ can use their Kerberos accounts.''')
callback = self.migrate_objects[ldap_obj_name]['pre_callback']
if callable(callback):
try:
dn = callback(
ldap, pkey, dn, entry_attrs, failed[ldap_obj_name],
config, context, schema = options['schema'],
search_bases = search_bases,
valid_gids = valid_gids,
invalid_gids = invalid_gids,
entry_attrs.dn = callback(
ldap, pkey, entry_attrs.dn, entry_attrs,
failed[ldap_obj_name], config, context,
schema=options['schema'],
search_bases=search_bases,
valid_gids=valid_gids,
invalid_gids=invalid_gids,
**blacklists
)
assert isinstance(dn, DN)
if not dn:
if not entry_attrs.dn:
continue
except errors.NotFound, e:
failed[ldap_obj_name][pkey] = unicode(e.reason)
continue
try:
ldap.add_entry(dn, entry_attrs)
ldap.add_entry(entry_attrs)
except errors.ExecutionError, e:
callback = self.migrate_objects[ldap_obj_name]['exc_callback']
if callable(callback):
try:
callback(ldap, dn, entry_attrs, e, options)
callback(
ldap, entry_attrs.dn, entry_attrs, e, options)
except errors.ExecutionError, e:
failed[ldap_obj_name][pkey] = unicode(e)
continue
@@ -833,9 +826,8 @@ can use their Kerberos accounts.''')
callback = self.migrate_objects[ldap_obj_name]['post_callback']
if callable(callback):
callback(
ldap, pkey, dn, entry_attrs, failed[ldap_obj_name],
config, context,
)
ldap, pkey, entry_attrs.dn, entry_attrs,
failed[ldap_obj_name], config, context)
e = datetime.datetime.now()
d = e - s
total_dur = e - migration_start
@@ -851,7 +843,7 @@ can use their Kerberos accounts.''')
def execute(self, ldapuri, bindpw, **options):
ldap = self.api.Backend.ldap2
self.normalize_options(options)
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
ds_base_dn = options.get('basedn')
if ds_base_dn is not None:
@@ -881,8 +873,7 @@ can use their Kerberos accounts.''')
#check whether the compat plugin is enabled
if not options.get('compat'):
try:
(dn,check_compat) = ldap.get_entry(_compat_dn)
assert isinstance(dn, DN)
check_compat = ldap.get_entry(_compat_dn)
if check_compat is not None and \
check_compat.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
return dict(result={}, failed={}, enabled=True, compat=False)
@@ -895,12 +886,12 @@ can use their Kerberos accounts.''')
'', ['namingcontexts', 'defaultnamingcontext'], DN(''),
ds_ldap.SCOPE_BASE, size_limit=-1, time_limit=0,
)
if 'defaultnamingcontext' in entries[0][1]:
ds_base_dn = DN(entries[0][1]['defaultnamingcontext'][0])
if 'defaultnamingcontext' in entries[0]:
ds_base_dn = DN(entries[0]['defaultnamingcontext'][0])
assert isinstance(ds_base_dn, DN)
else:
try:
ds_base_dn = DN(entries[0][1]['namingcontexts'][0])
ds_base_dn = DN(entries[0]['namingcontexts'][0])
assert isinstance(ds_base_dn, DN)
except (IndexError, KeyError), e:
raise StandardError(str(e))

5
ipalib/plugins/netgroup.py
View File

@@ -167,7 +167,7 @@ class netgroup_add(LDAPCreate):
try:
test_dn = self.obj.get_dn(keys[-1])
(test_dn_, netgroup) = ldap.get_entry(test_dn, ['objectclass'])
netgroup = ldap.get_entry(test_dn, ['objectclass'])
if 'mepManagedEntry' in netgroup.get('objectclass', []):
raise errors.DuplicateEntry(message=unicode(self.msg_collision % keys[-1]))
else:
@@ -206,7 +206,8 @@ class netgroup_mod(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
try:
(dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
entry_attrs = ldap.get_entry(dn, attrs_list)
dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(options, 'usercategory') and 'memberuser' in entry_attrs:

6
ipalib/plugins/passwd.py
View File

@@ -103,7 +103,7 @@ class passwd(Command):
"""
ldap = self.api.Backend.ldap2
(dn, entry_attrs) = ldap.find_entry_by_attr(
entry_attrs = ldap.find_entry_by_attr(
'krbprincipalname', principal, 'posixaccount', [''],
DN(api.env.container_user, api.env.basedn)
)
@@ -115,9 +115,9 @@ class passwd(Command):
raise errors.ACIError(info=_('Invalid credentials'))
if current_password == MAGIC_VALUE:
ldap.modify_password(dn, password)
ldap.modify_password(entry_attrs.dn, password)
else:
ldap.modify_password(dn, password, current_password)
ldap.modify_password(entry_attrs.dn, password, current_password)
return dict(
result=True,

2
ipalib/plugins/permission.py
View File

@@ -875,7 +875,7 @@ class permission_find(baseldap.LDAPSearch):
if 'sizelimit' in options:
max_entries = options['sizelimit']
else:
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
max_entries = int(config.single_value['ipasearchrecordslimit'])
filters = ['(objectclass=ipaPermission)',

5
ipalib/plugins/pkinit.py
View File

@@ -79,7 +79,7 @@ class pkinit_anonymous(Command):
set_lock = False
lock = None
(dn, entry_attrs) = ldap.get_entry(self.default_dn, ['nsaccountlock'])
entry_attrs = ldap.get_entry(self.default_dn, ['nsaccountlock'])
if 'nsaccountlock' in entry_attrs:
lock = entry_attrs['nsaccountlock'][0].lower()
@@ -94,7 +94,8 @@ class pkinit_anonymous(Command):
lock = 'TRUE'
if set_lock:
ldap.update_entry(dn, {'nsaccountlock':lock})
entry_attrs['nsaccountlock'] = lock
ldap.update_entry(entry_attrs)
return dict(result=True)

10
ipalib/plugins/pwpolicy.py
View File

@@ -478,13 +478,13 @@ class pwpolicy_find(LDAPSearch):
returns a pair: (is_global, priority)
"""
# global policy will be always last in the output
if entry[1]['cn'][0] == global_policy_name:
if entry['cn'][0] == global_policy_name:
return True, 0
else:
# policies with higher priority (lower number) will be at the
# beginning of the list
try:
cospriority = int(entry[1]['cospriority'][0])
cospriority = int(entry['cospriority'][0])
except KeyError:
# if cospriority is not present in the entry, rather return 0
# than crash
@@ -496,9 +496,9 @@ class pwpolicy_find(LDAPSearch):
# When pkey_only flag is on, entries should contain only a cn.
# Add a cospriority attribute that will be used for sorting.
# Attribute rights are not allowed for pwpolicy_find.
self.obj.add_cospriority(e[1], e[1]['cn'][0], rights=False)
self.obj.add_cospriority(e, e['cn'][0], rights=False)
self.obj.convert_time_for_output(e[1], **options)
self.obj.convert_time_for_output(e, **options)
# do custom entry sorting by its cospriority
entries.sort(key=self.priority_sort_key)
@@ -507,7 +507,7 @@ class pwpolicy_find(LDAPSearch):
# remove cospriority that was used for sorting
for e in entries:
try:
del e[1]['cospriority']
del e['cospriority']
except KeyError:
pass

6
ipalib/plugins/realmdomains.py
View File

@@ -120,7 +120,7 @@ class realmdomains_mod(LDAPUpdate):
# If --add-domain or --del-domain options were provided, read
# the curent list from LDAP, modify it, and write the changes back
domains = ldap.get_entry(dn)[1]['associateddomain']
domains = ldap.get_entry(dn)['associateddomain']
if add_domain:
if not force and not has_soa_or_ns_record(add_domain):
@@ -144,9 +144,9 @@ class realmdomains_mod(LDAPUpdate):
dn = self.obj.get_dn(*keys, **options)
ldap = self.obj.backend
domains_old = set(ldap.get_entry(dn)[1]['associateddomain'])
domains_old = set(ldap.get_entry(dn)['associateddomain'])
result = super(realmdomains_mod, self).execute(*keys, **options)
domains_new = set(ldap.get_entry(dn)[1]['associateddomain'])
domains_new = set(ldap.get_entry(dn)['associateddomain'])
domains_added = domains_new - domains_old
domains_deleted = domains_old - domains_new

45
ipalib/plugins/selinuxusermap.py
View File

@@ -112,7 +112,7 @@ def validate_selinuxuser_inlist(ldap, user):
Returns nothing if the user is found, raises an exception otherwise.
"""
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
item = config.get('ipaselinuxusermaporder', [])
if len(item) != 1:
raise errors.NotFound(reason=_('SELinux user map list not '
@@ -217,13 +217,13 @@ class selinuxusermap(LDAPObject):
return str(dn)
except ValueError:
try:
(dn, entry_attrs) = self.backend.find_entry_by_attr(
entry_attrs = self.backend.find_entry_by_attr(
self.api.Object['hbacrule'].primary_key.name,
seealso,
self.api.Object['hbacrule'].object_class,
[''],
DN(self.api.Object['hbacrule'].container_dn, api.env.basedn))
seealso = dn
seealso = entry_attrs.dn
except errors.NotFound:
raise errors.NotFound(reason=_('HBAC rule %(rule)s not found') % dict(rule=seealso))
@@ -237,7 +237,7 @@ class selinuxusermap(LDAPObject):
return
if 'seealso' in entry_attrs:
(hbac_dn, hbac_attrs) = ldap.get_entry(entry_attrs['seealso'][0], ['cn'])
hbac_attrs = ldap.get_entry(entry_attrs['seealso'][0], ['cn'])
entry_attrs['seealso'] = hbac_attrs['cn'][0]
api.register(selinuxusermap)
@@ -296,7 +296,7 @@ class selinuxusermap_mod(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
try:
(_dn, _entry_attrs) = ldap.get_entry(dn, attrs_list)
_entry_attrs = ldap.get_entry(dn, attrs_list)
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -369,8 +369,7 @@ all=True)['result']
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return truncated
for entry in entries:
(dn, attrs) = entry
for attrs in entries:
self.obj._convert_seealso(ldap, attrs, **options)
return truncated
@@ -398,15 +397,18 @@ class selinuxusermap_enable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(cn)
entry_attrs = {'ipaenabledflag': 'TRUE'}
try:
ldap.update_entry(dn, entry_attrs)
except errors.EmptyModlist:
raise errors.AlreadyActive()
entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
except errors.NotFound:
self.obj.handle_not_found(cn)
entry_attrs['ipaenabledflag'] = ['TRUE']
try:
ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
raise errors.AlreadyActive()
return dict(
result=True,
value=cn,
@@ -425,15 +427,18 @@ class selinuxusermap_disable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(cn)
entry_attrs = {'ipaenabledflag': 'FALSE'}
try:
ldap.update_entry(dn, entry_attrs)
except errors.EmptyModlist:
raise errors.AlreadyInactive()
entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
except errors.NotFound:
self.obj.handle_not_found(cn)
entry_attrs['ipaenabledflag'] = ['FALSE']
try:
ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
raise errors.AlreadyInactive()
return dict(
result=True,
value=cn,
@@ -451,7 +456,8 @@ class selinuxusermap_add_user(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
(dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
if 'usercategory' in entry_attrs and \
@@ -483,7 +489,8 @@ class selinuxusermap_add_host(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
(dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
dn = entry_attrs.dn
except errors.NotFound:
self.obj.handle_not_found(*keys)
if 'hostcategory' in entry_attrs and \

15
ipalib/plugins/service.py
View File

@@ -434,7 +434,7 @@ class service_del(LDAPDelete):
check_required_principal(ldap, hostname, service)
if self.api.env.enable_ra:
try:
(dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate'])
entry_attrs = ldap.get_entry(dn, ['usercertificate'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
cert = entry_attrs.get('usercertificate')
@@ -486,8 +486,7 @@ class service_mod(LDAPUpdate):
dercert = x509.normalize_certificate(cert)
x509.verify_cert_subject(ldap, hostname, dercert)
try:
(dn, entry_attrs_old) = ldap.get_entry(
dn, ['usercertificate'])
entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
except errors.NotFound:
self.obj.handle_not_found(*keys)
if 'usercertificate' in entry_attrs_old:
@@ -541,9 +540,8 @@ class service_find(LDAPSearch):
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return truncated
for entry in entries:
(dn, entry_attrs) = entry
self.obj.get_password_attributes(ldap, dn, entry_attrs)
for entry_attrs in entries:
self.obj.get_password_attributes(ldap, entry_attrs.dn, entry_attrs)
set_certificate_attrs(entry_attrs)
set_kerberos_attrs(entry_attrs, options)
return truncated
@@ -615,7 +613,7 @@ class service_disable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(*keys, **options)
(dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate'])
entry_attrs = ldap.get_entry(dn, ['usercertificate'])
(service, hostname, realm) = split_principal(keys[-1])
check_required_principal(ldap, hostname, service)
@@ -648,7 +646,8 @@ class service_disable(LDAPQuery):
raise nsprerr
# Remove the usercertificate altogether
ldap.update_entry(dn, {'usercertificate': None})
entry_attrs['usercertificate'] = None
ldap.update_entry(entry_attrs)
done_work = True
self.obj.get_password_attributes(ldap, dn, entry_attrs)

8
ipalib/plugins/sudocmd.py
View File

@@ -87,10 +87,10 @@ class sudocmd(LDAPObject):
self.backend.get_entry(dn, [''])
except errors.NotFound:
try:
(dn, entry_attrs) = self.backend.find_entry_by_attr(
entry_attrs = self.backend.find_entry_by_attr(
'sudocmd', keys[-1], self.object_class, [''],
DN(self.container_dn, api.env.basedn)
)
DN(self.container_dn, api.env.basedn))
dn = entry_attrs.dn
except errors.NotFound:
pass
return dn
@@ -125,7 +125,7 @@ class sudocmd_del(LDAPDelete):
except errors.NotFound:
pass
else:
for entry_dn, entry_attrs in entries:
for entry_attrs in entries:
[cn] = entry_attrs['cn']
dependent_sudorules.append(cn)

52
ipalib/plugins/sudorule.py
View File

@@ -300,7 +300,7 @@ class sudorule_mod(LDAPUpdate):
else:
self.obj.check_order_uniqueness(*keys, **options)
try:
(_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
@@ -344,15 +344,18 @@ class sudorule_enable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(cn)
entry_attrs = {'ipaenabledflag': 'TRUE'}
try:
ldap.update_entry(dn, entry_attrs)
except errors.EmptyModlist:
pass
entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
except errors.NotFound:
self.obj.handle_not_found(cn)
entry_attrs['ipaenabledflag'] = ['TRUE']
try:
ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
pass
return dict(result=True)
def output_for_cli(self, textui, result, cn, **options):
@@ -368,15 +371,18 @@ class sudorule_disable(LDAPQuery):
ldap = self.obj.backend
dn = self.obj.get_dn(cn)
entry_attrs = {'ipaenabledflag': 'FALSE'}
try:
ldap.update_entry(dn, entry_attrs)
except errors.EmptyModlist:
pass
entry_attrs = ldap.get_entry(dn, ['ipaenabledflag'])
except errors.NotFound:
self.obj.handle_not_found(cn)
entry_attrs['ipaenabledflag'] = ['FALSE']
try:
ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
pass
return dict(result=True)
def output_for_cli(self, textui, result, cn, **options):
@@ -394,7 +400,7 @@ class sudorule_add_allow_command(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
(_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'cmdcategory'):
@@ -423,7 +429,7 @@ class sudorule_add_deny_command(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
(_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'cmdcategory'):
@@ -451,7 +457,7 @@ class sudorule_add_user(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
(_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'usercategory'):
@@ -487,7 +493,7 @@ class sudorule_add_host(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN)
try:
(_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'hostcategory'):
@@ -528,7 +534,7 @@ class sudorule_add_runasuser(LDAPAddMember):
return True
try:
(_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'ipasudorunasusercategory') or \
@@ -585,7 +591,7 @@ class sudorule_add_runasgroup(LDAPAddMember):
return True
try:
(_dn, _entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'ipasudorunasusercategory') or \
@@ -639,7 +645,7 @@ class sudorule_add_option(LDAPQuery):
if not options['ipasudoopt'].strip():
raise errors.EmptyModlist()
(dn, entry_attrs) = ldap.get_entry(dn, ['ipasudoopt'])
entry_attrs = ldap.get_entry(dn, ['ipasudoopt'])
try:
if options['ipasudoopt'] not in entry_attrs['ipasudoopt']:
@@ -651,14 +657,14 @@ class sudorule_add_option(LDAPQuery):
entry_attrs.setdefault('ipasudoopt', []).append(
options['ipasudoopt'])
try:
ldap.update_entry(dn, entry_attrs)
ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
pass
except errors.NotFound:
self.obj.handle_not_found(cn)
attrs_list = self.obj.default_attributes
(dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
entry_attrs = ldap.get_entry(dn, attrs_list)
entry_attrs = entry_to_dict(entry_attrs, **options)
@@ -692,12 +698,12 @@ class sudorule_remove_option(LDAPQuery):
if not options['ipasudoopt'].strip():
raise errors.EmptyModlist()
(dn, entry_attrs) = ldap.get_entry(dn, ['ipasudoopt'])
entry_attrs = ldap.get_entry(dn, ['ipasudoopt'])
try:
if options['ipasudoopt'] in entry_attrs['ipasudoopt']:
entry_attrs.setdefault('ipasudoopt', []).remove(
options['ipasudoopt'])
ldap.update_entry(dn, entry_attrs)
ldap.update_entry(entry_attrs)
else:
raise errors.AttrValueNotFound(
attr='ipasudoopt',
@@ -714,7 +720,7 @@ class sudorule_remove_option(LDAPQuery):
self.obj.handle_not_found(cn)
attrs_list = self.obj.default_attributes
(dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
entry_attrs = ldap.get_entry(dn, attrs_list)
entry_attrs = entry_to_dict(entry_attrs, **options)

10
ipalib/plugins/trust.py
View File

@@ -456,7 +456,7 @@ sides.
base_dn=DN(api.env.container_trusts, api.env.basedn),
filter=trust_filter)
result['result'] = entry_to_dict(trusts[0][1], **options)
result['result'] = entry_to_dict(trusts[0], **options)
# For AD trusts with algorithmic mapping, we need to add a separate
# range for each subdomain.
@@ -778,9 +778,7 @@ class trust_find(LDAPSearch):
if options.get('pkey_only', False):
return truncated
for entry in entries:
(dn, attrs) = entry
for attrs in entries:
# Translate ipanttrusttype to trusttype if --raw not used
if not options.get('raw', False):
attrs['trusttype'] = trust_type_string(attrs['ipanttrusttype'][0])
@@ -897,7 +895,7 @@ class trustconfig(LDAPObject):
# and not "ipausergroup" so that it can also match groups like
# "Default SMB Group" which does not have this objectclass.
try:
(dn, group_entry) = self.backend.find_entry_by_attr(
group_entry = self.backend.find_entry_by_attr(
self.api.Object['group'].primary_key.name,
group,
['posixgroup'],
@@ -906,7 +904,7 @@ class trustconfig(LDAPObject):
except errors.NotFound:
self.api.Object['group'].handle_not_found(group)
else:
entry_attrs['ipantfallbackprimarygroup'] = [dn]
entry_attrs['ipantfallbackprimarygroup'] = [group_entry.dn]
def _convert_groupdn(self, entry_attrs, options):
"""

45
ipalib/plugins/user.py
View File

@@ -400,7 +400,7 @@ class user(LDAPObject):
def _normalize_and_validate_email(self, email, config=None):
if not config:
config = self.backend.get_ipa_config()[1]
config = self.backend.get_ipa_config()
# check if default email domain should be added
defaultdomain = config.get('ipadefaultemaildomain', [None])[0]
@@ -437,11 +437,11 @@ class user(LDAPObject):
for m in xrange(len(manager)):
if isinstance(manager[m], DN) and manager[m].endswith(container_dn):
continue
(dn, entry_attrs) = self.backend.find_entry_by_attr(
entry_attrs = self.backend.find_entry_by_attr(
self.primary_key.name, manager[m], self.object_class, [''],
container_dn
)
manager[m] = dn
manager[m] = entry_attrs.dn
except errors.NotFound:
raise errors.NotFound(reason=_('manager %(manager)s not found') % dict(manager=manager[m]))
@@ -510,7 +510,7 @@ class user_add(LDAPCreate):
entry_attrs['gidnumber'] = baseldap.DNA_MAGIC
validate_nsaccountlock(entry_attrs)
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
if 'ipamaxusernamelength' in config:
if len(keys[-1]) > int(config.get('ipamaxusernamelength')[0]):
raise errors.ValidationError(
@@ -542,7 +542,7 @@ class user_add(LDAPCreate):
def_primary_group = config.get('ipadefaultprimarygroup')
group_dn = self.api.Object['group'].get_dn(def_primary_group)
try:
(group_dn, group_attrs) = ldap.get_entry(group_dn, ['gidnumber'])
group_attrs = ldap.get_entry(group_dn, ['gidnumber'])
except errors.NotFound:
error_msg = _('Default group for new users not found')
raise errors.NotFound(reason=error_msg)
@@ -590,7 +590,7 @@ class user_add(LDAPCreate):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
# add the user we just created into the default primary group
def_primary_group = config.get('ipadefaultprimarygroup')
group_dn = self.api.Object['group'].get_dn(def_primary_group)
@@ -607,7 +607,7 @@ class user_add(LDAPCreate):
# delete description attribute NO_UPG_MAGIC if present
if options.get('noprivate', False):
if not options.get('all', False):
(dn, desc_attr) = ldap.get_entry(dn, ['description'])
desc_attr = ldap.get_entry(dn, ['description'])
entry_attrs.update(desc_attr)
if 'description' in entry_attrs and NO_UPG_MAGIC in entry_attrs['description']:
entry_attrs['description'].remove(NO_UPG_MAGIC)
@@ -619,7 +619,7 @@ class user_add(LDAPCreate):
# Fetch the entry again to update memberof, mep data, etc updated
# at the end of the transaction.
(newdn, newentry) = ldap.get_entry(dn, ['*'])
newentry = ldap.get_entry(dn, ['*'])
entry_attrs.update(newentry)
if options.get('random', False):
@@ -668,7 +668,7 @@ class user_mod(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
if options.get('rename') is not None:
config = ldap.get_ipa_config()[1]
config = ldap.get_ipa_config()
if 'ipamaxusernamelength' in config:
if len(options['rename']) > int(config.get('ipamaxusernamelength')[0]):
raise errors.ValidationError(
@@ -769,12 +769,11 @@ class user_find(LDAPSearch):
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return truncated
for entry in entries:
(dn, attrs) = entry
for attrs in entries:
self.obj._convert_manager(attrs, **options)
self.obj.get_password_attributes(ldap, dn, attrs)
self.obj.get_password_attributes(ldap, attrs.dn, attrs)
convert_nsaccountlock(attrs)
convert_sshpubkey_post(ldap, dn, attrs)
convert_sshpubkey_post(ldap, attrs.dn, attrs)
return truncated
msg_summary = ngettext(
@@ -858,9 +857,13 @@ class user_unlock(LDAPQuery):
def execute(self, *keys, **options):
dn = self.obj.get_dn(*keys, **options)
entry_attrs = {'krbLastAdminUnlock': strftime("%Y%m%d%H%M%SZ",gmtime()), 'krbLoginFailedCount': '0'}
entry = self.obj.backend.get_entry(
dn, ['krbLastAdminUnlock', 'krbLoginFailedCount'])
self.obj.backend.update_entry(dn, entry_attrs)
entry['krbLastAdminUnlock'] = [strftime("%Y%m%d%H%M%SZ", gmtime())]
entry['krbLoginFailedCount'] = ['0']
self.obj.backend.update_entry(entry)
return dict(
result=True,
@@ -916,7 +919,7 @@ class user_status(LDAPQuery):
entries = []
count = 0
for master in masters:
host = master[1]['cn'][0]
host = master['cn'][0]
if host == api.env.host:
other_ldap = self.obj.backend
else:
@@ -936,8 +939,8 @@ class user_status(LDAPQuery):
entry = other_ldap.get_entry(dn, attr_list)
newresult = {'dn': dn}
for attr in ['krblastsuccessfulauth', 'krblastfailedauth']:
newresult[attr] = entry[1].get(attr, [u'N/A'])
newresult['krbloginfailedcount'] = entry[1].get('krbloginfailedcount', u'0')
newresult[attr] = entry.get(attr, [u'N/A'])
newresult['krbloginfailedcount'] = entry.get('krbloginfailedcount', u'0')
if not options.get('raw', False):
for attr in ['krblastsuccessfulauth', 'krblastfailedauth']:
try:
@@ -954,9 +957,9 @@ class user_status(LDAPQuery):
else:
time_format = '%Y-%m-%dT%H:%M:%SZ'
newresult['now'] = unicode(strftime(time_format, gmtime()))
convert_nsaccountlock(entry[1])
if 'nsaccountlock' in entry[1].keys():
disabled = entry[1]['nsaccountlock']
convert_nsaccountlock(entry)
if 'nsaccountlock' in entry:
disabled = entry['nsaccountlock']
entries.append(newresult)
count += 1
except errors.NotFound:

2
ipalib/util.py
View File

@@ -332,7 +332,7 @@ def convert_sshpubkey_post(ldap, dn, entry_attrs):
pubkeys = entry_attrs['ipasshpubkey']
else:
old_entry_attrs = ldap.get_entry(dn, ['ipasshpubkey'])
pubkeys = old_entry_attrs[1].get('ipasshpubkey')
pubkeys = old_entry_attrs.get('ipasshpubkey')
if not pubkeys:
return

18
ipaserver/dcerpc.py
View File

@@ -143,10 +143,10 @@ class DomainValidator(object):
def is_configured(self):
cn_trust_local = DN(('cn', self.api.env.domain), self.api.env.container_cifsdomains, self.api.env.basedn)
try:
(dn, entry_attrs) = self.ldap.get_entry(cn_trust_local, [self.ATTR_FLATNAME, self.ATTR_SID])
entry_attrs = self.ldap.get_entry(cn_trust_local, [self.ATTR_FLATNAME, self.ATTR_SID])
self.flatname = entry_attrs[self.ATTR_FLATNAME][0]
self.sid = entry_attrs[self.ATTR_SID][0]
self.dn = dn
self.dn = entry_attrs.dn
self.domain = self.api.env.domain
except errors.NotFound, e:
return False
@@ -175,7 +175,7 @@ class DomainValidator(object):
# domain names as keys and those are generally case-insensitive
result = ipautil.CIDict()
for dn, entry in entries:
for entry in entries:
try:
trust_partner = entry[self.ATTR_TRUST_PARTNER][0]
flatname_normalized = entry[self.ATTR_FLATNAME][0].lower()
@@ -184,7 +184,7 @@ class DomainValidator(object):
# Some piece of trusted domain info in LDAP is missing
# Skip the domain, but leave log entry for investigation
api.log.warn("Trusted domain '%s' entry misses an "
"attribute: %s", dn, e)
"attribute: %s", entry.dn, e)
continue
result[trust_partner] = (flatname_normalized,
@@ -341,7 +341,7 @@ class DomainValidator(object):
# Treat non-unique entries as invalid
raise errors.ValidationError(name=_('trusted domain object'),
error= _('Trusted domain did not return a unique object'))
sid = self.__sid_to_str(entries[0][1]['objectSid'][0])
sid = self.__sid_to_str(entries[0]['objectSid'][0])
try:
test_sid = security.dom_sid(sid)
return unicode(test_sid)
@@ -378,7 +378,7 @@ class DomainValidator(object):
attrs=attrs, scope=_ldap.SCOPE_SUBTREE)
except errors.NotFound:
raise errors.NotFound(reason=_('trusted domain user not found'))
user_dn = entries[0][0]
user_dn = entries[0].dn
elif domain or flatname:
attrs = ['cn']
filter = '(&(sAMAccountName=%(name)s)(objectClass=user))' \
@@ -388,7 +388,7 @@ class DomainValidator(object):
flatname, filter, attrs, _ldap.SCOPE_SUBTREE)
except errors.NotFound:
raise errors.NotFound(reason=_('trusted domain user not found'))
user_dn = entries[0][0]
user_dn = entries[0].dn
else:
# No domain or realm specified, ambiguous search
raise errors.ValidationError(name=_('trusted domain object'),
@@ -401,8 +401,8 @@ class DomainValidator(object):
filter = "(objectClass=user)"
entries = self.get_trusted_domain_objects(domain,
flatname, filter, attrs, _ldap.SCOPE_BASE, user_dn)
object_sid = self.__sid_to_str(entries[0][1]['objectSid'][0])
group_sids = [self.__sid_to_str(sid) for sid in entries[0][1]['tokenGroups']]
object_sid = self.__sid_to_str(entries[0]['objectSid'][0])
group_sids = [self.__sid_to_str(sid) for sid in entries[0]['tokenGroups']]
return (object_sid, group_sids)
def get_trusted_domain_user_and_groups(self, object_name):