Start LDAPConnection, a common base for ldap2 and IPAdmin

The first method to be extracted is handle_errors Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
2025-02-25 18:55:28 -06:00 · 2013-01-17 10:50:16 -05:00 · 2013-01-17 10:50:16 -05:00 · df4ed77962
commit df4ed77962
parent 9d41ee4b31
2 changed files with 101 additions and 123 deletions
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@ -816,18 +816,104 @@ class Entry(LDAPEntry):
        super(Entry, self).__init__(dn, data)
-class IPAdmin(IPAEntryLDAPObject):
+class LDAPConnection(object):
    """LDAP backend class
    This class abstracts a LDAP connection, providing methods that work with
    LADPEntries.
    This class is not intended to be used directly; instead, use one of its
    subclasses, IPAdmin or the ldap2 plugin.
    """
    def __init__(self, ldap_uri):
        self.ldap_uri = ldap_uri
        self.log = log_mgr.get_logger(self)
    def handle_errors(self, e, arg_desc=None):
        """Universal LDAPError handler
        :param e: The error to be raised
        :param url: The URL of the server
        """
        if not isinstance(e, _ldap.TIMEOUT):
            desc = e.args[0]['desc'].strip()
            info = e.args[0].get('info', '').strip()
            if arg_desc is not None:
                info = "%s arguments: %s" % (info, arg_desc)
        else:
            desc = ''
            info = ''
        try:
            # re-raise the error so we can handle it
            raise e
        except _ldap.NO_SUCH_OBJECT:
            raise errors.NotFound(reason=arg_desc or 'no such entry')
        except _ldap.ALREADY_EXISTS:
            raise errors.DuplicateEntry()
        except _ldap.CONSTRAINT_VIOLATION:
            # This error gets thrown by the uniqueness plugin
            _msg = 'Another entry with the same attribute value already exists'
            if info.startswith(_msg):
                raise errors.DuplicateEntry()
            else:
                raise errors.DatabaseError(desc=desc, info=info)
        except _ldap.INSUFFICIENT_ACCESS:
            raise errors.ACIError(info=info)
        except _ldap.INVALID_CREDENTIALS:
            raise errors.ACIError(info="%s %s" % (info, desc))
        except _ldap.NO_SUCH_ATTRIBUTE:
            # this is raised when a 'delete' attribute isn't found.
            # it indicates the previous attribute was removed by another
            # update, making the oldentry stale.
            raise errors.MidairCollision()
        except _ldap.INVALID_SYNTAX:
            raise errors.InvalidSyntax(attr=info)
        except _ldap.OBJECT_CLASS_VIOLATION:
            raise errors.ObjectclassViolation(info=info)
        except _ldap.ADMINLIMIT_EXCEEDED:
            raise errors.LimitsExceeded()
        except _ldap.SIZELIMIT_EXCEEDED:
            raise errors.LimitsExceeded()
        except _ldap.TIMELIMIT_EXCEEDED:
            raise errors.LimitsExceeded()
        except _ldap.NOT_ALLOWED_ON_RDN:
            raise errors.NotAllowedOnRDN(attr=info)
        except _ldap.FILTER_ERROR:
            raise errors.BadSearchFilter(info=info)
        except _ldap.NOT_ALLOWED_ON_NONLEAF:
            raise errors.NotAllowedOnNonLeaf()
        except _ldap.SERVER_DOWN:
            raise errors.NetworkError(uri=self.ldap_uri,
                                      error=u'LDAP Server Down')
        except _ldap.LOCAL_ERROR:
            raise errors.ACIError(info=info)
        except _ldap.SUCCESS:
            pass
        except _ldap.LDAPError, e:
            if 'NOT_ALLOWED_TO_DELEGATE' in info:
                raise errors.ACIError(
                    info="KDC returned NOT_ALLOWED_TO_DELEGATE")
            self.log.info('Unhandled LDAPError: %s' % str(e))
            raise errors.DatabaseError(desc=desc, info=info)
 class IPAdmin(LDAPConnection, IPAEntryLDAPObject):
    def __localinit(self):
        if self.protocol == 'ldaps':
-            IPAEntryLDAPObject.__init__(self,'ldaps://%s' % format_netloc(self.host, self.port))
+            ldap_uri = 'ldaps://%s' % format_netloc(self.host, self.port)
        elif self.protocol == 'ldapi':
-            IPAEntryLDAPObject.__init__(self,'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % "-".join(self.realm.split(".")))
+            ldap_uri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % (
                "-".join(self.realm.split(".")))
        elif self.protocol == 'ldap':
-            IPAEntryLDAPObject.__init__(self,'ldap://%s' % format_netloc(self.host, self.port))
+            ldap_uri = 'ldap://%s' % format_netloc(self.host, self.port)
        else:
            raise ValueError('Protocol %r not supported' % self.protocol)
        LDAPConnection.__init__(self, ldap_uri)
        IPAEntryLDAPObject.__init__(self, ldap_uri)
    def __guess_protocol(self):
        """Return the protocol to use based on flags passed to the constructor
@ -913,51 +999,7 @@ class IPAdmin(IPAEntryLDAPObject):
        return sctrl
    def __handle_errors(self, e, **kw):
-        """
+        return self.handle_errors(e, **kw)
        Centralize error handling in one place.
        e is the error to be raised
        **kw is an exception-specific list of options
        """
        if not isinstance(e,ldap.TIMEOUT):
            desc = e.args[0]['desc'].strip()
            info = e.args[0].get('info','').strip()
            arg_desc = kw.get('arg_desc')
            if arg_desc is not None:
                info += " arguments: %s" % arg_desc
        else:
            desc = ''
            info = ''
        try:
            # re-raise the error so we can handle it
            raise e
        except ldap.NO_SUCH_OBJECT, e:
            arg_desc = kw.get('arg_desc', "entry not found")
            raise errors.NotFound(reason=arg_desc)
        except ldap.ALREADY_EXISTS, e:
            raise errors.DuplicateEntry()
        except ldap.CONSTRAINT_VIOLATION, e:
            # This error gets thrown by the uniqueness plugin
            if info.startswith('Another entry with the same attribute value already exists'):
                raise errors.DuplicateEntry()
            else:
                raise errors.DatabaseError(desc=desc,info=info)
        except ldap.INSUFFICIENT_ACCESS, e:
            raise errors.ACIError(info=info)
        except ldap.NO_SUCH_ATTRIBUTE:
            # this is raised when a 'delete' attribute isn't found.
            # it indicates the previous attribute was removed by another
            # update, making the oldentry stale.
            raise errors.MidairCollision()
        except ldap.ADMINLIMIT_EXCEEDED, e:
            raise errors.LimitsExceeded()
        except ldap.SIZELIMIT_EXCEEDED, e:
            raise errors.LimitsExceeded()
        except ldap.TIMELIMIT_EXCEEDED, e:
            raise errors.LimitsExceeded()
        except ldap.LDAPError, e:
            raise errors.DatabaseError(desc=desc,info=info)
    def __wait_for_connection(self, timeout):
        lurl = ldapurl.LDAPUrl(self.uri)
@ -1189,7 +1231,7 @@ class IPAdmin(IPAEntryLDAPObject):
            attrlist.append(attr)
        timeout += int(time.time())
-        if isinstance(dn,Entry):
+        if isinstance(dn, LDAPEntry):
            dn = dn.dn
        assert isinstance(dn, DN)
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@ -37,11 +37,10 @@ import krbV
 import ldap as _ldap
 import ldap.filter as _ldap_filter
 from ipapython.ipa_log_manager import log_mgr
 from ipapython.dn import DN, RDN
 from ipalib.errors import NetworkError
 from ipaserver.ipaldap import (
-    SASL_AUTH, unicode_from_utf8, value_to_utf8, IPASimpleLDAPObject)
+    SASL_AUTH, unicode_from_utf8, value_to_utf8, IPASimpleLDAPObject,
    LDAPConnection)
 try:
@ -70,7 +69,7 @@ MEMBERS_DIRECT = 1
 MEMBERS_INDIRECT = 2
-class ldap2(CrudBackend):
+class ldap2(LDAPConnection, CrudBackend):
    """
    LDAP Backend Take 2.
    """
@ -90,12 +89,14 @@ class ldap2(CrudBackend):
    def __init__(self, shared_instance=True, ldap_uri=None, base_dn=None,
                 schema=None):
        CrudBackend.__init__(self, shared_instance=shared_instance)
        self.log = log_mgr.get_logger(self)
        try:
-            self.ldap_uri = ldap_uri or api.env.ldap_uri
+            ldap_uri = ldap_uri or api.env.ldap_uri
        except AttributeError:
-            self.ldap_uri = 'ldap://example.com'
+            ldap_uri = 'ldap://example.com'
        CrudBackend.__init__(self, shared_instance=shared_instance)
        LDAPConnection.__init__(self, ldap_uri)
        try:
            if base_dn is not None:
                self.base_dn = DN(base_dn)
@ -115,71 +116,6 @@ class ldap2(CrudBackend):
        return self.conn.schema
    schema = property(_get_schema, None, None, 'schema associated with this LDAP server')
    # universal LDAPError handler
    def handle_errors(self, e):
        """
        Centralize error handling in one place.
        e is the error to be raised
        """
        if not isinstance(e, _ldap.TIMEOUT):
            desc = e.args[0]['desc'].strip()
            info = e.args[0].get('info', '').strip()
        else:
            desc = ''
            info = ''
        try:
            # re-raise the error so we can handle it
            raise e
        except _ldap.NO_SUCH_OBJECT:
            raise errors.NotFound(reason='no such entry')
        except _ldap.ALREADY_EXISTS:
            raise errors.DuplicateEntry()
        except _ldap.CONSTRAINT_VIOLATION:
            # This error gets thrown by the uniqueness plugin
            if info.startswith('Another entry with the same attribute value already exists'):
                raise errors.DuplicateEntry()
            else:
                raise errors.DatabaseError(desc=desc, info=info)
        except _ldap.INSUFFICIENT_ACCESS:
            raise errors.ACIError(info=info)
        except _ldap.INVALID_CREDENTIALS:
            raise errors.ACIError(info="%s %s" % (info, desc))
        except _ldap.NO_SUCH_ATTRIBUTE:
            # this is raised when a 'delete' attribute isn't found.
            # it indicates the previous attribute was removed by another
            # update, making the oldentry stale.
            raise errors.MidairCollision()
        except _ldap.INVALID_SYNTAX:
            raise errors.InvalidSyntax(attr=info)
        except _ldap.OBJECT_CLASS_VIOLATION:
            raise errors.ObjectclassViolation(info=info)
        except _ldap.ADMINLIMIT_EXCEEDED:
            raise errors.LimitsExceeded()
        except _ldap.SIZELIMIT_EXCEEDED:
            raise errors.LimitsExceeded()
        except _ldap.TIMELIMIT_EXCEEDED:
            raise errors.LimitsExceeded()
        except _ldap.NOT_ALLOWED_ON_RDN:
            raise errors.NotAllowedOnRDN(attr=info)
        except _ldap.FILTER_ERROR:
            raise errors.BadSearchFilter(info=info)
        except _ldap.NOT_ALLOWED_ON_NONLEAF:
            raise errors.NotAllowedOnNonLeaf()
        except _ldap.SERVER_DOWN:
            raise NetworkError(uri=self.ldap_uri,
                               error=u'LDAP Server Down')
        except _ldap.LOCAL_ERROR:
            raise errors.ACIError(info=info)
        except _ldap.SUCCESS:
            pass
        except _ldap.LDAPError, e:
            if 'NOT_ALLOWED_TO_DELEGATE' in info:
                raise errors.ACIError(info="KDC returned NOT_ALLOWED_TO_DELEGATE")
            self.info('Unhandled LDAPError: %s' % str(e))
            raise errors.DatabaseError(desc=desc, info=info)
    def get_syntax(self, attr, value):
        if self.schema is None:
            return None