Make the membership attribute an argument and add new method entry.delAttr()

We need a way to say "this attribute is blank, delete it." delAttr does this. There are now several attributes to which we add "members" to so make the attribute for storing members configurable, defaulting to 'member'
2025-02-25 18:55:28 -06:00 · 2009-01-16 10:20:23 -05:00
parent 8154131ce1
commit e4b9be209e
2 changed files with 23 additions and 14 deletions
--- a/ipaserver/plugins/b_ldap.py
+++ b/ipaserver/plugins/b_ldap.py
@@ -190,23 +190,23 @@ class ldap(CrudBackend):
    def modify_password(self, dn, **kw):
        return servercore.modify_password(dn, kw.get('oldpass'), kw.get('newpass'))

-    def add_member_to_group(self, memberdn, groupdn):
+    def add_member_to_group(self, memberdn, groupdn, memberattr='member'):
        """
        Add a new member to a group.

        :param memberdn: the DN of the member to add
        :param groupdn: the DN of the group to add a member to
        """
-        return servercore.add_member_to_group(memberdn, groupdn)
+        return servercore.add_member_to_group(memberdn, groupdn, memberattr)

-    def remove_member_from_group(self, memberdn, groupdn):
+    def remove_member_from_group(self, memberdn, groupdn, memberattr='member'):
        """
        Remove a new member from a group.

        :param memberdn: the DN of the member to remove
        :param groupdn: the DN of the group to remove a member from
        """
-        return servercore.remove_member_from_group(memberdn, groupdn)
+        return servercore.remove_member_from_group(memberdn, groupdn, memberattr)

    # The CRUD operations

@@ -227,6 +227,7 @@ class ldap(CrudBackend):
            else:
                assert type(value) in (str, unicode, bool, int, float)
                yield (key, value)
+                yield (key, value)

    def create(self, **kw):
        if servercore.entry_exists(kw['dn']):
@@ -251,13 +252,18 @@ class ldap(CrudBackend):

    def update(self, dn, **kw):
        result = self.retrieve(dn, ["*"])
+        start_keys = kw.keys()

        entry = ipaldap.Entry((dn, servercore.convert_scalar_values(result)))
        kw = dict(self.strip_none(kw))
        for k in kw:
            entry.setValues(k, kw[k])

-        servercore.update_entry(entry.toDict())
+        remove_keys = list(set(start_keys) - set(kw.keys()))
+        for k in remove_keys:
+            entry.delAttr(k)
+
+        servercore.update_entry(entry.toDict(), remove_keys)

        return self.retrieve(dn)

--- a/ipaserver/servercore.py
+++ b/ipaserver/servercore.py
@@ -227,16 +227,19 @@ def uid_too_long(uid):

    return False

-def update_entry (entry):
+def update_entry (entry, remove_keys=[]):
    """Update an LDAP entry

       entry is a dict
+       remove_keys is a list of attributes to remove from this entry

       This refreshes the record from LDAP in order to obtain the list of
-       attributes that has changed.
+       attributes that has changed. It only retrieves the attributes that
+       are in the update so attributes aren't inadvertantly lost.
    """
+    assert type(remove_keys) is list
    attrs = entry.keys()
-    o = get_base_entry(entry['dn'], "objectclass=*", attrs)
+    o = get_base_entry(entry['dn'], "objectclass=*", attrs + remove_keys)
    oldentry = convert_scalar_values(o)
    newentry = convert_scalar_values(entry)

@@ -395,7 +398,7 @@ def mark_entry_inactive (dn):

    return res

-def add_member_to_group(member_dn, group_dn):
+def add_member_to_group(member_dn, group_dn, memberattr='member'):
    """
    Add a member to an existing group.
    """
@@ -414,18 +417,18 @@ def add_member_to_group(member_dn, group_dn):
        raise errors.NotFound

    # Add the new member to the group member attribute
-    members = group.get('member', [])
+    members = group.get(memberattr, [])
    if isinstance(members, basestring):
        members = [members]
    members.append(member_dn)
-    group['member'] = members
+    group[memberattr] = members

    try:
        return update_entry(group)
    except errors.EmptyModlist:
        raise

-def remove_member_from_group(member_dn, group_dn=None):
+def remove_member_from_group(member_dn, group_dn, memberattr='member'):
    """Remove a member_dn from an existing group."""

    group = get_entry_by_dn(group_dn, None)
@@ -439,7 +442,7 @@ def remove_member_from_group(member_dn, group_dn=None):
    """
    api.log.info("IPA: remove_member_from_group '%s' from '%s'" % (member_dn, group_dn))

-    members = group.get('member', False)
+    members = group.get(memberattr, False)
    if not members:
        raise errors.NotGroupMember

@@ -456,7 +459,7 @@ def remove_member_from_group(member_dn, group_dn=None):
    except Exception, e:
        raise e

-    group['member'] = members
+    group[memberattr] = members

    try:
        return update_entry(group)