[Freeipa-devel] [PATCH] Refactor ipaldap.py
Karl MacMillan
kmacmill at redhat.com
Wed Nov 14 23:20:05 UTC 2007
# HG changeset patch
# User "Karl MacMillan <kmacmill at redhat.com>"
# Date 1195082402 18000
# Node ID c97541fa3a402c46e588a5a3f260d85a34a4dcbc
# Parent 3aa0f2f6d446e9719d4b2a208b5a754b132549cf
Refactor ipaldap.py
Make it easier to use ipaldap.py to do simply binds, remove the proxy
support, and conform to the overall coding style.
diff -r 3aa0f2f6d446 -r c97541fa3a40 ipa-server/ipaserver/ipaldap.py
--- a/ipa-server/ipaserver/ipaldap.py Tue Nov 13 15:36:52 2007 -0500
+++ b/ipa-server/ipaserver/ipaldap.py Wed Nov 14 18:20:02 2007 -0500
@@ -71,7 +71,7 @@ class Entry:
true otherwise"""
return self.data != None and len(self.data) > 0
- def hasAttr(self,name):
+ def has_attr(self,name):
"""Return True if this entry has an attribute named name, False otherwise"""
return self.data and self.data.has_key(name)
@@ -83,23 +83,23 @@ class Entry:
entry.getValue('cn')
This also allows us to return None if an attribute is not found rather than
throwing an exception"""
- return self.getValue(name)
-
- def getValues(self,name):
+ return self.get_value(name)
+
+ def get_values(self,name):
"""Get the list (array) of values for the attribute named name"""
return self.data.get(name)
- def getValue(self,name):
+ def get_value(self,name):
"""Get the first value for the attribute named name"""
return self.data.get(name,[None])[0]
- def setValue(self,name,*value):
+ def set_value(self,name,*value):
"""Value passed in may be a single value, several values, or a single sequence.
For example:
- ent.setValue('name', 'value')
- ent.setValue('name', 'value1', 'value2', ..., 'valueN')
- ent.setValue('name', ['value1', 'value2', ..., 'valueN'])
- ent.setValue('name', ('value1', 'value2', ..., 'valueN'))
+ ent.set_value('name', 'value')
+ ent.set_value('name', 'value1', 'value2', ..., 'valueN')
+ ent.set_value('name', ['value1', 'value2', ..., 'valueN'])
+ ent.set_value('name', ('value1', 'value2', ..., 'valueN'))
Since *value is a tuple, we may have to extract a list or tuple from that
tuple as in the last two examples above"""
if isinstance(value[0],list) or isinstance(value[0],tuple):
@@ -107,9 +107,9 @@ class Entry:
else:
self.data[name] = value
- setValues = setValue
-
- def toTupleList(self):
+ set_values = set_value
+
+ def to_tuple_list(self):
"""Convert the attrs and values to a list of 2-tuples. The first element
of the tuple is the attribute name. The second element is either a
single value or a list of values."""
@@ -139,11 +139,11 @@ class Entry:
def wrapper(f,name):
"""This is the method that wraps all of the methods of the superclass. This seems
- to need to be an unbound method, that's why it's outside of IPAdmin. Perhaps there
+ to need to be an unbound method, that's why it's outside of LdapObject. Perhaps there
is some way to do this with the new classmethod or staticmethod of 2.4.
Basically, we replace every call to a method in SimpleLDAPObject (the superclass
- of IPAdmin) with a call to inner. The f argument to wrapper is the bound method
- of IPAdmin (which is inherited from the superclass). Bound means that it will implicitly
+ of LdapObject) with a call to inner. The f argument to wrapper is the bound method
+ of LdapObject (which is inherited from the superclass). Bound means that it will implicitly
be called with the self argument, it is not in the args list. name is the name of
the method to call. If name is a method that returns entry objects (e.g. result),
we wrap the data returned by an Entry class. If name is a method that takes an entry
@@ -169,122 +169,75 @@ def wrapper(f,name):
# python-ldap
ent = args[0]
if isinstance(ent,Entry):
- return f(ent.dn, ent.toTupleList(), *args[2:])
+ return f(ent.dn, ent.to_tuple_list(), *args[2:])
else:
return f(*args, **kargs)
else:
return f(*args, **kargs)
return inner
-class IPAdmin(SimpleLDAPObject):
+class LdapObject(SimpleLDAPObject):
CFGSUFFIX = "o=NetscapeRoot"
DEFAULT_USER_ID = "nobody"
- def __initPart2(self):
- if self.binddn and len(self.binddn) and not hasattr(self,'sroot'):
- try:
- ent = self.getEntry('cn=config', ldap.SCOPE_BASE, '(objectclass=*)',
- [ 'nsslapd-instancedir', 'nsslapd-errorlog' ])
- instdir = ent.getValue('nsslapd-instancedir')
- self.sroot, self.inst = re.match(r'(.*)[\/]slapd-(\w+)$', instdir).groups()
- self.errlog = ent.getValue('nsslapd-errorlog')
- except (ldap.INSUFFICIENT_ACCESS, ldap.CONNECT_ERROR,
- ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND)):
- pass # usually means
-# print "ignored exception"
- except ldap.LDAPError, e:
- print "caught exception ", e
- raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
-
- def __localinit__(self):
- """If a CA certificate is provided then it is assumed that we are
- doing SSL client authentication with proxy auth.
-
- If a CA certificate is not present then it is assumed that we are
- using a forwarded kerberos ticket for SASL auth. SASL provides
- its own encryption.
- """
- if self.cacert is not None:
- SimpleLDAPObject.__init__(self,'ldaps://%s:%d' % (self.host,self.port))
- else:
- SimpleLDAPObject.__init__(self,'ldap://%s:%d' % (self.host,self.port))
-
- def __init__(self,host,port,cacert,bindcert,bindkey,proxydn=None,debug=None):
+ def __init__(self, host, port=389, ssl=False, debug=None):
"""We just set our instance variables and wrap the methods - the real
work is done in __localinit__ and __initPart2 - these are separated
out this way so that we can call them from places other than
instance creation e.g. when we just need to reconnect, not create a
new instance"""
+
+ self.port = port
+ self.host = host
+
+ if ssl:
+ SimpleLDAPObject.__init__(self,'ldaps://%s:%d' % (self.host,self.port))
+ else:
+ SimpleLDAPObject.__init__(self,'ldap://%s:%d' % (self.host,self.port))
+
+
if debug and debug.lower() == "on":
ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
- if cacert is not None:
- ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,cacert)
- ldap.set_option(ldap.OPT_X_TLS_CERTFILE,bindcert)
- ldap.set_option(ldap.OPT_X_TLS_KEYFILE,bindkey)
self.__wrapmethods()
- self.port = port or 389
- self.host = host
- self.cacert = cacert
- self.bindcert = bindcert
- self.bindkey = bindkey
- self.proxydn = proxydn
+
+ # SSL options - these should be set with set_ssl
+ self.cacert = None
+ self.bindcert = None
+ self.bindkey = None
+
# see if is local or not
- host1 = IPAdmin.getfqdn(host)
- host2 = IPAdmin.getfqdn()
+ host1 = LdapObject.getfqdn(host)
+ host2 = LdapObject.getfqdn()
self.isLocal = (host1 == host2)
self.suffixes = {}
- self.__localinit__()
+
+ def set_ssl(self, cacert, bindcert, bindkey):
+ ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,cacert)
+ ldap.set_option(ldap.OPT_X_TLS_CERTFILE,bindcert)
+ ldap.set_option(ldap.OPT_X_TLS_KEYFILE,bindkey)
+
def __str__(self):
return self.host + ":" + str(self.port)
- def __get_server_controls__(self):
- """Create the proxy user server control. The control has the form
- 0x04 = Octet String
- 4|0x80 sets the length of the string length field at 4 bytes
- the struct() gets us the length in bytes of string self.proxydn
- self.proxydn is the proxy dn to send"""
-
- import sys
-
- if self.proxydn is not None:
- proxydn = chr(0x04) + chr(4|0x80) + struct.pack('l', socket.htonl(len(self.proxydn))) + self.proxydn;
-
- # Create the proxy control
- sctrl=[]
- sctrl.append(LDAPControl('2.16.840.1.113730.3.4.18',True,proxydn))
- else:
- sctrl=None
-
- return sctrl
-
- def toLDAPURL(self):
+ def to_ldap_url(self):
return "ldap://%s:%d/" % (self.host,self.port)
- def set_proxydn(self, proxydn):
- self.proxydn = proxydn
-
- def set_krbccache(self, krbccache, principal):
+
+ def krb_bind(self, krbccache, principal):
if krbccache is not None:
os.environ["KRB5CCNAME"] = krbccache
self.sasl_interactive_bind_s("", sasl_auth)
self.principal = principal
- self.proxydn = None
-
- def getEntry(self,*args):
+
+ def get_entry(self,*args):
"""This wraps the search function. It is common to just get one entry"""
-
- sctrl = self.__get_server_controls__()
-
- if sctrl is not None:
- self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
try:
res = self.search(*args)
type, obj = self.result(res)
- # res = self.search_ext(args[0], args[1], filterstr=args[2], attrlist=args[3], serverctrls=sctrl)
except ldap.LDAPError, e:
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
@@ -296,12 +249,8 @@ class IPAdmin(SimpleLDAPObject):
else: # assume list/tuple
return obj[0]
- def getList(self,*args):
+ def get_list(self,*args):
"""This wraps the search function to find all users."""
-
- sctrl = self.__get_server_controls__()
- if sctrl is not None:
- self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
try:
res = self.search(*args)
@@ -322,17 +271,13 @@ class IPAdmin(SimpleLDAPObject):
return all_users
- def getListAsync(self,*args):
+ def get_list_async(self,*args):
"""This version performs an asynchronous search, to allow
results even if we hit a limit.
It returns a list: counter followed by the results.
If the results are truncated, counter will be set to -1.
"""
-
- sctrl = self.__get_server_controls__()
- if sctrl is not None:
- self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
entries = []
partial = 0
@@ -361,15 +306,11 @@ class IPAdmin(SimpleLDAPObject):
return [counter] + entries
- def addEntry(self,*args):
+ def add_entry(self,*args):
"""This wraps the add function. It assumes that the entry is already
populated with all of the desired objectclasses and attributes"""
- sctrl = self.__get_server_controls__()
-
- try:
- if sctrl is not None:
- self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
+ try:
self.add_s(*args)
except ldap.ALREADY_EXISTS:
raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
@@ -377,37 +318,29 @@ class IPAdmin(SimpleLDAPObject):
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
return "Success"
- def updateRDN(self, dn, newrdn):
+ def update_rdn(self, dn, newrdn):
"""Wrap the modrdn function."""
-
- sctrl = self.__get_server_controls__()
if dn == newrdn:
# no need to report an error
return "Success"
try:
- if sctrl is not None:
- self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
self.modrdn_s(dn, newrdn, delold=1)
except ldap.LDAPError, e:
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
return "Success"
- def updateEntry(self,dn,olduser,newuser):
+ def update_entry(self,dn,olduser,newuser):
"""This wraps the mod function. It assumes that the entry is already
populated with all of the desired objectclasses and attributes"""
- sctrl = self.__get_server_controls__()
-
- modlist = self.generateModList(olduser, newuser)
+ modlist = self.generate_mod_list(olduser, newuser)
if len(modlist) == 0:
raise ipaerror.gen_exception(ipaerror.LDAP_EMPTY_MODLIST)
try:
- if sctrl is not None:
- self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
self.modify_s(dn, modlist)
# this is raised when a 'delete' attribute isn't found.
# it indicates the previous attribute was removed by another
@@ -418,7 +351,7 @@ class IPAdmin(SimpleLDAPObject):
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
return "Success"
- def generateModList(self, old_entry, new_entry):
+ def generate_mod_list(self, old_entry, new_entry):
"""A mod list generator that computes more precise modification lists
than the python-ldap version. This version purposely generates no
REPLACE operations, to deal with multi-user updates more properly."""
@@ -453,15 +386,14 @@ class IPAdmin(SimpleLDAPObject):
return modlist
- def inactivateEntry(self,dn,has_key):
+ def inactivate_entry(self,dn,has_key):
"""Rather than deleting entries we mark them as inactive.
has_key defines whether the entry already has nsAccountlock
set so we can determine which type of mod operation to run."""
- sctrl = self.__get_server_controls__()
modlist=[]
- if has_key == True:
+ if has_key:
operation = ldap.MOD_REPLACE
else:
operation = ldap.MOD_ADD
@@ -469,27 +401,21 @@ class IPAdmin(SimpleLDAPObject):
modlist.append((operation, "nsAccountlock", "true"))
try:
- if sctrl is not None:
- self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
self.modify_s(dn, modlist)
except ldap.LDAPError, e:
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
return "Success"
- def deleteEntry(self,*args):
+ def delete_entry(self,*args):
"""This wraps the delete function. Use with caution."""
- sctrl = self.__get_server_controls__()
-
- try:
- if sctrl is not None:
- self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
+ try:
self.delete_s(*args)
except ldap.LDAPError, e:
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
return "Success"
- def modifyPassword(self,dn,oldpass,newpass):
+ def modify_password(self,dn,oldpass,newpass):
"""Set the user password using RFC 3062, LDAP Password Modify Extended
Operation. This ends up calling the IPA password slapi plugin
handler so the Kerberos password gets set properly.
@@ -497,11 +423,7 @@ class IPAdmin(SimpleLDAPObject):
oldpass is not mandatory
"""
- sctrl = self.__get_server_controls__()
-
- try:
- if sctrl is not None:
- self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
+ try:
self.passwd_s(dn, oldpass, newpass)
except ldap.LDAPError, e:
raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
@@ -517,18 +439,18 @@ class IPAdmin(SimpleLDAPObject):
if callable(attr):
setattr(self, name, wrapper(attr, name))
- def exportLDIF(self, file, suffix, forrepl=False, verbose=False):
+ def export_LDIF(self, file, suffix, forrepl=False, verbose=False):
cn = "export" + str(int(time.time()))
dn = "cn=%s, cn=export, cn=tasks, cn=config" % cn
entry = Entry(dn)
- entry.setValues('objectclass', 'top', 'extensibleObject')
- entry.setValues('cn', cn)
- entry.setValues('nsFilename', file)
- entry.setValues('nsIncludeSuffix', suffix)
+ entry.set_values('objectclass', 'top', 'extensibleObject')
+ entry.set_values('cn', cn)
+ entry.set_values('nsFilename', file)
+ entry.set_values('nsIncludeSuffix', suffix)
if forrepl:
- entry.setValues('nsExportReplica', 'true')
-
- rc = self.startTaskAndWait(entry, verbose)
+ entry.set_values('nsExportReplica', 'true')
+
+ rc = self.start_task_and_wait(entry, verbose)
if rc:
if verbose:
@@ -538,7 +460,7 @@ class IPAdmin(SimpleLDAPObject):
print "Export task %s for file %s completed successfully" % (cn,file)
return rc
- def waitForEntry(self, dn, timeout=7200, attr='', quiet=False):
+ def wait_for_entry(self, dn, timeout=7200, attr='', quiet=False):
scope = ldap.SCOPE_BASE
filter = "(objectclass=*)"
attrlist = []
@@ -557,7 +479,7 @@ class IPAdmin(SimpleLDAPObject):
entry = None
while not entry and int(time.time()) < timeout:
try:
- entry = self.getEntry(dn, scope, filter, attrlist)
+ entry = self.get_entry(dn, scope, filter, attrlist)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
pass # found entry, but no attr
except ldap.NO_SUCH_OBJECT: pass # no entry yet
@@ -579,32 +501,32 @@ class IPAdmin(SimpleLDAPObject):
return entry
- def addSchema(self, attr, val):
+ def add_schema(self, attr, val):
dn = "cn=schema"
self.modify_s(dn, [(ldap.MOD_ADD, attr, val)])
- def addAttr(self, *args):
- return self.addSchema('attributeTypes', args)
-
- def addObjClass(self, *args):
- return self.addSchema('objectClasses', args)
+ def add_attr(self, *args):
+ return self.add_schema('attributeTypes', args)
+
+ def add_obj_class(self, *args):
+ return self.add_schema('objectClasses', args)
###########################
# Static methods start here
###########################
- def normalizeDN(dn):
+ def normalize_dn(dn):
# not great, but will do until we use a newer version of python-ldap
# that has DN utilities
ary = ldap.explode_dn(dn.lower())
return ",".join(ary)
- normalizeDN = staticmethod(normalizeDN)
+ normalize_dn = staticmethod(normalize_dn)
def getfqdn(name=''):
return socket.getfqdn(name)
getfqdn = staticmethod(getfqdn)
def getdomainname(name=''):
- fqdn = IPAdmin.getfqdn(name)
+ fqdn = LdapObject.getfqdn(name)
index = fqdn.find('.')
if index >= 0:
return fqdn[index+1:]
@@ -613,7 +535,7 @@ class IPAdmin(SimpleLDAPObject):
getdomainname = staticmethod(getdomainname)
def getdefaultsuffix(name=''):
- dm = IPAdmin.getdomainname(name)
+ dm = LdapObject.getdomainname(name)
if dm:
return "dc=" + dm.replace('.', ', dc=')
else:
@@ -627,8 +549,8 @@ class IPAdmin(SimpleLDAPObject):
returns True if newhost is the localhost, False otherwise"""
isLocal = False
if args.has_key('newhost'):
- args['newhost'] = IPAdmin.getfqdn(args['newhost'])
- myhost = IPAdmin.getfqdn()
+ args['newhost'] = LdapObject.getfqdn(args['newhost'])
+ myhost = LdapObject.getfqdn()
if myhost == args['newhost']:
isLocal = True
elif args['newhost'] == 'localhost' or \
@@ -636,7 +558,7 @@ class IPAdmin(SimpleLDAPObject):
isLocal = True
else:
isLocal = True
- args['newhost'] = IPAdmin.getfqdn()
+ args['newhost'] = LdapObject.getfqdn()
return isLocal
getnewhost = staticmethod(getnewhost)
diff -r 3aa0f2f6d446 -r c97541fa3a40 ipa-server/xmlrpc-server/funcs.py
--- a/ipa-server/xmlrpc-server/funcs.py Tue Nov 13 15:36:52 2007 -0500
+++ b/ipa-server/xmlrpc-server/funcs.py Wed Nov 14 18:20:02 2007 -0500
@@ -68,23 +68,23 @@ class IPAConnPool:
self._maxsize = maxsize
self._ctx = krbV.default_context()
- def getConn(self, host, port, krbccache=None, debug=None):
+ def get_conn(self, host, port, krbccache=None, debug=None):
conn = None
ccache = krbV.CCache(name=krbccache, context=self._ctx)
cprinc = ccache.principal()
- conn = ipaserver.ipaldap.IPAdmin(host,port,None,None,None,debug)
+ conn = ipaserver.ipaldap.LdapObject(host, port, None, debug)
# This will bind the connection
try:
- conn.set_krbccache(krbccache, cprinc.name)
+ conn.krb_bind(krbccache, cprinc.name)
except ldap.UNWILLING_TO_PERFORM, e:
raise ipaerror.gen_exception(ipaerror.CONNECTION_UNWILLING)
return conn
- def releaseConn(self, conn):
+ def release_conn(self, conn):
if conn is None:
return
@@ -124,11 +124,11 @@ class IPAServer:
princ = self.__safe_filter(princ)
filter = "(krbPrincipalName=" + princ + ")"
# The only anonymous search we should have
- conn = _LDAPPool.getConn(self.host,self.sslport,self.bindca,self.bindcert,self.bindkey,None,None,debug)
- try:
- ent = conn.getEntry(self.basedn, self.scope, filter, ['dn'])
- finally:
- _LDAPPool.releaseConn(conn)
+ conn = _LDAPPool.get_conn(self.host,self.sslport,self.bindca,self.bindcert,self.bindkey,None,None,debug)
+ try:
+ ent = conn.get_entry(self.basedn, self.scope, filter, ['dn'])
+ finally:
+ _LDAPPool.release_conn(conn)
return "dn:" + ent.dn
@@ -140,7 +140,7 @@ class IPAServer:
We only want one or the other used at one time and we prefer
the Kerberos credentials cache. So if there is a ccache, return
- that and None for proxy dn to make calling getConn() easier.
+ that and None for proxy dn to make calling get_conn() easier.
"""
debug = "Off"
@@ -163,8 +163,8 @@ class IPAServer:
else:
return None, self.krbccache, debug
- def getConnection(self, opts):
- """Wrapper around IPAConnPool.getConn() so we don't have to pass
+ def get_connection(self, opts):
+ """Wrapper around IPAConnPool.get_conn() so we don't have to pass
around self.* every time a connection is needed.
For SASL connections (where we have a krbccache) we can't set
@@ -184,7 +184,7 @@ class IPAServer:
raise ipaerror.gen_exception(ipaerror.CONNECTION_NO_CCACHE)
try:
- conn = _LDAPPool.getConn(self.host,port,krbccache,debug)
+ conn = _LDAPPool.get_conn(self.host,port,krbccache,debug)
except ldap.INVALID_CREDENTIALS, e:
raise ipaerror.gen_exception(ipaerror.CONNECTION_GSSAPI_CREDENTIALS, nested_exception=e)
@@ -193,10 +193,10 @@ class IPAServer:
return conn
- def releaseConnection(self, conn):
+ def release_connection(self, conn):
global _LDAPPool
- _LDAPPool.releaseConn(conn)
+ _LDAPPool.release_conn(conn)
def convert_entry(self, ent):
entry = dict(ent.data)
@@ -222,12 +222,12 @@ class IPAServer:
"""
ent=""
- conn = self.getConnection(opts)
- try:
- ent = conn.getEntry(base, scope, filter, sattrs)
-
- finally:
- self.releaseConnection(conn)
+ conn = self.get_connection(opts)
+ try:
+ ent = conn.get_entry(base, scope, filter, sattrs)
+
+ finally:
+ self.release_connection(conn)
return self.convert_entry(ent)
@@ -251,11 +251,11 @@ class IPAServer:
"""
entries = []
- conn = self.getConnection(opts)
- try:
- entries = conn.getList(base, self.scope, filter, sattrs)
- finally:
- self.releaseConnection(conn)
+ conn = self.get_connection(opts)
+ try:
+ entries = conn.get_list(base, self.scope, filter, sattrs)
+ finally:
+ self.release_connection(conn)
return map(self.convert_entry, entries)
@@ -276,11 +276,11 @@ class IPAServer:
except KeyError, e:
raise ipaerror.gen_exception(ipaerror.LDAP_MISSING_DN)
- conn = self.getConnection(opts)
- try:
- res = conn.updateEntry(moddn, oldentry, newentry)
- finally:
- self.releaseConnection(conn)
+ conn = self.get_connection(opts)
+ try:
+ res = conn.update_entry(moddn, oldentry, newentry)
+ finally:
+ self.release_connection(conn)
return res
def __safe_filter(self, criteria):
@@ -452,19 +452,19 @@ class IPAServer:
del user['gn']
# some required objectclasses
- entry.setValues('objectClass', 'top', 'person', 'organizationalPerson',
+ entry.set_values('objectClass', 'top', 'person', 'organizationalPerson',
'inetOrgPerson', 'inetUser', 'posixAccount', 'krbPrincipalAux', 'radiusprofile')
# fill in our new entry with everything sent by the user
for u in user:
- entry.setValues(u, user[u])
-
- conn = self.getConnection(opts)
- try:
- res = conn.addEntry(entry)
+ entry.set_values(u, user[u])
+
+ conn = self.get_connection(opts)
+ try:
+ res = conn.add_entry(entry)
self.add_user_to_group(user.get('uid'), group_dn, opts)
finally:
- self.releaseConnection(conn)
+ self.release_connection(conn)
return res
def get_add_schema (self):
@@ -517,11 +517,11 @@ class IPAServer:
"""
filter = "(objectclass=posixAccount)"
- conn = self.getConnection(opts)
- try:
- all_users = conn.getList(self.basedn, self.scope, filter, None)
- finally:
- self.releaseConnection(conn)
+ conn = self.get_connection(opts)
+ try:
+ all_users = conn.get_list(self.basedn, self.scope, filter, None)
+ finally:
+ self.release_connection(conn)
users = []
for u in all_users:
@@ -560,23 +560,23 @@ class IPAServer:
exact_match_filter = "(&(objectClass=person)%s)" % exact_match_filter
partial_match_filter = "(&(objectClass=person)%s)" % partial_match_filter
- conn = self.getConnection(opts)
- try:
- try:
- exact_results = conn.getListAsync(self.basedn, self.scope,
+ conn = self.get_connection(opts)
+ try:
+ try:
+ exact_results = conn.get_list_async(self.basedn, self.scope,
exact_match_filter, sattrs, 0, None, None, timelimit,
searchlimit)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
exact_results = [0]
try:
- partial_results = conn.getListAsync(self.basedn, self.scope,
+ partial_results = conn.get_list_async(self.basedn, self.scope,
partial_match_filter, sattrs, 0, None, None, timelimit,
searchlimit)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
partial_results = [0]
finally:
- self.releaseConnection(conn)
+ self.release_connection(conn)
exact_counter = exact_results[0]
partial_counter = partial_results[0]
@@ -622,9 +622,9 @@ class IPAServer:
if oldentry.get('uid') != newentry.get('uid'):
# RDN change
- conn = self.getConnection(opts)
- try:
- res = conn.updateRDN(oldentry.get('dn'), "uid=" + newentry.get('uid'))
+ conn = self.get_connection(opts)
+ try:
+ res = conn.update_rdn(oldentry.get('dn'), "uid=" + newentry.get('uid'))
newdn = oldentry.get('dn')
newdn = newdn.replace("uid=%s" % oldentry.get('uid'), "uid=%s" % newentry.get('uid'))
@@ -635,7 +635,7 @@ class IPAServer:
oldentry['uid'] = newentry['uid']
newrdn = 1
finally:
- self.releaseConnection(conn)
+ self.release_connection(conn)
try:
rv = self.update_entry(oldentry, newentry, opts)
@@ -660,11 +660,11 @@ class IPAServer:
else:
has_key = False
- conn = self.getConnection(opts)
- try:
- res = conn.inactivateEntry(user['dn'], has_key)
- finally:
- self.releaseConnection(conn)
+ conn = self.get_connection(opts)
+ try:
+ res = conn.inactivate_entry(user['dn'], has_key)
+ finally:
+ self.release_connection(conn)
return res
def delete_user (self, uid, opts=None):
@@ -680,11 +680,11 @@ class IPAServer:
if user is None:
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
- conn = self.getConnection(opts)
- try:
- res = conn.deleteEntry(user['dn'])
- finally:
- self.releaseConnection(conn)
+ conn = self.get_connection(opts)
+ try:
+ res = conn.delete_entry(user['dn'])
+ finally:
+ self.release_connection(conn)
return res
def modifyPassword (self, principal, oldpass, newpass, opts=None):
@@ -698,11 +698,11 @@ class IPAServer:
if user is None or user['krbprincipalname'] != principal:
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
- conn = self.getConnection(opts)
- try:
- res = conn.modifyPassword(user['dn'], oldpass, newpass)
- finally:
- self.releaseConnection(conn)
+ conn = self.get_connection(opts)
+ try:
+ res = conn.modify_password(user['dn'], oldpass, newpass)
+ finally:
+ self.release_connection(conn)
return res
# Group support
@@ -747,7 +747,7 @@ class IPAServer:
entry = ipaserver.ipaldap.Entry(dn)
# some required objectclasses
- entry.setValues('objectClass', 'top', 'groupofuniquenames', 'posixGroup',
+ entry.set_values('objectClass', 'top', 'groupofuniquenames', 'posixGroup',
'inetUser')
# No need to explicitly set gidNumber. The dna_plugin will do this
@@ -755,13 +755,13 @@ class IPAServer:
# fill in our new entry with everything sent by the user
for g in group:
- entry.setValues(g, group[g])
-
- conn = self.getConnection(opts)
- try:
- res = conn.addEntry(entry)
- finally:
- self.releaseConnection(conn)
+ entry.set_values(g, group[g])
+
+ conn = self.get_connection(opts)
+ try:
+ res = conn.add_entry(entry)
+ finally:
+ self.release_connection(conn)
def find_groups (self, criteria, sattrs=None, searchlimit=0, timelimit=-1,
opts=None):
@@ -795,23 +795,23 @@ class IPAServer:
#
# TODO - copy/paste from find_users. needs to be refactored
#
- conn = self.getConnection(opts)
- try:
- try:
- exact_results = conn.getListAsync(self.basedn, self.scope,
+ conn = self.get_connection(opts)
+ try:
+ try:
+ exact_results = conn.get_list_async(self.basedn, self.scope,
exact_match_filter, sattrs, 0, None, None, timelimit,
searchlimit)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
exact_results = [0]
try:
- partial_results = conn.getListAsync(self.basedn, self.scope,
+ partial_results = conn.get_list_async(self.basedn, self.scope,
partial_match_filter, sattrs, 0, None, None, timelimit,
searchlimit)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
partial_results = [0]
finally:
- self.releaseConnection(conn)
+ self.release_connection(conn)
exact_counter = exact_results[0]
partial_counter = partial_results[0]
@@ -1063,9 +1063,9 @@ class IPAServer:
newcn.sort()
if oldcn != newcn:
# RDN change
- conn = self.getConnection(opts)
- try:
- res = conn.updateRDN(oldentry.get('dn'), "cn=" + newcn[0])
+ conn = self.get_connection(opts)
+ try:
+ res = conn.update_rdn(oldentry.get('dn'), "cn=" + newcn[0])
newdn = oldentry.get('dn')
# Ick. Need to find the exact cn used in the old DN so we'll
@@ -1082,7 +1082,7 @@ class IPAServer:
oldentry['cn'] = newentry['cn']
newrdn = 1
finally:
- self.releaseConnection(conn)
+ self.release_connection(conn)
try:
rv = self.update_entry(oldentry, newentry, opts)
@@ -1106,11 +1106,11 @@ class IPAServer:
if group is None:
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
- conn = self.getConnection(opts)
- try:
- res = conn.deleteEntry(group_dn)
- finally:
- self.releaseConnection(conn)
+ conn = self.get_connection(opts)
+ try:
+ res = conn.delete_entry(group_dn)
+ finally:
+ self.release_connection(conn)
return res
def add_group_to_group(self, group, tgroup, opts=None):
@@ -1163,15 +1163,15 @@ class IPAServer:
groupdn = self.__safe_filter(groupdn)
filter = "(memberOf=%s)" % groupdn
- conn = self.getConnection(opts)
- try:
- results = conn.getListAsync(self.basedn, self.scope,
+ conn = self.get_connection(opts)
+ try:
+ results = conn.get_list_async(self.basedn, self.scope,
filter, attr_list, 0, None, None, timelimit,
searchlimit)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
results = [0]
finally:
- self.releaseConnection(conn)
+ self.release_connection(conn)
counter = results[0]
results = results[1:]
More information about the Freeipa-devel
mailing list