[Freeipa-devel] [PATCH] 377 Using LDAPI to setup CA and KRA agents.

[Martin Basti]

On 09/01/2015 07:06 AM, Jan Cholasta wrote:
> On 31.8.2015 22:15, Endi Sukma Dewata wrote:
>> On 8/31/2015 6:18 AM, Martin Basti wrote:
>>>
>>>
>>> On 08/27/2015 09:41 PM, Endi Sukma Dewata wrote:
>>>> The CA and KRA installation code has been modified to use LDAPI
>>>> to create the CA and KRA agents directly in the CA and KRA
>>>> database. This way it's no longer necessary to use the Directory
>>>> Manager password or CA and KRA admin certificate.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/5257
>>>>
>>>>
>>>>
>>>
>>> Thank you.
>>>
>>> 1) Can you use following code instead of direct call of ldap2.ldap2()?
>>>
>>> if not api.Backend.ldap2.is_connected():
>>>      api.Backend.ldap2.connect(autobind=True)
>>>
>>> conn = api.Backend.ldap2
>
> Why would you want to do that? The original code is fine, except the 
> connection check is not necessary (it is a new instance of ldap2, so 
> .isconnected() will always return False).
>
>>
>> It's actually isconnected() instead of is_connected(), but even so, the
>> proposed code doesn't work:
>>
>> ipa.ipapython.install.cli.install_tool(Server): DEBUG    The
>> ipa-server-install command failed, exception: TypeError: 'ldap2' object
>> is not callable
>> ipa.ipapython.install.cli.install_tool(Server): ERROR    'ldap2' object
>> is not callable
>>
>>> 2) Patch needs rebase to master branch.
>>
>> The original patch does apply cleanly to master. Did you see a conflict?
Sorry my bad.

Martin^2
>>
>>> 3)
>>> +        user_dn = DN(('uid', "ipara"), ('ou', 'People'), self.basedn)
>>> +        conn.create(
>>> +            dn=user_dn,
>>>
>>> can you use add entry() instead of create()? We don't use native
>>> python-ldap, but rather ipaldap methods
>>
>> It's actually calling the ldap2.create() defined in
>> ipaserver/plugins/ldap2.py, which calls add_entry().
>
> NACK. We don't use ldap2.create(). Use add_entry().
>
>>
>> So my original patch still stands.
>>
>
>