[Freeipa-devel] [PATCH] 31 Use DN objects instead of strings in adtrustinstance

Mon, 02 Jul 2012 05:47:05 -0700 

Hi,

as pointed out by John adtrustinstance.py does not use the DN objects
but strings to define LDAP DNs. This patch fixes it.

bye,
Sumit

From e91540c323791f06791c973754e7773eaccaf08e Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Mon, 2 Jul 2012 12:20:23 +0200
Subject: [PATCH] Use DN objects instead of strings in adtrustinstance

---
 ipaserver/install/adtrustinstance.py |   41 +++++++++++++++++++++-------------
 1 Datei geändert, 25 Zeilen hinzugefügt(+), 16 Zeilen entfernt(-)

diff --git a/ipaserver/install/adtrustinstance.py 
b/ipaserver/install/adtrustinstance.py
index 
9646f7e7b1dc7e9954b681550d3ffa7a54a6f139..20feec4df309b5793aa1c29fdf18bc5bfe180943
 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -29,6 +29,7 @@ from ipaserver.install.dsinstance import realm_to_serverid
 from ipaserver.install.bindinstance import get_rr, add_rr, del_rr, \
                                            dns_zone_exists
 from ipalib import errors, api
+from ipalib.dn import DN
 from ipapython import sysrestore
 from ipapython import ipautil
 from ipapython.ipa_log_manager import *
@@ -129,8 +130,10 @@ class ADTRUSTInstance(service.Service):
         return "S-1-5-21-%d-%d-%d" % (sub_ids[0], sub_ids[1], sub_ids[2])
 
     def __add_admin_sids(self):
-        admin_dn = "uid=admin,cn=users,cn=accounts,%s" % self.suffix
-        admin_group_dn = "cn=admins,cn=groups,cn=accounts,%s" % self.suffix
+        admin_dn = str(DN(('uid', 'admin'), api.env.container_user,
+                          self.suffix))
+        admin_group_dn = str(DN(('cn', 'admins'), api.env.container_group,
+                                self.suffix))
 
         try:
             dom_entry = self.admin_conn.getEntry(self.smb_dom_dn, \
@@ -184,7 +187,8 @@ class ADTRUSTInstance(service.Service):
         """
 
         try:
-            res = self.admin_conn.search_s("cn=ranges,cn=etc,"+self.suffix,
+            res = self.admin_conn.search_s(str(DN(api.env.container_ranges,
+                                                  self.suffix)),
                                            ldap.SCOPE_ONELEVEL,
                                            "(objectclass=ipaDomainIDRange)")
             if len(res) != 1:
@@ -227,8 +231,8 @@ class ADTRUSTInstance(service.Service):
             pass
 
         for new_dn in (self.trust_dn, \
-                       "cn=ad,"+self.trust_dn, \
-                       "cn=ad,cn=etc,"+self.suffix):
+                       str(DN(('cn', 'ad'), self.trust_dn)), \
+                       str(DN(api.env.container_cifsdomains, self.suffix))):
             try:
                 self.admin_conn.getEntry(new_dn, ldap.SCOPE_BASE)
             except errors.NotFound:
@@ -469,14 +473,16 @@ class ADTRUSTInstance(service.Service):
 
         self.smb_conf = "/etc/samba/smb.conf"
 
-        self.smb_dn = "cn=adtrust agents,cn=sysaccounts,cn=etc,%s" % 
self.suffix
+        self.smb_dn = str(DN(('cn', 'adtrust agents'), ('cn', 'sysaccounts'),
+                             ('cn', 'etc'), self.suffix))
 
-        self.trust_dn = "cn=trusts,%s" % self.suffix
-        self.smb_dom_dn = "cn=%s,cn=ad,cn=etc,%s" % (self.domain_name, \
-                                                     self.suffix)
+        self.trust_dn = str(DN(api.env.container_trusts, self.suffix))
+        self.smb_dom_dn = str(DN(('cn', self.domain_name),
+                                 api.env.container_cifsdomains, self.suffix))
         self.cifs_principal = "cifs/" + self.fqdn + "@" + self.realm_name
-        self.cifs_agent = "krbprincipalname=%s,cn=services,cn=accounts,%s" % \
-                          (self.cifs_principal.lower(), self.suffix)
+        self.cifs_agent = str(DN(('krbprincipalname', 
self.cifs_principal.lower()),
+                                 api.env.container_service,
+                                 self.suffix))
         self.selinux_booleans = ["samba_portmapper"]
 
         self.__setup_sub_dict()
@@ -484,14 +490,16 @@ class ADTRUSTInstance(service.Service):
     def find_local_id_range(self):
         self.ldap_connect()
 
-        if self.admin_conn.search_s("cn=ranges,cn=etc," + self.suffix,
+        if self.admin_conn.search_s(str(DN(api.env.container_ranges,
+                                           self.suffix)),
                                     ldap.SCOPE_ONELEVEL,
                                     "objectclass=ipaDomainIDRange"):
             return
 
         try:
-            entry = 
self.admin_conn.getEntry("cn=admins,cn=groups,cn=accounts," \
-                                                                  + 
self.suffix,
+            entry = self.admin_conn.getEntry(str(DN(('cn', 'admins'),
+                                                    api.env.container_group,
+                                                    self.suffix)),
                                              ldap.SCOPE_BASE)
         except errors.NotFound:
             raise ValueError("No local ID range and no admins group found.\n" \
@@ -514,8 +522,9 @@ class ADTRUSTInstance(service.Service):
                              "range.\nAdd local ID range manually and try " \
                              "again!")
 
-        entry = ipaldap.Entry("cn=%s_id_range,cn=ranges,cn=etc,%s" % \
-                              (self.realm_name, self.suffix))
+        entry = ipaldap.Entry(str(DN(('cn', ('%s_id_range' % self.realm_name)),
+                                     api.env.container_ranges,
+                                     self.suffix)))
         entry.setValue('objectclass', 'ipaDomainIDRange')
         entry.setValue('cn', ('%s_id_range' % self.realm_name))
         entry.setValue('ipaBaseID', str(base_id))
-- 
1.7.10.2


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to