On 01/24/2013 03:06 PM, Petr Viktorin wrote:
On 01/24/2013 10:43 AM, Petr Viktorin wrote:
On 01/22/2013 04:04 PM, Petr Viktorin wrote:
On 01/21/2013 06:38 PM, Petr Viktorin wrote:
On 01/17/2013 06:27 PM, Petr Viktorin wrote:
Hello,
This is the first batch of changes aimed to consolidate our LDAP code.
Each should be a self-contained change that doesn't break anything.
These patches do some general cleanup (some of the changes might seem
trivial but help a lot when grepping through the code); merge the
common
parts LDAPEntry, Entry and Entity classes; and move stuff that depends
on an installed server out of IPASimpleLDAPObject and SchemaCache.
I'm posting them early so you can see where I'm going, and so you can
find out if your work will conflict with mine.
Here is a third set of patches. These apply on top of jcholast's patches
94-96.
I found mistakes in two of the patches, attaching fixed versions.
Since this patchset is becoming unwieldy, I've put it in a public repo
that I'll keep updated. The following command will fetch it into your
"pviktori-ldap-refactor" branch:
git fetch git://github.com/encukou/freeipa
ldap-refactor:pviktori-ldap-refactor
--
PetrĀ³
From 9e2b7b8b77af71c164f2f028858ab6c97cd66218 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Thu, 17 Jan 2013 11:25:47 -0500
Subject: [PATCH] Make IPAdmin not inherit from IPASimpleLDAPObject
Instead of inheritance, the LDAPObject is kept in a `conn` attribute,
as the ldap2 class does it.
However, all IPASimpleLDAPObject methods are still available as before
(using __getattr__-based proxying).
Also, remove the IPAEntryLDAPObject class. The methods it overrode
were never called in ways that would make them behave differently than
the superclass.
Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
---
ipaserver/install/service.py | 2 +-
ipaserver/ipaldap.py | 87 +++++++++++-------------------------------
2 files changed, 24 insertions(+), 65 deletions(-)
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 88b47da342fc4bf27defe64a4105221fa1d6b1c1..38ee45e316896d54d1f8fa6e8bdd52d5df706eaf 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -153,7 +153,7 @@ class Service(object):
# use URI of admin connection
if not self.admin_conn:
self.ldap_connect()
- args += ["-H", self.admin_conn.uri]
+ args += ["-H", self.admin_conn.ldap_uri]
auth_parms = []
if self.dm_password:
diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index 14a7deeefd7b1d30ee5b54c4b45187cca082aaba..816cd6ffc220a132586bdbb0a0debc575c5fd165 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -567,50 +567,6 @@ class IPASimpleLDAPObject(object):
return self.conn.unbind_s()
-class IPAEntryLDAPObject(IPASimpleLDAPObject):
- # FIXME: class for backwards compatibility only
- def __init__(self, *args, **kwds):
- kwds.setdefault('force_schema_updates', True)
- IPASimpleLDAPObject.__init__(self, *args, **kwds)
-
- def result(self, msgid=ldap.RES_ANY, all=1, timeout=None):
- objtype, data = IPASimpleLDAPObject.result(self, msgid, all, timeout)
- # data is either a 2-tuple or a list of 2-tuples
- if data:
- if isinstance(data, (LDAPEntry, tuple)):
- return objtype, Entry(data)
- elif isinstance(data, list):
- return objtype, [Entry(x) for x in data]
- else:
- raise TypeError, "unknown data type %s returned by result" % type(data)
- else:
- return objtype, data
-
- def add(self, dn, modlist):
- if isinstance(dn, Entry):
- return IPASimpleLDAPObject.add(self, dn.dn, dn.toTupleList())
- else:
- return IPASimpleLDAPObject.add(self, dn, modlist)
-
- def add_s(self, dn, modlist):
- if isinstance(dn, Entry):
- return IPASimpleLDAPObject.add_s(self, dn.dn, dn.toTupleList())
- else:
- return IPASimpleLDAPObject.add_s(self, dn, modlist)
-
- def add_ext(self, dn, modlist, serverctrls=None, clientctrls=None):
- if isinstance(dn, Entry):
- return IPASimpleLDAPObject.add_ext(self, dn.dn, dn.toTupleList(), serverctrls, clientctrls)
- else:
- return IPASimpleLDAPObject.add_ext(self, dn, modlist, serverctrls, clientctrls)
-
- def add_ext_s(self, dn, modlist, serverctrls=None, clientctrls=None):
- if isinstance(dn, Entry):
- return IPASimpleLDAPObject.add_ext_s(self, dn.dn, dn.toTupleList(), serverctrls, clientctrls)
- else:
- return IPASimpleLDAPObject.add_ext_s(self, dn, modlist, serverctrls, clientctrls)
-
-
# Make python-ldap tuple style result compatible with Entry and Entity
# objects by allowing access to the dn (tuple index 0) via the 'dn'
# attribute name and the attr dict (tuple index 1) via the 'data'
@@ -891,21 +847,19 @@ class LDAPConnection(object):
raise errors.DatabaseError(desc=desc, info=info)
-class IPAdmin(LDAPConnection, IPAEntryLDAPObject):
+class IPAdmin(LDAPConnection):
- def __localinit(self):
- if self.protocol == 'ldaps':
- ldap_uri = 'ldaps://%s' % format_netloc(self.host, self.port)
- elif self.protocol == 'ldapi':
- ldap_uri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % (
+ def __get_ldap_uri(self, protocol):
+ if protocol == 'ldaps':
+ return 'ldaps://%s' % format_netloc(self.host, self.port)
+ elif protocol == 'ldapi':
+ return 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % (
"-".join(self.realm.split(".")))
- elif self.protocol == 'ldap':
- ldap_uri = 'ldap://%s' % format_netloc(self.host, self.port)
+ elif protocol == 'ldap':
+ return 'ldap://%s' % format_netloc(self.host, self.port)
else:
- raise ValueError('Protocol %r not supported' % self.protocol)
+ raise ValueError('Protocol %r not supported' % protocol)
- LDAPConnection.__init__(self, ldap_uri)
- IPAEntryLDAPObject.__init__(self, ldap_uri)
def __guess_protocol(self):
"""Return the protocol to use based on flags passed to the constructor
@@ -928,12 +882,8 @@ class IPAdmin(LDAPConnection, IPAEntryLDAPObject):
def __init__(self, host='', port=389, cacert=None, bindcert=None,
bindkey=None, proxydn=None, debug=None, ldapi=False,
- realm=None, protocol=None):
- """We just set our instance variables and wrap the methods - the real
- work is done in __localinit. This is separated out this way so
- that we can call it from places other than instance creation
- e.g. when we just need to reconnect
- """
+ realm=None, protocol=None, force_schema_updates=True):
+ self.conn = None
log_mgr.get_logger(self, True)
if debug and debug.lower() == "on":
ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
@@ -953,8 +903,12 @@ class IPAdmin(LDAPConnection, IPAEntryLDAPObject):
self.ldapi = ldapi
self.realm = realm
self.suffixes = {}
- self.protocol = protocol or self.__guess_protocol()
- self.__localinit()
+
+ ldap_uri = self.__get_ldap_uri(protocol or self.__guess_protocol())
+
+ LDAPConnection.__init__(self, ldap_uri)
+
+ self.conn = IPASimpleLDAPObject(ldap_uri, force_schema_updates=True)
def __lateinit(self):
"""
@@ -995,7 +949,7 @@ class IPAdmin(LDAPConnection, IPAEntryLDAPObject):
return self.handle_errors(e, **kw)
def __wait_for_connection(self, timeout):
- lurl = ldapurl.LDAPUrl(self.uri)
+ lurl = ldapurl.LDAPUrl(self.ldap_uri)
if lurl.urlscheme == 'ldapi':
wait_for_open_socket(lurl.hostport, timeout)
else:
@@ -1328,6 +1282,11 @@ class IPAdmin(LDAPConnection, IPAEntryLDAPObject):
return map(res.get, keys)
+ def __getattr__(self, attrname):
+ # This makes IPAdmin classes look like IPASimpleLDAPObjects
+ # FIXME: for backwards compatibility only
+ return getattr(self.conn, attrname)
+
# FIXME: Some installer tools depend on ipaldap importing plugins.ldap2.
# The proper plugins should rather be imported explicitly.
--
1.7.7.6
From 9eb0aaf5fd64f6e0e03f7d2132b1d6133a829c67 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Fri, 18 Jan 2013 09:24:35 -0500
Subject: [PATCH] Replace setValue by keyword arguments when creating entries
Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
---
ipaserver/install/adtrustinstance.py | 47 ++++++-----
ipaserver/install/cainstance.py | 16 ++--
ipaserver/install/dsinstance.py | 16 ++--
ipaserver/install/krbinstance.py | 84 ++++++++++---------
ipaserver/install/ldapupdate.py | 13 ++--
ipaserver/install/replication.py | 153 ++++++++++++++++++++--------------
ipaserver/install/service.py | 29 ++++---
7 files changed, 202 insertions(+), 156 deletions(-)
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index 91e40c8240294840f919ded2eacd238450302d5e..b2b9b4aeeed254dfe9538c7ad73d0d75bb0a7db7 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -326,23 +326,26 @@ class ADTRUSTInstance(service.Service):
try:
self.admin_conn.getEntry(new_dn, ldap.SCOPE_BASE)
except errors.NotFound:
- entry = self.admin_conn.make_entry(new_dn)
- entry.setValues("objectclass", ["nsContainer"])
try:
name = new_dn[1].attr
except Exception, e:
self.print_msg('Cannot extract RDN attribute value from "%s": %s' % \
(new_dn, e))
return
- entry.setValues("cn", name)
+ entry = self.admin_conn.make_entry(
+ new_dn, objectclass=['nsContainer'], cn=[name])
self.admin_conn.addEntry(entry)
- entry = self.admin_conn.make_entry(self.smb_dom_dn)
- entry.setValues("objectclass", [self.OBJC_DOMAIN, "nsContainer"])
- entry.setValues("cn", self.domain_name)
- entry.setValues(self.ATTR_FLAT_NAME, self.netbios_name)
- entry.setValues(self.ATTR_SID, self.__gen_sid_string())
- entry.setValues(self.ATTR_GUID, str(uuid.uuid4()))
+ entry = self.admin_conn.make_entry(
+ self.smb_dom_dn,
+ {
+ 'objectclass': [self.OBJC_DOMAIN, "nsContainer"],
+ 'cn': [self.domain_name],
+ self.ATTR_FLAT_NAME: [self.netbios_name],
+ self.ATTR_SID: [self.__gen_sid_string()],
+ self.ATTR_GUID: [str(uuid.uuid4())],
+ }
+ )
#TODO: which MAY attributes do we want to set ?
self.admin_conn.addEntry(entry)
@@ -452,10 +455,12 @@ class ADTRUSTInstance(service.Service):
current.setValues("member", members + [self.cifs_agent])
self.admin_conn.updateEntry(self.smb_dn, entry.toDict(), current.toDict())
except errors.NotFound:
- entry = self.admin_conn.make_entry(self.smb_dn)
- entry.setValues("objectclass", ["top", "GroupOfNames"])
- entry.setValues("cn", self.smb_dn['cn'])
- entry.setValues("member", [self.cifs_agent])
+ entry = self.admin_conn.make_entry(
+ self.smb_dn,
+ objectclass=["top", "GroupOfNames"],
+ cn=[self.smb_dn['cn']],
+ member=[self.cifs_agent],
+ )
self.admin_conn.addEntry(entry)
except Exception, e:
# CIFS principal already exists, it is not the first time adtrustinstance is managed
@@ -734,13 +739,15 @@ class ADTRUSTInstance(service.Service):
"range.\nAdd local ID range manually and try " \
"again!")
- entry = self.admin_conn.make_entry(DN(('cn', ('%s_id_range' % self.realm)),
- api.env.container_ranges,
- self.suffix))
- entry.setValue('objectclass', 'ipaDomainIDRange')
- entry.setValue('cn', ('%s_id_range' % self.realm))
- entry.setValue('ipaBaseID', str(base_id))
- entry.setValue('ipaIDRangeSize', str(id_range_size))
+ entry = self.admin_conn.make_entry(
+ DN(
+ ('cn', ('%s_id_range' % self.realm)),
+ api.env.container_ranges, self.suffix),
+ objectclass=['ipaDomainIDRange'],
+ cn=['%s_id_range' % self.realm],
+ ipaBaseID=[str(base_id)],
+ ipaIDRangeSize=[str(id_range_size)],
+ )
self.admin_conn.addEntry(entry)
def create_instance(self):
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 473008f919a6521d2b3408a8f6b0ee3c5ea12bae..afb25eef90368ecc24bbfef182e9e62bbcc53d1f 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -393,14 +393,14 @@ class CADSInstance(service.Service):
(ldap.MOD_ADD, "nsslapd-secureport", str(DEFAULT_DSPORT+1))]
conn.modify_s(DN(('cn', 'config')), mod)
- entry = conn.make_entry(DN(('cn', 'RSA'), ('cn', 'encryption'), ('cn', 'config')))
-
- entry.setValues("objectclass", "top", "nsEncryptionModule")
- entry.setValues("cn", "RSA")
- entry.setValues("nsSSLPersonalitySSL", self.nickname)
- entry.setValues("nsSSLToken", "internal (software)")
- entry.setValues("nsSSLActivation", "on")
-
+ entry = conn.make_entry(
+ DN(('cn', 'RSA'), ('cn', 'encryption'), ('cn', 'config')),
+ objectclass=["top", "nsEncryptionModule"],
+ cn=["RSA"],
+ nsSSLPersonalitySSL=[self.nickname],
+ nsSSLToken=["internal (software)"],
+ nsSSLActivation=["on"],
+ )
conn.addEntry(entry)
conn.unbind()
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 99e6866e203144e9f1336414b2d7044dce3f0c34..256eda1d905d6b76d3c922730fb912e788f34ae2 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -571,14 +571,14 @@ class DsInstance(service.Service):
mod = [(ldap.MOD_ADD, "nsslapd-security", "on")]
conn.modify_s(DN(('cn', 'config')), mod)
- entry = conn.make_entry(DN(('cn', 'RSA'), ('cn', 'encryption'), ('cn', 'config')))
-
- entry.setValues("objectclass", "top", "nsEncryptionModule")
- entry.setValues("cn", "RSA")
- entry.setValues("nsSSLPersonalitySSL", nickname)
- entry.setValues("nsSSLToken", "internal (software)")
- entry.setValues("nsSSLActivation", "on")
-
+ entry = conn.make_entry(
+ DN(('cn', 'RSA'), ('cn', 'encryption'), ('cn', 'config')),
+ objectclass=["top", "nsEncryptionModule"],
+ cn=["RSA"],
+ nsSSLPersonalitySSL=[nickname],
+ nsSSLToken=["internal (software)"],
+ nsSSLActivation=["on"],
+ )
conn.addEntry(entry)
conn.unbind()
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 43fe2b1fd97ff30d9237848c9509c87fa5ef8502..4040bd6254a906403a83b2231b05c2fe76416f10 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -108,22 +108,31 @@ class KrbInstance(service.Service):
self.admin_conn.deleteEntry(service_dn)
# Create a host entry for this master
- host_dn = DN(('fqdn', self.fqdn), ('cn', 'computers'), ('cn', 'accounts'), self.suffix)
- host_entry = self.admin_conn.make_entry(host_dn)
- host_entry.setValues('objectclass', ['top', 'ipaobject', 'nshost', 'ipahost', 'ipaservice', 'pkiuser', 'krbprincipalaux', 'krbprincipal', 'krbticketpolicyaux', 'ipasshhost'])
- host_entry.setValues('krbextradata', service_entry.getValues('krbextradata'))
- host_entry.setValue('krblastpwdchange', service_entry.getValue('krblastpwdchange'))
+ host_dn = DN(
+ ('fqdn', self.fqdn), ('cn', 'computers'), ('cn', 'accounts'),
+ self.suffix)
+ host_entry = self.admin_conn.make_entry(
+ host_dn,
+ objectclass=[
+ 'top', 'ipaobject', 'nshost', 'ipahost', 'ipaservice',
+ 'pkiuser', 'krbprincipalaux', 'krbprincipal',
+ 'krbticketpolicyaux', 'ipasshhost'],
+ krbextradata=service_entry['krbextradata'],
+ krblastpwdchange=service_entry['krblastpwdchange'],
+ krbprincipalname=service_entry['krbprincipalname'],
+ krbprincipalkey=service_entry['krbprincipalkey'],
+ serverhostname=[self.fqdn.split('.',1)[0]],
+ cn=[self.fqdn],
+ fqdn=[self.fqdn],
+ ipauniqueid=['autogenerate'],
+ managedby=[host_dn],
+ )
if 'krbpasswordexpiration' in service_entry.toDict():
- host_entry.setValue('krbpasswordexpiration', service_entry.getValue('krbpasswordexpiration'))
- host_entry.setValue('krbprincipalname', service_entry.getValue('krbprincipalname'))
+ host_entry['krbpasswordexpiration'] = [
+ service_entry.getValue('krbpasswordexpiration')]
if 'krbticketflags' in service_entry.toDict():
- host_entry.setValue('krbticketflags', service_entry.getValue('krbticketflags'))
- host_entry.setValue('krbprincipalkey', service_entry.getValue('krbprincipalkey'))
- host_entry.setValue('serverhostname', self.fqdn.split('.',1)[0])
- host_entry.setValue('cn', self.fqdn)
- host_entry.setValue('fqdn', self.fqdn)
- host_entry.setValue('ipauniqueid', 'autogenerate')
- host_entry.setValue('managedby', host_dn)
+ host_entry['krbticketflags'] = [
+ service_entry.getValue('krbticketflags')]
self.admin_conn.addEntry(host_entry)
def __common_setup(self, realm_name, host_name, domain_name, admin_password):
@@ -264,31 +273,30 @@ class KrbInstance(service.Service):
root_logger.critical("Error while enumerating SASL mappings %s" % str(e))
raise e
- entry = self.admin_conn.make_entry(DN(('cn', 'Full Principal'), ('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')))
- entry.setValues("objectclass", "top", "nsSaslMapping")
- entry.setValues("cn", "Full Principal")
- entry.setValues("nsSaslMapRegexString", '\(.*\)@\(.*\)')
- entry.setValues("nsSaslMapBaseDNTemplate", self.suffix)
- entry.setValues("nsSaslMapFilterTemplate", '(krbPrincipalName=\\1@\\2)')
+ entry = self.admin_conn.make_entry(
+ DN(
+ ('cn', 'Full Principal'), ('cn', 'mapping'), ('cn', 'sasl'),
+ ('cn', 'config')),
+ objectclass=["top", "nsSaslMapping"],
+ cn=["Full Principal"],
+ nsSaslMapRegexString=['\(.*\)@\(.*\)'],
+ nsSaslMapBaseDNTemplate=[self.suffix],
+ nsSaslMapFilterTemplate=['(krbPrincipalName=\\1@\\2)'],
+ )
+ self.admin_conn.addEntry(entry)
- try:
- self.admin_conn.addEntry(entry)
- except ldap.ALREADY_EXISTS:
- root_logger.critical("failed to add Full Principal Sasl mapping")
- raise e
-
- entry = self.admin_conn.make_entry(DN(('cn', 'Name Only'), ('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')))
- entry.setValues("objectclass", "top", "nsSaslMapping")
- entry.setValues("cn", "Name Only")
- entry.setValues("nsSaslMapRegexString", '^[^:@]+$')
- entry.setValues("nsSaslMapBaseDNTemplate", self.suffix)
- entry.setValues("nsSaslMapFilterTemplate", '(krbPrincipalName=&@%s)' % self.realm)
-
- try:
- self.admin_conn.addEntry(entry)
- except ldap.ALREADY_EXISTS:
- root_logger.critical("failed to add Name Only Sasl mapping")
- raise e
+ entry = self.admin_conn.make_entry(
+ DN(
+ ('cn', 'Name Only'), ('cn', 'mapping'), ('cn', 'sasl'),
+ ('cn', 'config')),
+ objectclass=["top", "nsSaslMapping"],
+ cn=["Name Only"],
+ nsSaslMapRegexString=['^[^:@]+$'],
+ nsSaslMapBaseDNTemplate=[self.suffix],
+ nsSaslMapFilterTemplate=[
+ '(krbPrincipalName=&@%s)' % self.realm],
+ )
+ self.admin_conn.addEntry(entry)
def __add_krb_container(self):
self._ldap_mod("kerberos.ldif", self.sub_dict)
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index f7f6c059475eda280c39c2b66edeb20ce55f26f8..5de43749b25aa1640ed947a0756a88851d55e1a6 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -422,12 +422,13 @@ class LDAPUpdate:
cn = "indextask_%s_%s_%s" % (attribute, cn_uuid.time, cn_uuid.clock_seq)
dn = DN(('cn', cn), ('cn', 'index'), ('cn', 'tasks'), ('cn', 'config'))
- e = self.conn.make_entry(dn)
-
- e.setValues('objectClass', ['top', 'extensibleObject'])
- e.setValue('cn', cn)
- e.setValue('nsInstance', 'userRoot')
- e.setValues('nsIndexAttribute', attribute)
+ e = self.conn.make_entry(
+ dn,
+ objectClass=['top', 'extensibleObject'],
+ cn=[cn],
+ nsInstance=['userRoot'],
+ nsIndexAttribute=[attribute],
+ )
self.info("Creating task to index attribute: %s", attribute)
self.debug("Task id: %s", dn)
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 35c8d91c757d05fceac09d649e0c2a41ab8c6d7f..52db8c7ab83c8f996c43d699ac31bf75e4961d6b 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -287,11 +287,15 @@ class ReplicationManager(object):
rdn_attr = dn[0].attr
rdn_val = dn[0].value
- ent = conn.make_entry(dn)
- ent.setValues("objectclass", "top", "person")
- ent.setValues(rdn_attr, rdn_val)
- ent.setValues("userpassword", pw)
- ent.setValues("sn", "replication manager pseudo user")
+ ent = conn.make_entry(
+ dn,
+ {
+ 'objectclass': ["top", "person"],
+ rdn_attr: [rdn_val],
+ 'userpassword': [pw],
+ 'sn': ["replication manager pseudo user"],
+ }
+ )
try:
conn.addEntry(ent)
@@ -337,25 +341,28 @@ class ReplicationManager(object):
replica_type = self.get_replica_type()
- entry = conn.make_entry(dn)
- entry.setValues('objectclass', "top", "nsds5replica", "extensibleobject")
- entry.setValues('cn', "replica")
- entry.setValues('nsds5replicaroot', str(self.suffix))
- entry.setValues('nsds5replicaid', str(replica_id))
- entry.setValues('nsds5replicatype', replica_type)
- entry.setValues('nsds5flags', "1")
- entry.setValues('nsds5replicabinddn', [replica_binddn])
- entry.setValues('nsds5replicalegacyconsumer', "off")
-
+ entry = conn.make_entry(
+ dn,
+ objectclass=["top", "nsds5replica", "extensibleobject"],
+ cn=["replica"],
+ nsds5replicaroot=[str(self.suffix)],
+ nsds5replicaid=[str(replica_id)],
+ nsds5replicatype=[replica_type],
+ nsds5flags=["1"],
+ nsds5replicabinddn=[replica_binddn],
+ nsds5replicalegacyconsumer=["off"],
+ )
conn.addEntry(entry)
def setup_changelog(self, conn):
- dn = DN(('cn', 'changelog5'), ('cn', 'config'))
- dirpath = conn.dbdir + "/cldb"
- entry = conn.make_entry(dn)
- entry.setValues('objectclass', "top", "extensibleobject")
- entry.setValues('cn', "changelog5")
- entry.setValues('nsslapd-changelogdir', dirpath)
+ entry = conn.make_entry(
+ DN(('cn', 'changelog5'), ('cn', 'config')),
+ {
+ 'objectclass': ["top", "extensibleobject"],
+ 'cn': ["changelog5"],
+ 'nsslapd-changelogdir': [conn.dbdir + "/cldb"],
+ }
+ )
try:
conn.addEntry(entry)
except errors.DuplicateEntry:
@@ -372,14 +379,18 @@ class ReplicationManager(object):
try:
cn = benamebase + str(benum) # e.g. localdb1
dn = DN(('cn', cn), chaindn)
- entry = self.conn.make_entry(dn)
- entry.setValues('objectclass', 'top', 'extensibleObject', 'nsBackendInstance')
- entry.setValues('cn', cn)
- entry.setValues('nsslapd-suffix', str(self.suffix))
- entry.setValues('nsfarmserverurl', urls)
- entry.setValues('nsmultiplexorbinddn', self.repl_man_dn)
- entry.setValues('nsmultiplexorcredentials', self.repl_man_passwd)
-
+ entry = conn.make_entry(
+ dn,
+ {
+ 'objectclass': [
+ 'top', 'extensibleObject', 'nsBackendInstance'],
+ 'cn': [cn],
+ 'nsslapd-suffix': [str(self.suffix)],
+ 'nsfarmserverurl': urls,
+ 'nsmultiplexorbinddn': [self.repl_man_dn],
+ 'nsmultiplexorcredentials': [self.repl_man_passwd],
+ }
+ )
self.conn.addEntry(entry)
done = True
except errors.DuplicateEntry:
@@ -444,10 +455,12 @@ class ReplicationManager(object):
pass
# The user doesn't exist, add it
- entry = conn.make_entry(pass_dn)
- entry.setValues("objectclass", ["account", "simplesecurityobject"])
- entry.setValues("uid", "passsync")
- entry.setValues("userPassword", password)
+ entry = conn.make_entry(
+ pass_dn,
+ objectclass=["account", "simplesecurityobject"],
+ uid=["passsync"],
+ userPassword=[password],
+ )
conn.addEntry(entry)
# Add it to the list of users allowed to bypass password policy
@@ -516,25 +529,27 @@ class ReplicationManager(object):
except errors.NotFound:
pass
- entry = a_conn.make_entry(dn)
- entry.setValues('objectclass', "nsds5replicationagreement")
- entry.setValues('cn', cn)
- entry.setValues('nsds5replicahost', b_hostname)
- entry.setValues('nsds5replicaport', str(port))
- entry.setValues('nsds5replicatimeout', str(TIMEOUT))
- entry.setValues('nsds5replicaroot', str(self.suffix))
+ entry = a_conn.make_entry(
+ dn,
+ objectclass=["nsds5replicationagreement"],
+ cn=[cn],
+ nsds5replicahost=[b_hostname],
+ nsds5replicaport=[str(port)],
+ nsds5replicatimeout=[str(TIMEOUT)],
+ nsds5replicaroot=[str(self.suffix)],
+ description=["me to %s" % b_hostname],
+ )
if master is None:
- entry.setValues('nsDS5ReplicatedAttributeList',
- '(objectclass=*) $ EXCLUDE %s' % " ".join(EXCLUDES))
- entry.setValues('description', "me to %s" % b_hostname)
+ entry['nsDS5ReplicatedAttributeList'] = [
+ '(objectclass=*) $ EXCLUDE %s' % " ".join(EXCLUDES)]
if isgssapi:
- entry.setValues('nsds5replicatransportinfo', 'LDAP')
- entry.setValues('nsds5replicabindmethod', 'SASL/GSSAPI')
+ entry['nsds5replicatransportinfo'] = ['LDAP']
+ entry['nsds5replicabindmethod'] = ['SASL/GSSAPI']
else:
- entry.setValues('nsds5replicabinddn', repl_man_dn)
- entry.setValues('nsds5replicacredentials', repl_man_passwd)
- entry.setValues('nsds5replicatransportinfo', 'TLS')
- entry.setValues('nsds5replicabindmethod', 'simple')
+ entry['nsds5replicabinddn'] = [repl_man_dn]
+ entry['nsds5replicacredentials'] = [repl_man_passwd]
+ entry['nsds5replicatransportinfo'] = ['TLS']
+ entry['nsds5replicabindmethod'] = ['simple']
if iswinsync:
self.setup_winsync_agmt(entry, win_subtree)
@@ -551,7 +566,7 @@ class ReplicationManager(object):
# that we will have to set the memberof fixup task
self.need_memberof_fixup = True
- entry.setValues('nsds5ReplicaStripAttrs', " ".join(STRIP_ATTRS))
+ entry['nsds5ReplicaStripAttrs'] = [" ".join(STRIP_ATTRS)]
entry = a_conn.waitForEntry(entry)
@@ -912,10 +927,12 @@ class ReplicationManager(object):
# Add winsync replica to the public DIT
dn = DN(('cn',ad_dc_name),('cn','replicas'),('cn','ipa'),('cn','etc'), self.suffix)
- entry = self.conn.make_entry(dn)
- entry.setValues("objectclass", ["nsContainer", "ipaConfigObject"])
- entry.setValues("cn", ad_dc_name)
- entry.setValues("ipaConfigString", "winsync:%s" % self.hostname)
+ entry = self.conn.make_entry(
+ dn,
+ objectclass=["nsContainer", "ipaConfigObject"],
+ cn=[ad_dc_name],
+ ipaConfigString=["winsync:%s" % self.hostname],
+ )
try:
self.conn.addEntry(entry)
@@ -1167,11 +1184,15 @@ class ReplicationManager(object):
root_logger.debug("Creating CLEANALLRUV task for replica id %d" % replicaId)
dn = DN(('cn', 'clean %d' % replicaId), ('cn', 'cleanallruv'),('cn', 'tasks'), ('cn', 'config'))
- e = self.conn.make_entry(dn)
- e.setValues('objectclass', ['top', 'extensibleObject'])
- e.setValue('replica-base-dn', api.env.basedn)
- e.setValue('replica-id', replicaId)
- e.setValue('cn', 'clean %d' % replicaId)
+ e = self.conn.make_entry(
+ dn,
+ {
+ 'objectclass': ['top', 'extensibleObject'],
+ 'cn': ['clean %d' % replicaId],
+ 'replica-base-dn': [api.env.basedn],
+ 'replica-id': [replicaId],
+ }
+ )
try:
self.conn.addEntry(e)
except errors.DuplicateEntry:
@@ -1190,11 +1211,15 @@ class ReplicationManager(object):
root_logger.debug("Creating task to abort a CLEANALLRUV operation for replica id %d" % replicaId)
dn = DN(('cn', 'abort %d' % replicaId), ('cn', 'abort cleanallruv'),('cn', 'tasks'), ('cn', 'config'))
- e = self.conn.make_entry(dn)
- e.setValues('objectclass', ['top', 'extensibleObject'])
- e.setValue('replica-base-dn', api.env.basedn)
- e.setValue('replica-id', replicaId)
- e.setValue('cn', 'abort %d' % replicaId)
+ e = self.conn.make_entry(
+ dn,
+ {
+ 'replica-base-dn': [api.env.basedn],
+ 'replica-id': [replicaId],
+ 'objectclass': ['top', 'extensibleObject'],
+ 'cn': ['abort %d' % replicaId],
+ }
+ )
try:
self.conn.addEntry(e)
except errors.DuplicateEntry:
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 8b042df6d36e5ab901174550f9caf7025a842fcb..cea3d41013aa05c4f43733125cfbad7e75625c32 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -120,7 +120,7 @@ class Service(object):
conn.do_sasl_gssapi_bind()
except Exception, e:
root_logger.debug("Could not connect to the Directory Server on %s: %s" % (self.fqdn, str(e)))
- raise e
+ raise
self.admin_conn = conn
@@ -216,11 +216,15 @@ class Service(object):
dn = DN(('krbprincipalname', principal), ('cn', 'services'), ('cn', 'accounts'), self.suffix)
hostdn = DN(('fqdn', self.fqdn), ('cn', 'computers'), ('cn', 'accounts'), self.suffix)
- entry = self.admin_conn.make_entry(dn)
- entry.setValues("objectclass", ["krbprincipal", "krbprincipalaux", "krbticketpolicyaux", "ipaobject", "ipaservice", "pkiuser"])
- entry.setValue("krbprincipalname", principal)
- entry.setValue("ipauniqueid", 'autogenerate')
- entry.setValue("managedby", hostdn)
+ entry = self.admin_conn.make_entry(
+ dn,
+ objectclass=[
+ "krbprincipal", "krbprincipalaux", "krbticketpolicyaux",
+ "ipaobject", "ipaservice", "pkiuser"],
+ krbprincipalname=[principal],
+ ipauniqueid=['autogenerate'],
+ managedby=[hostdn],
+ )
self.admin_conn.addEntry(entry)
return dn
@@ -373,12 +377,13 @@ class Service(object):
entry_name = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
order = SERVICE_LIST[name][1]
- entry = self.admin_conn.make_entry(entry_name)
- entry.setValues("objectclass",
- "nsContainer", "ipaConfigObject")
- entry.setValues("cn", name)
- entry.setValues("ipaconfigstring",
- "enabledService", "startOrder " + str(order))
+ entry = self.admin_conn.make_entry(
+ entry_name,
+ objectclass=["nsContainer", "ipaConfigObject"],
+ cn=[name],
+ ipaconfigstring=[
+ "enabledService", "startOrder " + str(order)],
+ )
try:
self.admin_conn.addEntry(entry)
--
1.7.7.6
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
