URL: https://github.com/freeipa/freeipa/pull/1371
Author: tiran
 Title: #1371: [Backport][ipa-4-6] Update to python-ldap 3.0.0
Action: opened

PR body:
"""
Manual backport of PR #1356 

Replace python3-pyldap with python3-ldap.

Remove some old code for compatibility with very old python-ldap.

Signed-off-by: Christian Heimes <chei...@redhat.com>
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1371/head:pr1371
git checkout pr1371
From 17fa278fb63e84154f9444c550f5a6f644a79e23 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Mon, 4 Dec 2017 17:29:05 +0100
Subject: [PATCH] Update to python-ldap 3.0.0

Replace python3-pyldap with python3-ldap.

Remove some old code for compatibility with very old python-ldap.

Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 freeipa.spec.in              | 23 +++++++++++++----------
 ipapython/ipaldap.py         | 15 +++++++++++++++
 ipapython/setup.py           |  4 ++--
 ipaserver/dcerpc.py          | 16 ++++++----------
 ipaserver/dnssec/syncrepl.py |  2 --
 ipaserver/plugins/ldap2.py   | 15 +--------------
 ipaserver/setup.py           |  3 +--
 ipasetup.py.in               |  2 +-
 ipatests/setup.py            |  3 +--
 9 files changed, 40 insertions(+), 43 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 011f03eda4..99d5186001 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -43,6 +43,7 @@
 %global samba_version 4.7.0
 %global selinux_policy_version 3.12.1-153
 %global slapi_nis_version 0.56.0-4
+%global python_ldap_version 2.4.15
 %else
 # 1.15.1-7: certauth (http://krbdev.mit.edu/rt/Ticket/Display.html?id=8561)
 %global krb5_version 1.15.1-7
@@ -52,8 +53,10 @@
 %global samba_version 2:4.7.0
 %global selinux_policy_version 3.13.1-158.4
 %global slapi_nis_version 0.56.1
+%global python_ldap_version 3.0.0
 %endif
 
+
 %define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+')
 
 %global plugin_dir %{_libdir}/dirsrv/plugins
@@ -139,7 +142,7 @@ BuildRequires:  python-lesscpy
 # Build dependencies for makeapi/makeaci
 # makeapi/makeaci is using Python 2 only for now
 #
-BuildRequires:  python-ldap
+BuildRequires:  python2-ldap >= %{python_ldap_version}
 BuildRequires:  python2-netaddr
 BuildRequires:  python2-pyasn1
 BuildRequires:  python2-pyasn1-modules
@@ -248,7 +251,7 @@ BuildRequires:  python3-augeas
 BuildRequires:  python3-netaddr
 BuildRequires:  python3-pyasn1
 BuildRequires:  python3-pyasn1-modules
-BuildRequires:  python3-pyldap
+BuildRequires:  python3-ldap >= %{python_ldap_version}
 %endif # with_python3
 %endif # with_lint
 
@@ -279,10 +282,10 @@ Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
 %if 0%{?with_python3}
 Requires: python3-ipaserver = %{version}-%{release}
-Requires: python3-pyldap >= 2.4.15
+Requires: python3-ldap >= %{python_ldap_version}
 %else
 Requires: python2-ipaserver = %{version}-%{release}
-Requires: python-ldap >= 2.4.15
+Requires: python2-ldap >= %{python_ldap_version}
 %endif
 # 1.3.7.6-1: https://bugzilla.redhat.com/show_bug.cgi?id=1488295
 Requires: 389-ds-base >= 1.3.7.6-1
@@ -381,7 +384,7 @@ Requires: %{name}-server-common = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
 Requires: python2-ipaclient = %{version}-%{release}
 Requires: python2-custodia >= 0.3.1
-Requires: python-ldap >= 2.4.15
+Requires: python2-ldap >= %{python_ldap_version}
 Requires: python2-lxml
 Requires: python2-gssapi >= 1.2.0-5
 Requires: python2-sssdconfig
@@ -414,7 +417,7 @@ Requires: %{name}-common = %{version}-%{release}
 Requires: python3-ipaclient = %{version}-%{release}
 Requires: python3-custodia >= 0.3.1
 # we need pre-requires since earlier versions may break upgrade
-Requires(pre): python3-pyldap >= 2.4.35.1-2
+Requires(pre): python3-ldap >= %{python_ldap_version}
 Requires: python3-lxml
 Requires: python3-gssapi >= 1.2.0
 Requires: python3-sssdconfig
@@ -537,11 +540,11 @@ Requires: %{name}-common = %{version}-%{release}
 %if 0%{?with_python3}
 Requires: python3-gssapi >= 1.2.0-5
 Requires: python3-ipaclient = %{version}-%{release}
-Requires: python3-pyldap
+Requires: python3-ldap >= %{python_ldap_version}
 %else
 Requires: python2-gssapi >= 1.2.0-5
 Requires: python2-ipaclient = %{version}-%{release}
-Requires: python-ldap
+Requires: python2-ldap >= %{python_ldap_version}
 %endif
 Requires: cyrus-sasl-gssapi%{?_isa}
 Requires: ntp
@@ -718,7 +721,7 @@ Requires: python2-six
 # 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
 Requires: python2-jwcrypto >= 0.4.2
 Requires: python2-cffi
-Requires: python-ldap >= 2.4.15
+Requires: python2-ldap >= %{python_ldap_version}
 Requires: python2-requests
 Requires: python2-dns >= 1.15
 Requires: python2-enum34
@@ -769,7 +772,7 @@ Requires: python3-six
 Requires: python3-jwcrypto >= 0.4.2
 Requires: python3-cffi
 # we need pre-requires since earlier versions may break upgrade
-Requires(pre): python3-pyldap >= 2.4.35.1-2
+Requires(pre): python3-ldap >= %{python_ldap_version}
 Requires: python3-requests
 Requires: python3-dns >= 1.15
 Requires: python3-netifaces >= 0.10.4
diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
index 60c5b93726..3255fc1d71 100644
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@@ -29,6 +29,7 @@
 import collections
 import os
 import pwd
+import warnings
 
 # pylint: disable=import-error
 from six.moves.urllib.parse import urlparse
@@ -76,6 +77,20 @@
 DIRMAN_DN = DN(('cn', 'directory manager'))
 
 
+if six.PY2:
+    # XXX silence python-ldap's BytesWarnings
+    warnings.filterwarnings(
+        action="ignore",
+        message="Under Python 2, python-ldap uses bytes",
+        category=BytesWarning
+    )
+    warnings.filterwarnings(
+        action="ignore",
+        message="Received non-bytes value",
+        category=BytesWarning
+    )
+
+
 class _ServerSchema(object):
     '''
     Properties of a schema retrieved from an LDAP server.
diff --git a/ipapython/setup.py b/ipapython/setup.py
index b982577d91..df2448feec 100755
--- a/ipapython/setup.py
+++ b/ipapython/setup.py
@@ -45,11 +45,11 @@
             "ipaplatform",
             "netaddr",
             "netifaces",
+            "python-ldap",
             "six",
         ],
         extras_require={
-            ":python_version<'3'": ["enum34", "python-ldap"],
-            ":python_version>='3'": ["pyldap"],
+            ":python_version<'3'": ["enum34"],
             "install": ["dbus-python"],  # for certmonger
         },
     )
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index ff71834097..5a8dc5575b 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -185,17 +185,13 @@ def assess_dcerpc_error(error):
 
 
 class ExtendedDNControl(LDAPControl):
-    # This class attempts to implement LDAP control that would work
-    # with both python-ldap 2.4.x and 2.3.x, thus there is mix of properties
-    # from both worlds and encodeControlValue has default parameter
     def __init__(self):
-        self.controlValue = 1
-        self.controlType = "1.2.840.113556.1.4.529"
-        self.criticality = False
-        self.integerValue = 1
-
-    def encodeControlValue(self, value=None):
-        return b'0\x03\x02\x01\x01'
+        LDAPControl.__init__(
+            self,
+            controlType="1.2.840.113556.1.4.529",
+            criticality=False,
+            encodedControlValue=b'0\x03\x02\x01\x01'
+        )
 
 
 class DomainValidator(object):
diff --git a/ipaserver/dnssec/syncrepl.py b/ipaserver/dnssec/syncrepl.py
index 4632220262..f23bf97ef8 100644
--- a/ipaserver/dnssec/syncrepl.py
+++ b/ipaserver/dnssec/syncrepl.py
@@ -9,9 +9,7 @@
 
 import logging
 
-# Import the python-ldap modules
 import ldap
-# Import specific classes from python-ldap
 from ldap.cidict import cidict
 from ldap.ldapobject import ReconnectLDAPObject
 from ldap.syncrepl import SyncreplConsumer
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 07d6f354e0..1044067985 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -38,20 +38,7 @@
 from ipapython.ipaldap import (LDAPClient, AUTOBIND_AUTO, AUTOBIND_ENABLED,
                                AUTOBIND_DISABLED)
 
-
-try:
-    from ldap.controls.simple import GetEffectiveRightsControl
-except ImportError:
-    """
-    python-ldap 2.4.x introduced a new API for effective rights control, which
-    needs to be used or otherwise bind dn is not passed correctly. The following
-    class is created for backward compatibility with python-ldap 2.3.x.
-    Relevant BZ: https://bugzilla.redhat.com/show_bug.cgi?id=802675
-    """
-    from ldap.controls import LDAPControl
-    class GetEffectiveRightsControl(LDAPControl):
-        def __init__(self, criticality, authzId=None):
-            LDAPControl.__init__(self, '1.3.6.1.4.1.42.2.27.9.5.2', criticality, authzId)
+from ldap.controls.simple import GetEffectiveRightsControl
 
 from ipalib import Registry, errors, _
 from ipalib.crud import CrudBackend
diff --git a/ipaserver/setup.py b/ipaserver/setup.py
index 96af1a7e8c..46ce7505a0 100755
--- a/ipaserver/setup.py
+++ b/ipaserver/setup.py
@@ -62,6 +62,7 @@
             "requests",
             "six",
             "python-augeas",
+            "python-ldap",
         ],
         entry_points={
             'custodia.authorizers': [
@@ -72,8 +73,6 @@
             ],
         },
         extras_require={
-            ":python_version<'3'": ["python-ldap"],
-            ":python_version>='3'": ["pyldap"],
             # These packages are currently not available on PyPI.
             "dcerpc": ["samba", "pysss", "pysss_nss_idmap"],
             "hbactest": ["pyhbac"],
diff --git a/ipasetup.py.in b/ipasetup.py.in
index 426cbdb6e0..4827ed0455 100644
--- a/ipasetup.py.in
+++ b/ipasetup.py.in
@@ -81,7 +81,7 @@ PACKAGE_VERSION = {
     'jwcrypto': 'jwcrpyto >= 0.4.2',
     'kdcproxy': 'kdcproxy >= 0.3',
     'netifaces': 'netifaces >= 0.10.4',
-    'pyldap': 'pyldap >= 2.4.15',
+    'python-ldap': 'python-ldap >= 3.0.0b1',  # install --pre
     'python-yubico': 'python-yubico >= 1.2.3',
     'qrcode': 'qrcode >= 5.0',
 }
diff --git a/ipatests/setup.py b/ipatests/setup.py
index de98648f99..68a67da5f9 100644
--- a/ipatests/setup.py
+++ b/ipatests/setup.py
@@ -71,11 +71,10 @@
             "polib",
             "pytest",
             "pytest_multihost",
+            "python-ldap",
             "six",
         ],
         extras_require={
-            ":python_version<'3'": ["python-ldap"],
-            ":python_version>='3'": ["pyldap"],
             "integration": ["dbus-python", "pyyaml", "ipaserver"],
             "ipaserver": ["ipaserver"],
             "webui": ["selenium", "pyyaml", "ipaserver"],
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to