Hi,

I did have bug filed against python-ldap in January and for some reason
my patch to accomodate two ways of making LDAP controls was not included
in March 2012 when I presented it as part of trusts, but yesterday we
found it is really needed for RHEL6 version of python-ldap.

Rather than having separate patch, I'd prefer to have both versions
supported upstream. The same issue was with Fedora 16 versus Fedora 17.

--
/ Alexander Bokovoy
>From 9d6f09aadd2bd47660934d0f606e9a326456d6e4 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Tue, 25 Sep 2012 17:23:33 +0300
Subject: [PATCH 1/2] Support python-ldap 2.3 way of making LDAP control

This strange patch is to accomodate both python-ldap 2.3 and later versions.
There was refactoring in python-ldap support for LDAP controls that split
base class into two different, changing properties and method signatures.

Luckily, we don't use any values passed to encodeControlValue.
---
 ipaserver/dcerpc.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index 
86cf01dbac9aca21c35d2db65ef4d4c56e313709..ae0738db0de08a6fbc01808a5bd702418fe17778
 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -40,8 +40,12 @@ from samba.ndr import ndr_pack
 from samba import net
 import samba
 import random
-import ldap as _ldap
 from Crypto.Cipher import ARC4
+try:
+    from ldap.controls import RequestControl as LDAPControl #pylint: 
disable=F0401
+except:
+    from ldap.controls import LDAPControl as LDAPControl    #pylint: 
disable=F0401
+import ldap as _ldap
 
 __doc__ = _("""
 Classes to manage trust joins using DCE-RPC calls
@@ -81,13 +85,17 @@ def assess_dcerpc_exception(num=None,message=None):
                   message "%(message)s" (both may be "None")''') % 
dict(num=num, message=message)
     return errors.RemoteRetrieveError(reason=reason)
 
-class ExtendedDNControl(_ldap.controls.RequestControl):
+class ExtendedDNControl(LDAPControl):
+    # This class attempts to implement LDAP control that would work
+    # with both python-ldap 2.4.x and 2.3.x, thus there is mix of properties
+    # from both worlds and encodeControlValue has default parameter
     def __init__(self):
+        self.controlValue = 1
         self.controlType = "1.2.840.113556.1.4.529"
         self.criticality = False
         self.integerValue = 1
 
-    def encodeControlValue(self):
+    def encodeControlValue(self, value=None):
         return '0\x03\x02\x01\x01'
 
 class DomainValidator(object):
-- 
1.7.12

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to