Hi, I did have bug filed against python-ldap in January and for some reason my patch to accomodate two ways of making LDAP controls was not included in March 2012 when I presented it as part of trusts, but yesterday we found it is really needed for RHEL6 version of python-ldap.
Rather than having separate patch, I'd prefer to have both versions supported upstream. The same issue was with Fedora 16 versus Fedora 17. -- / Alexander Bokovoy
>From 9d6f09aadd2bd47660934d0f606e9a326456d6e4 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> Date: Tue, 25 Sep 2012 17:23:33 +0300 Subject: [PATCH 1/2] Support python-ldap 2.3 way of making LDAP control This strange patch is to accomodate both python-ldap 2.3 and later versions. There was refactoring in python-ldap support for LDAP controls that split base class into two different, changing properties and method signatures. Luckily, we don't use any values passed to encodeControlValue. --- ipaserver/dcerpc.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 86cf01dbac9aca21c35d2db65ef4d4c56e313709..ae0738db0de08a6fbc01808a5bd702418fe17778 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -40,8 +40,12 @@ from samba.ndr import ndr_pack from samba import net import samba import random -import ldap as _ldap from Crypto.Cipher import ARC4 +try: + from ldap.controls import RequestControl as LDAPControl #pylint: disable=F0401 +except: + from ldap.controls import LDAPControl as LDAPControl #pylint: disable=F0401 +import ldap as _ldap __doc__ = _(""" Classes to manage trust joins using DCE-RPC calls @@ -81,13 +85,17 @@ def assess_dcerpc_exception(num=None,message=None): message "%(message)s" (both may be "None")''') % dict(num=num, message=message) return errors.RemoteRetrieveError(reason=reason) -class ExtendedDNControl(_ldap.controls.RequestControl): +class ExtendedDNControl(LDAPControl): + # This class attempts to implement LDAP control that would work + # with both python-ldap 2.4.x and 2.3.x, thus there is mix of properties + # from both worlds and encodeControlValue has default parameter def __init__(self): + self.controlValue = 1 self.controlType = "1.2.840.1135220.127.116.119" self.criticality = False self.integerValue = 1 - def encodeControlValue(self): + def encodeControlValue(self, value=None): return '0\x03\x02\x01\x01' class DomainValidator(object): -- 1.7.12
_______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel