On 04/08/2015 08:34 AM, Jan Cholasta wrote:
Hi,
Dne 1.4.2015 v 17:40 thierry bordaz napsal(a):
Hello,
In user life cycle, Active entries are moved to Delete container and
Delete entries can be moved back to Staging container.
This requires a LDAP modrdn with new superior that is not supported
in ldap2.
Since update_entry_rdn() is used only in one spot in baseldap, I think
we can merge it and move_entry_newsuperior() into a single method
move_entry():
def move_entry(self, dn, new_dn, del_old=True):
We can easily detect whether the superior needs to be updated by
comparing dn[1:] and new_dn[1:].
Hello Jan,
Yes that is a good idea to merge those two methods. They both rely on
modrdn and a single method is enough.
Maybe we can also get rid of del_old, if it's always gonna be True in
our code?
I think it is better to get this interface as close as possible as the
MODRDN call, so that del_old option will be already available for future
usage.
I agree that currently del_old is always true in case of IPA but it
could be the default value.
BTW what is the purpose of the find_entries() call? Does MODRDN
operation not fail with not found itself if the new superior does not
exist?
You are right, rename_s will detect the new supperior does not exist and
will catch it with self.error_handler.
So this test on the superior is useless.
Thanks for your feedbacks here is an updated patch.
thanks
thierry
thanks
thierry
Honza
From 2b2b0da3964b216643739f6b890d2c52240b498e Mon Sep 17 00:00:00 2001
From: "Thierry bordaz (tbordaz)" <[email protected]>
Date: Wed, 1 Apr 2015 16:42:43 +0200
Subject: [PATCH 07/12] User life cycle: allows MODRDN from ldap2
enhance update_entry_rdn so that is allows
to move an entry a new superior
Reviewed By: Jan Cholasta
https://fedorahosted.org/freeipa/ticket/3813
---
ipapython/ipaldap.py | 30 +++++++++++++++++++++++-------
1 file changed, 23 insertions(+), 7 deletions(-)
diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
index ce07006eb790c80fd42bd6eb611732ce9000db13..415beb29a31c2a15f5460b512331bf8780d61c7b 100644
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@@ -581,6 +581,9 @@ class IPASimpleLDAPObject(object):
dn = str(dn)
assert isinstance(newrdn, (DN, RDN))
newrdn = str(newrdn)
+ if newsuperior:
+ assert isinstance(newsuperior, DN)
+ newsuperior = str(newsuperior)
return self.conn.rename_s(dn, newrdn, newsuperior, delold)
def result(self, msgid=ldap.RES_ANY, all=1, timeout=None):
@@ -1593,21 +1596,34 @@ class LDAPClient(object):
entry.reset_modlist()
- def update_entry_rdn(self, dn, new_rdn, del_old=True):
+ def update_entry_rdn(self, dn, new_rdn=None, new_superior=None, del_old=True):
"""
- Update entry's relative distinguished name.
+ Move entry to a new superior and update entry's relative distinguished name.
Keyword arguments:
+ new_rdn: -- RDN of the updated entry. If missing, it takes the entry RDN.
+ new_superior -- superior where the entry is moved
del_old -- delete old RDN value (default True)
+
+ :raises:
+ errors.NotFound if new_superior doesn't exist
+ errors.EmptyModlist if no new_superior and RDN is not changed
"""
-
assert isinstance(dn, DN)
- assert isinstance(new_rdn, RDN)
+ if new_superior:
+ assert isinstance(new_superior, DN)
+ # in case there is no new_rdn, the entry is just moved to a new superior
+ # without change of the rdn
+ if not new_rdn:
+ new_rdn = dn[0]
+ else:
+ assert isinstance(new_rdn, RDN)
+ # in case there is no superior, the RDN is just changed
+ if dn[0] == new_rdn:
+ raise errors.EmptyModlist()
- if dn[0] == new_rdn:
- raise errors.EmptyModlist()
with self.error_handler():
- self.conn.rename_s(dn, new_rdn, delold=int(del_old))
+ self.conn.rename_s(dn, new_rdn, newsuperior=new_superior, delold=int(del_old))
time.sleep(.3) # Give memberOf plugin a chance to work
def update_entry(self, entry, entry_attrs=None):
--
1.7.11.7
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
