Re: [Freeipa-devel] [PATCHES] 116-119 Make LDAP schema retrieval optional
On 03/07/2013 06:21 PM, Jan Cholasta wrote: On 7.3.2013 17:59, Petr Viktorin wrote: On 03/07/2013 04:33 PM, Jan Cholasta wrote: On 7.3.2013 14:53, Petr Viktorin wrote: On 03/07/2013 01:43 PM, Jan Cholasta wrote: Hi, these patches add flags to LDAPClient and IPAdmin constructors which can be used to disable schema retrieval and decoding of attributes. This should make interacting with AD easier (see http://www.redhat.com/archives/freeipa-devel/2013-March/msg00076.html). Honza [...] Updated patches attached. Honza In LDAPEntry.__setitem__, schema.get_obj is used without checking if the schema is None. I knew I forgot something! Thanks. Fixed. Updated patches attached. Honza ACK -- Petr³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 116-119 Make LDAP schema retrieval optional
On 03/08/2013 02:13 PM, Petr Viktorin wrote: On 03/07/2013 06:21 PM, Jan Cholasta wrote: On 7.3.2013 17:59, Petr Viktorin wrote: On 03/07/2013 04:33 PM, Jan Cholasta wrote: On 7.3.2013 14:53, Petr Viktorin wrote: On 03/07/2013 01:43 PM, Jan Cholasta wrote: Hi, these patches add flags to LDAPClient and IPAdmin constructors which can be used to disable schema retrieval and decoding of attributes. This should make interacting with AD easier (see http://www.redhat.com/archives/freeipa-devel/2013-March/msg00076.html). Honza [...] Updated patches attached. Honza In LDAPEntry.__setitem__, schema.get_obj is used without checking if the schema is None. I knew I forgot something! Thanks. Fixed. Updated patches attached. Honza ACK Pushed to master. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCHES] 116-119 Make LDAP schema retrieval optional
Hi, these patches add flags to LDAPClient and IPAdmin constructors which can be used to disable schema retrieval and decoding of attributes. This should make interacting with AD easier (see http://www.redhat.com/archives/freeipa-devel/2013-March/msg00076.html). Honza -- Jan Cholasta From 33142d7e0a8508a783e1a1b4a7a22525337ce54d Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Thu, 7 Mar 2013 10:50:57 +0100 Subject: [PATCH 1/4] Do not fail if schema cannot be retrieved from LDAP server. --- ipaserver/ipaldap.py | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index 4a46532..e6f82dc 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -270,13 +270,19 @@ class IPASimpleLDAPObject(object): self.log = log_mgr.get_logger(self) self.uri = uri self.conn = SimpleLDAPObject(uri) +self._has_schema = False self._schema = None self._force_schema_updates = force_schema_updates def _get_schema(self): -if self._schema is None: -self._schema = schema_cache.get_schema( -self.uri, self.conn, force_update=self._force_schema_updates) +if not self._has_schema: +try: +self._schema = schema_cache.get_schema( +self.uri, self.conn, +force_update=self._force_schema_updates) +except: +pass +self._has_schema = True return self._schema schema = property(_get_schema, None, None, 'schema associated with this LDAP server') @@ -307,6 +313,7 @@ class IPASimpleLDAPObject(object): # logical operations that have the potential to cause a schema # change. +self._has_schema = False self._schema = None def get_syntax(self, attr): @@ -315,6 +322,9 @@ class IPASimpleLDAPObject(object): if syntax is not None: return syntax +if self.schema is None: +return None + # Try to lookup the syntax in the schema returned by the server obj = self.schema.get_obj(ldap.schema.AttributeType, attr) if obj is not None: -- 1.8.1 From d4fccb0c9fac71f0c0be90cd19ec737fbff8c428 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Thu, 7 Mar 2013 10:52:57 +0100 Subject: [PATCH 2/4] Allow disabling LDAP schema retrieval in LDAPClient and IPAdmin. --- ipaserver/ipaldap.py | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index e6f82dc..9d350f7 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -255,7 +255,7 @@ class IPASimpleLDAPObject(object): 'originscope': DN_SYNTAX_OID, # DN }) -def __init__(self, uri, force_schema_updates): +def __init__(self, uri, force_schema_updates, no_schema=False): An internal LDAP connection object :param uri: The LDAP URI to connect to @@ -266,15 +266,19 @@ class IPASimpleLDAPObject(object): Generally, it should be true if the API context is 'installer' or 'updates', but it must be given explicitly since the API object is not always available +:param no_schema: If true, schema is never requested from the server. self.log = log_mgr.get_logger(self) self.uri = uri self.conn = SimpleLDAPObject(uri) +self._no_schema = no_schema self._has_schema = False self._schema = None self._force_schema_updates = force_schema_updates def _get_schema(self): +if self._no_schema: +return None if not self._has_schema: try: self._schema = schema_cache.get_schema( @@ -1649,7 +1653,7 @@ class IPAdmin(LDAPClient): def __init__(self, host='', port=389, cacert=None, debug=None, ldapi=False, realm=None, protocol=None, force_schema_updates=True, - start_tls=False, ldap_uri=None): + start_tls=False, ldap_uri=None, no_schema=False): self.conn = None log_mgr.get_logger(self, True) if debug and debug.lower() == on: @@ -1669,7 +1673,8 @@ class IPAdmin(LDAPClient): LDAPClient.__init__(self, ldap_uri) -self.conn = IPASimpleLDAPObject(ldap_uri, force_schema_updates=True) +self.conn = IPASimpleLDAPObject(ldap_uri, force_schema_updates=True, +no_schema=no_schema) if start_tls: self.conn.start_tls_s() -- 1.8.1 From 8c89c1058ba1fa9798b284c9ed3efa5cd8d5a844 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Thu, 7 Mar 2013 10:56:03 +0100 Subject: [PATCH 3/4] Allow disabling attribute decoding in LDAPClient and IPAdmin. --- ipaserver/ipaldap.py | 16 +--- 1 file changed, 13
Re: [Freeipa-devel] [PATCHES] 116-119 Make LDAP schema retrieval optional
On 03/07/2013 01:43 PM, Jan Cholasta wrote: Hi, these patches add flags to LDAPClient and IPAdmin constructors which can be used to disable schema retrieval and decoding of attributes. This should make interacting with AD easier (see http://www.redhat.com/archives/freeipa-devel/2013-March/msg00076.html). Honza The first three patches look good, except a nitpick below. In the last patch, I don't see why you added back search_s. Is get_entries inadequate in some way? From 33142d7e0a8508a783e1a1b4a7a22525337ce54d Mon Sep 17 00:00:00 2001 From: Jan Cholastajchol...@redhat.com Date: Thu, 7 Mar 2013 10:50:57 +0100 Subject: [PATCH 1/4] Do not fail if schema cannot be retrieved from LDAP server. --- ipaserver/ipaldap.py | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py [...] +try: +self._schema = schema_cache.get_schema( +self.uri, self.conn, +force_update=self._force_schema_updates) +except: Don't use bare except. -- Petr³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 116-119 Make LDAP schema retrieval optional
On 7.3.2013 14:53, Petr Viktorin wrote: On 03/07/2013 01:43 PM, Jan Cholasta wrote: Hi, these patches add flags to LDAPClient and IPAdmin constructors which can be used to disable schema retrieval and decoding of attributes. This should make interacting with AD easier (see http://www.redhat.com/archives/freeipa-devel/2013-March/msg00076.html). Honza The first three patches look good, except a nitpick below. In the last patch, I don't see why you added back search_s. Is get_entries inadequate in some way? Nope, it's just that __search_in_gc uses it. Fixed. From 33142d7e0a8508a783e1a1b4a7a22525337ce54d Mon Sep 17 00:00:00 2001 From: Jan Cholastajchol...@redhat.com Date: Thu, 7 Mar 2013 10:50:57 +0100 Subject: [PATCH 1/4] Do not fail if schema cannot be retrieved from LDAP server. --- ipaserver/ipaldap.py | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py [...] +try: +self._schema = schema_cache.get_schema( +self.uri, self.conn, +force_update=self._force_schema_updates) +except: Don't use bare except. Fixed. Updated patches attached. Honza -- Jan Cholasta From 598dc757e1cb65499a2e46f2be6a09f65a9d6d7f Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Thu, 7 Mar 2013 10:50:57 +0100 Subject: [PATCH 1/4] Do not fail if schema cannot be retrieved from LDAP server. --- ipaserver/ipaldap.py | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index 4a46532..2928a67 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -270,13 +270,19 @@ class IPASimpleLDAPObject(object): self.log = log_mgr.get_logger(self) self.uri = uri self.conn = SimpleLDAPObject(uri) +self._has_schema = False self._schema = None self._force_schema_updates = force_schema_updates def _get_schema(self): -if self._schema is None: -self._schema = schema_cache.get_schema( -self.uri, self.conn, force_update=self._force_schema_updates) +if not self._has_schema: +try: +self._schema = schema_cache.get_schema( +self.uri, self.conn, +force_update=self._force_schema_updates) +except (errors.ExecutionError, IndexError): +pass +self._has_schema = True return self._schema schema = property(_get_schema, None, None, 'schema associated with this LDAP server') @@ -307,6 +313,7 @@ class IPASimpleLDAPObject(object): # logical operations that have the potential to cause a schema # change. +self._has_schema = False self._schema = None def get_syntax(self, attr): @@ -315,6 +322,9 @@ class IPASimpleLDAPObject(object): if syntax is not None: return syntax +if self.schema is None: +return None + # Try to lookup the syntax in the schema returned by the server obj = self.schema.get_obj(ldap.schema.AttributeType, attr) if obj is not None: -- 1.8.1 From 798abe2b369656f4ce99ea9f47a5c84fbe98775d Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Thu, 7 Mar 2013 10:52:57 +0100 Subject: [PATCH 2/4] Allow disabling LDAP schema retrieval in LDAPClient and IPAdmin. --- ipaserver/ipaldap.py | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index 2928a67..0f153a5 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -255,7 +255,7 @@ class IPASimpleLDAPObject(object): 'originscope': DN_SYNTAX_OID, # DN }) -def __init__(self, uri, force_schema_updates): +def __init__(self, uri, force_schema_updates, no_schema=False): An internal LDAP connection object :param uri: The LDAP URI to connect to @@ -266,15 +266,19 @@ class IPASimpleLDAPObject(object): Generally, it should be true if the API context is 'installer' or 'updates', but it must be given explicitly since the API object is not always available +:param no_schema: If true, schema is never requested from the server. self.log = log_mgr.get_logger(self) self.uri = uri self.conn = SimpleLDAPObject(uri) +self._no_schema = no_schema self._has_schema = False self._schema = None self._force_schema_updates = force_schema_updates def _get_schema(self): +if self._no_schema: +return None if not self._has_schema: try: self._schema = schema_cache.get_schema( @@ -1649,7 +1653,7 @@ class IPAdmin(LDAPClient): def __init__(self, host='', port=389, cacert=None, debug=None,
Re: [Freeipa-devel] [PATCHES] 116-119 Make LDAP schema retrieval optional
On 03/07/2013 04:33 PM, Jan Cholasta wrote: On 7.3.2013 14:53, Petr Viktorin wrote: On 03/07/2013 01:43 PM, Jan Cholasta wrote: Hi, these patches add flags to LDAPClient and IPAdmin constructors which can be used to disable schema retrieval and decoding of attributes. This should make interacting with AD easier (see http://www.redhat.com/archives/freeipa-devel/2013-March/msg00076.html). Honza [...] Updated patches attached. Honza In LDAPEntry.__setitem__, schema.get_obj is used without checking if the schema is None. -- Petr³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 116-119 Make LDAP schema retrieval optional
On 7.3.2013 17:59, Petr Viktorin wrote:
On 03/07/2013 04:33 PM, Jan Cholasta wrote:
On 7.3.2013 14:53, Petr Viktorin wrote:
On 03/07/2013 01:43 PM, Jan Cholasta wrote:
Hi,
these patches add flags to LDAPClient and IPAdmin constructors which
can
be used to disable schema retrieval and decoding of attributes. This
should make interacting with AD easier (see
http://www.redhat.com/archives/freeipa-devel/2013-March/msg00076.html).
Honza
[...]
Updated patches attached.
Honza
In LDAPEntry.__setitem__, schema.get_obj is used without checking if the
schema is None.
I knew I forgot something! Thanks. Fixed.
Updated patches attached.
Honza
--
Jan Cholasta
From 411ba6d422b39e27deab63acfc127573e7db1fb2 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Thu, 7 Mar 2013 10:50:57 +0100
Subject: [PATCH 1/4] Do not fail if schema cannot be retrieved from LDAP
server.
---
ipaserver/ipaldap.py | 24 +++-
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index 4a46532..d9f91d5 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -270,13 +270,19 @@ class IPASimpleLDAPObject(object):
self.log = log_mgr.get_logger(self)
self.uri = uri
self.conn = SimpleLDAPObject(uri)
+self._has_schema = False
self._schema = None
self._force_schema_updates = force_schema_updates
def _get_schema(self):
-if self._schema is None:
-self._schema = schema_cache.get_schema(
-self.uri, self.conn, force_update=self._force_schema_updates)
+if not self._has_schema:
+try:
+self._schema = schema_cache.get_schema(
+self.uri, self.conn,
+force_update=self._force_schema_updates)
+except (errors.ExecutionError, IndexError):
+pass
+self._has_schema = True
return self._schema
schema = property(_get_schema, None, None, 'schema associated with this LDAP server')
@@ -307,6 +313,7 @@ class IPASimpleLDAPObject(object):
# logical operations that have the potential to cause a schema
# change.
+self._has_schema = False
self._schema = None
def get_syntax(self, attr):
@@ -315,6 +322,9 @@ class IPASimpleLDAPObject(object):
if syntax is not None:
return syntax
+if self.schema is None:
+return None
+
# Try to lookup the syntax in the schema returned by the server
obj = self.schema.get_obj(ldap.schema.AttributeType, attr)
if obj is not None:
@@ -708,12 +718,8 @@ class LDAPEntry(dict):
else:
self._names[name] = name
-try:
-schema = self._conn.schema
-except:
-pass
-else:
-attrtype = schema.get_obj(ldap.schema.AttributeType,
+if self._conn.schema is not None:
+attrtype = self._conn.schema.get_obj(ldap.schema.AttributeType,
name.encode('utf-8'))
if attrtype is not None:
for altname in attrtype.names:
--
1.8.1
From f6c25d9d8abe318745ddb5726a14f4aa9956b63a Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Thu, 7 Mar 2013 10:52:57 +0100
Subject: [PATCH 2/4] Allow disabling LDAP schema retrieval in LDAPClient and
IPAdmin.
---
ipaserver/ipaldap.py | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index d9f91d5..c814f57 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -255,7 +255,7 @@ class IPASimpleLDAPObject(object):
'originscope': DN_SYNTAX_OID, # DN
})
-def __init__(self, uri, force_schema_updates):
+def __init__(self, uri, force_schema_updates, no_schema=False):
An internal LDAP connection object
:param uri: The LDAP URI to connect to
@@ -266,15 +266,19 @@ class IPASimpleLDAPObject(object):
Generally, it should be true if the API context is 'installer' or
'updates', but it must be given explicitly since the API object
is not always available
+:param no_schema: If true, schema is never requested from the server.
self.log = log_mgr.get_logger(self)
self.uri = uri
self.conn = SimpleLDAPObject(uri)
+self._no_schema = no_schema
self._has_schema = False
self._schema = None
self._force_schema_updates = force_schema_updates
def _get_schema(self):
+if self._no_schema:
+return None
if not self._has_schema:
try:
self._schema = schema_cache.get_schema(
@@ -1645,7 +1649,7 @@ class IPAdmin(LDAPClient):
def __init__(self, host='', port=389, cacert=None, debug=None, ldapi=False,
