Make ldap2 class work as a client library as well.
Move the user-private group caching code out of the global config and
determine the value the first time it is needed.
Renamed global_init() back to get_schema() and make it take an optional
connection. This solves the problem of being able to do all operations
with a simple bind instead of GSSAPI.
Moved the global get_syntax() into a class method so that a schema can
be passed in.
If a schema wasn't loaded during the module import then it is loaded
when the connection is created (so we have the credntials needed for
binding).
ticket 63
rob
From fc780593f69897c32e8b773ff9707f5741271d63 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 18 Aug 2010 18:43:11 -0400
Subject: [PATCH] Make ldap2 class work as a client library as well.
Move the user-private group caching code out of the global config and
determine the value the first time it is needed.
Renamed global_init() back to get_schema() and make it take an optional
connection. This solves the problem of being able to do all operations
with a simple bind instead of GSSAPI.
Moved the global get_syntax() into a class method so that a schema
can be passed in.
If a schema wasn't loaded during the module import then it is loaded
when the connection is created (so we have the credntials needed for
binding).
ticket 63
---
ipaserver/install/dsinstance.py |2 +-
ipaserver/plugins/ldap2.py | 84 ++-
2 files changed, 49 insertions(+), 37 deletions(-)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 494d3d8..313034c 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -123,7 +123,7 @@ def has_managed_entries(host_name, dm_password):
conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='cn=config')
conn.connect(bind_dn='cn=Directory Manager', bind_pw=dm_password)
(dn, attrs) = conn.get_entry('cn=Managed Entries,cn=plugins',
- ['*'])
+ ['*'], time_limit=2, size_limit=3000)
return True
except errors.NotFound:
return False
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 79d6d99..d4c0294 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -103,7 +103,7 @@ def _handle_errors(e, **kw):
raise errors.DatabaseError(desc=desc, info=info)
-def global_init(url):
+def get_schema(url, conn=None):
Perform global initialization when the module is loaded.
@@ -114,16 +114,20 @@ def global_init(url):
in-tree lite server then use the current ccache. If in the context of
Apache then create a new ccache and bind using the Apache HTTP service
principal.
+
+If a connection is provided then it the credentials bound to it are
+used. The connection is not closed when the request is done.
tmpdir = None
-upg = False
+has_conn = conn is not None
-if not api.env.in_server or api.env.context not in ['lite', 'server']:
+if (not api.env.in_server or api.env.context not in ['lite', 'server']
+and conn is None):
# The schema is only needed on the server side
-return (None, None)
+return None
try:
-if api.env.context == 'server':
+if api.env.context == 'server' and conn is None:
try:
# Create a new credentials cache for this Apache process
tmpdir = tempfile.mkdtemp(prefix = tmp-)
@@ -139,24 +143,18 @@ def global_init(url):
except krbV.Krb5Error, e:
raise StandardError('Unable to retrieve LDAP schema. Error initializing principal %s in %s: %s' % (principal.name, '/etc/httpd/conf/ipa.keytab', str(e)))
-conn = _ldap.initialize(url)
-conn.sasl_interactive_bind_s('', SASL_AUTH)
+if conn is None:
+conn = _ldap.initialize(url)
+conn.sasl_interactive_bind_s('', SASL_AUTH)
schema_entry = conn.search_s(
'cn=schema', _ldap.SCOPE_BASE,
attrlist=['attributetypes', 'objectclasses']
)[0]
-try:
-upg_entry = conn.search_s(
-'cn=UPG Template, %s' % api.env.basedn, _ldap.SCOPE_BASE,
-attrlist=['*']
-)[0]
-upg = True
-except _ldap.NO_SUCH_OBJECT, e:
-upg = False
-conn.unbind_s()
+if not has_conn:
+conn.unbind_s()
except _ldap.SERVER_DOWN:
-return (None, upg)
+return None
except _ldap.LDAPError, e:
desc = e.args[0]['desc'].strip()
info = e.args[0].get('info', '').strip()
@@ -170,27 +168,16 @@ def global_init(url):
if tmpdir:
shutil.rmtree(tmpdir)
-return (_ldap.schema.SubSchema(schema_entry[1]), upg)
+return _ldap.schema.SubSchema(schema_entry[1])
-# cache schema