From 7509f42516246a012a51a798859dbecbc708642d Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Apr 28 2020 11:13:19 +0000 Subject: Use api.env.container_sysaccounts Refactor code to use api.env.container_sysaccounts instead of ('cn', 'sysaccounts'), ('cn', 'etc') Related: https://pagure.io/freeipa/issue/8276 Signed-off-by: Christian Heimes Reviewed-By: Alexander Bokovoy --- diff --git a/ipaserver/install/adtrust.py b/ipaserver/install/adtrust.py index ac0ef05..ea279b5 100644 --- a/ipaserver/install/adtrust.py +++ b/ipaserver/install/adtrust.py @@ -297,8 +297,8 @@ def add_hosts_to_adtrust_agents(api, host_list): :param host_list: list of potential AD trust agent FQDNs """ agents_dn = DN( - ('cn', 'adtrust agents'), ('cn', 'sysaccounts'), - ('cn', 'etc'), api.env.basedn) + ('cn', 'adtrust agents'), api.env.container_sysaccounts, + api.env.basedn) service.add_principals_to_group( api.Backend.ldap2, diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index a59e85d..7e711a2 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -192,8 +192,7 @@ class ADTRUSTInstance(service.Service): self.trust_dn = DN(api.env.container_trusts, self.suffix) self.smb_dn = DN(('cn', 'adtrust agents'), - ('cn', 'sysaccounts'), - ('cn', 'etc'), + api.env.container_sysaccounts, self.suffix) self.smb_dom_dn = DN(('cn', api.env.domain), diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py index 001c4db..5b87ac4 100644 --- a/ipaserver/install/plugins/adtrust.py +++ b/ipaserver/install/plugins/adtrust.py @@ -903,8 +903,8 @@ class update_adtrust_agents_members(Updater): return False, [] agents_dn = DN( - ('cn', 'adtrust agents'), ('cn', 'sysaccounts'), - ('cn', 'etc'), self.api.env.basedn) + ('cn', 'adtrust agents'), self.api.env.container_sysaccounts, + self.api.env.basedn) try: agents_entry = ldap.get_entry(agents_dn, ['member']) diff --git a/ipaserver/install/plugins/update_passsync.py b/ipaserver/install/plugins/update_passsync.py index ef4701e..5549608 100644 --- a/ipaserver/install/plugins/update_passsync.py +++ b/ipaserver/install/plugins/update_passsync.py @@ -56,8 +56,11 @@ class update_passync_privilege_update(Updater): logger.debug("Add PassSync user as a member of PassSync privilege") ldap = self.api.Backend.ldap2 - passsync_dn = DN(('uid','passsync'), ('cn', 'sysaccounts'), ('cn', 'etc'), - self.api.env.basedn) + passsync_dn = DN( + ('uid', 'passsync'), + self.api.env.container_sysaccounts, + self.api.env.basedn + ) passsync_privilege_dn = DN(('cn','PassSync Service'), self.api.env.container_privilege, self.api.env.basedn) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 1fefe3e..cca3977 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -720,7 +720,8 @@ class ReplicationManager: self.enable_chain_on_update(chainbe) def add_passsync_user(self, conn, password): - pass_dn = DN(('uid', 'passsync'), ('cn', 'sysaccounts'), ('cn', 'etc'), self.suffix) + pass_dn = DN(('uid', 'passsync'), api.env.container_sysaccounts, + self.suffix) print("The user for the Windows PassSync service is %s" % pass_dn) try: conn.get_entry(pass_dn) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 71ea091..b22b595 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -1010,8 +1010,9 @@ def promote_check(installer): # Detect if the other master can handle replication managers # cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX - dn = DN(('cn', 'replication managers'), ('cn', 'sysaccounts'), - ('cn', 'etc'), ipautil.realm_to_suffix(config.realm_name)) + dn = DN(('cn', 'replication managers'), + api.env.container_sysaccounts, + ipautil.realm_to_suffix(config.realm_name)) try: conn.get_entry(dn) except errors.NotFound: diff --git a/ipaserver/servroles.py b/ipaserver/servroles.py index 8aac783..69e08cf 100644 --- a/ipaserver/servroles.py +++ b/ipaserver/servroles.py @@ -584,8 +584,9 @@ class ADtrustBasedRole(BaseServerRole): search_filter = ldap.make_filter_from_attr( "memberof", - DN(('cn', 'adtrust agents'), ('cn', 'sysaccounts'), - ('cn', 'etc'), api_instance.env.basedn) + DN(('cn', 'adtrust agents'), + api_instance.env.container_sysaccounts, + api_instance.env.basedn) ) if server is not None: server_filter = ldap.make_filter_from_attr( diff --git a/ipatests/test_ipaserver/test_serverroles.py b/ipatests/test_ipaserver/test_serverroles.py index caa3f1c..a9f8383 100644 --- a/ipatests/test_ipaserver/test_serverroles.py +++ b/ipatests/test_ipaserver/test_serverroles.py @@ -55,8 +55,7 @@ def _make_master_entry(ldap_backend, dn, ca=False): _adtrust_agents = DN( ('cn', 'adtrust agents'), - ('cn', 'sysaccounts'), - ('cn', 'etc'), + api.env.container_sysaccounts, api.env.basedn )