#2660 installer code should use ldap2
Closed: Fixed None Opened 9 years ago by jdennis.

The installer code still calls into native ldap directly. This makes it very hard to have a common interface that knows how to accept IPA specific objects (e.g. DN). We're supposed to converge on using ldap2 throughout the code base.

This ticket supersedes ticket #1880


This relies on the DN work being done in #1670, #1671, #1672, #1673 and #1674. Moving to 3.1.

Changing 3.2 priority

Since ldap2 requires IPA to be installed, it's not possible to use it directly in installer code. However, the functionality and interface can be shared between ldap2 and IPAdmin, and raw calls to python-ldap can be removed.

A better ticket title would be "installer code should use a ldap2-like class" (or just "installer LDAP code refactoring").

Or could we restructure, or add another init so that the dep on api as the config be dropped?

Note too that this may have an impact on the schema checking code as we have a chicken and egg problem.

Internal, doesn't affect UI

I pushed the core part to master:

2546e4f Improve LDAPEntry tests[[BR]]
61c0938 Remove support for DN normalization from LDAPClient.[[BR]]
5b2e0e2 Remove DN normalization from the baseldap plugin.[[BR]]
a09c506 Use full DNs in plugin code.[[BR]]
3aa3954 Support attributes with multiple names in LDAPEntry.[[BR]]
f17aa00 Aggregate IPASimpleLDAPObject in LDAPEntry.[[BR]]
8f46ca5 Preserve case of attribute names in LDAPEntry.[[BR]]
bb36683 Use the dn attribute of LDAPEntry to set/get DNs of entries.[[BR
982b782 Remove some uses of raw python-ldap[[BR]]
29a02a3 Use IPAdmin rather than raw python-ldap in ipactl[[BR]]
fe13887 Use IPAdmin rather than raw python-ldap in migration.bind[[BR]]
aef4c82 Do not use global variables in migration.py[[BR]]
b39033c Use ldap instead of _ldap in ipaldap[[BR]]
334a0cd Remove IPAdmin.unbind_s(), keep unbind()[[BR]]
f7a4cce Remove IPAdmin.simple_bind_s[[BR]]
1ee66ff Remove IPAdmin.sasl_interactive_bind_s[[BR]]
f9f6cd6 Replace IPAdmin.start_tls_s by an init argument[[BR]]
8f44811 Remove search_s and search_ext_s from IPAdmin[[BR]]
d7bf709 Proxy LDAP methods explicitly rather than using getattr[[BR]
fdd4169 Inline waitForEntry in its only caller[[BR]]
fc571da Inline inactivateEntry in its only caller[[BR]]
5184c31 replace getEntry with get_entry (or get_entries if scope != SCOP
d17f902 Fix typo and traceback suppression in replication.py[[BR]]
e815c18 Replace deleteEntry with delete_entry[[BR]]
f8ad7cb Replace addEntry with add_entry[[BR]]
aaa41b2 Rename LDAPConnection to LDAPClient[[BR]]
a173957 Remove toTupleList and attrList from LDAPEntry[[BR]]
4779865 Replace getList by a get_entries method[[BR]]
f5c404c Replace entry.getValue by entry.single_value[[BR]]
66eaf12 Remove special-casing for missing and single-valued attributes i
6eeb5ec Introduce LDAPEntry.single_value for getting single-valued attri
5271eb2 Replace IPAdmin.checkTask by replication.wait_for_task[[BR]]
b69f698 Remove IPAdmin.get_dns_sorted_by_length[[BR]]
607ff47 Remove IPAdmin.updateEntry calls from fix_replica_agreements[[BR
8be8d4e Remove dbdir, binddn, bindpwd from IPAdmin[[BR]]
1960945 Turn the LDAPError handler into a context manager[[BR]]
d11c337 Remove unused bindcert and bindkey arguments to IPAdmin[[BR]]
334ba2e Remove unused imports from ipaserver/install[[BR]]
abb2280 Change {add,update,delete}_entry to take LDAPEntries[[BR]]
aa6fb75 Replace add_s and delete_s by their newer equivalents[[BR]]
66c7fd1 Replace entry.setValue/setValues by item assignment[[BR]]
c613caa Replace entry.getValues() by entry.get()[[BR]]
b2dd8d7 Use update_entry with a single entry in adtrustinstance[[BR]]
3dd4b36 Replace setValue by keyword arguments when creating entries[[BR]
6896626 Remove the Entry class.[[BR]]
c1d6937 Remove the Entity class.[[BR]]
8d92ca8 Add make_entry factory method to LDAPConnection.[[BR]]
d9b3c91 Implement some of IPAdmin's legacy methods in terms of LDAPConne
a7a8123 Move entry add, update, remove, rename to LDAPConnection[[BR]]
603d9ac Remove unused proxydn functionality from IPAdmin[[BR]]
0c26913 Move entry finding methods to LDAPConnection[[BR]]
ddee3aa Move filter making methods to LDAPConnection[[BR]]
6fb1157 Move DN handling methods to LDAPConnection[[BR]]
44e1520 Move schema-related methods to LDAPConnection[[BR]]
5476b14 Make IPAdmin not inherit from IPASimpleLDAPObject[[BR]]
df4ed77 Start LDAPConnection, a common base for ldap2 and IPAdmin[[BR]]
9d41ee4 Move SchemaCache and IPASimpleLDAPObject to ipaserver.ipaldap[[B
2f84bd6 Move the decision to force schema updates out of IPASimpleLDAPOb
08276c2 Remove connection-creating code from ShemaCache[[BR]]
49a0e3a Move LDAPEntry to ipaserver.ipaldap and derive Entry from it[[BR
a8c0bf0 Use explicit loggers in ldap2 code[[BR]]
7e1495b Derive Entity class from Entry, and move it to ldapupdate[[BR]]
83f9907 Remove unused methods from Entry, Entity, and IPAdmin[[BR]]
c0a89ef Remove some unused imports[[BR]]
ef1cd6e Add custom mapping object for LDAP entry data.[[BR]]

AFAIU, this is the core part of the refactoring, but not all targets were completed. I see 2 options at the moment:
1. Close this ticket and file tickets with remaining parts that will be triaged
2. Move this ticket to other (next) release where the refactoring will continue

I am slightly inclined to do option 1.

Regression was fixed - we do not want to fetch schema in some cases (like when searching in AD GC)

master:[[BR]]
9955ba0 Disable schema retrieval and attribute decoding when talking to AD GC.[[BR]]
f423364 Allow disabling attribute decoding in LDAPClient and IPAdmin.[[BR]]
fffd2eb Allow disabling LDAP schema retrieval in LDAPClient and IPAdmin.[[BR]]
4152c36 Do not fail if schema cannot be retrieved from LDAP server.[[BR]]

Metadata Update from @jdennis:
- Issue assigned to pviktori
- Issue set to the milestone: FreeIPA 3.2 - 2013/02

4 years ago

Login to comment on this ticket.

Metadata