[Freeipa-devel] [PATCHES] Add new set of base classes for IPA plugins using LDAP.

Pavel Zuna pzuna at redhat.com
Thu Jun 4 18:17:20 UTC 2009


Dear freeipa-devel,
I know we agreed that we're going to post one patch per email, but it this case 
I think it's justified. Patches 0001 through 0005 are prerequisites for the new 
base classes. Before describing the individual patches, let me explain a little 
bit of what I had in mind when implementing this addition.

For the last few months, I've been mostly working the new LDAP backend and IPA 
plugins that use it (i.e. almost all IPA plugins). I tried to make the new 
backend more powerful and flexible. Unfortunately, to take full advantage of the 
new potential, old plugins had to be rewritten. As there were several 
inconsistencies across them (output, naming and sometimes even behavior) and 
about half of them were still using old features from IPAv1, I thought that some 
re-factoring couldn't hurt after all.

After porting a few plugins to the new backend, I realized that most of them 
were doing pretty much the same thing - manipulating LDAP entries. The only 
difference was that some plugins were generating attributes in specific ways 
based on user input. So, I figured that most of the generic work could be done 
in one place and that's when I started working on these new base classes.

Let's take a quick look at them:

LDAPObject
  - extends frontend.Object
  - represents a type of LDAP entry
    (or sub-entry if a parent_key=True parameter is present)

The following methods are to be used with LDAPObject, they are named after the 
CRUD methods they extend with an 'LDAP' prefix. They take 1 argument (the 
primary key) in the case their LDAPObject is an entry and 2 arguments (the 
parent and primary key, in that order) if their LDAPObject is a subentry:

LDAPCreate
LDAPRetrieve
LDAPUpdate
LDAPDelete

Then there's LDAPSearch, which is a bit special. It takes only the optional 
criteria argument if its LDAPObject is an entry. If its LDAPObject is a 
sub-entry then it requires the parent key as the first argument. The search 
logic works as follows:

1) If there is no parameters (except for the parent key in the case of 
sub-entries), all entries of the given type are returned.

2) If there is only the criteria parameter, all entries of the given type with 
one or more of their default attributes containing the value of criteria are 
returned.

3) If there is an options specified, all entries of the given type with the 
corresponding attribute EQUAL to the value specified are returned. If more than 
one options is specified this way, only entries matching ALL the conditions are 
returned.

2) and 3) can be combined, so for example, we can make a search for entries who 
have a specific attribute equal to 'foo' and some of their other attributes 
containing 'bar'.

All of these base classes implement a 'callback' method, that is called just 
before invoking python-ldap through the backend. Subclasses can use it to 
execute their specific code after all the boring stuff has been done for them.

In the future I'm planning to write more base classes for other uses cases such 
as adding/removing values from multivalued attributes.


Patches descriptions:
---------------------

0001: Make it possible for subclasses of Command and co. to use their own 
__public__.

The problem was with PluginProxy only taking the base class' __public__ into 
consideration.


0002: Add parent_key to keyword arguments of Param base class.


0003: Add support for parent key in Object base class.


0004: Make CRUD base classes take parent key parameters into consideration when
generating args.


0005: Add delete_tree method to ldap2 allowing recursive deletes of whole LDAP 
branches.

Some plugins were doing this "manually", so I figured it might as well be 
provided by the LDAP API.


0006: Add new set of base classes for plugins using LDAP.


To see the new bases classes in action, take a look at the next patch I'm about 
to send to freeipa-devel.

Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Make-it-possible-for-subclasses-of-Command-and-co.-t.patch
Type: application/mbox
Size: 963 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090604/a8a8fe4f/attachment.mbox>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Add-parent_key-to-keyword-arguments-of-Param-base-cl.patch
Type: application/mbox
Size: 784 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090604/a8a8fe4f/attachment-0001.mbox>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-Add-support-for-parent-key-in-Object-base-class.patch
Type: application/mbox
Size: 2865 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090604/a8a8fe4f/attachment-0002.mbox>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Make-CRUD-base-classes-take-parent-key-parameters-in.patch
Type: application/mbox
Size: 2188 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090604/a8a8fe4f/attachment-0003.mbox>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-Add-delete_tree-method-to-ldap2-allowing-recursive-d.patch
Type: application/mbox
Size: 3114 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090604/a8a8fe4f/attachment-0004.mbox>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0006-Add-new-set-of-base-classes-for-plugins-using-LDAP.patch
Type: application/mbox
Size: 9056 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090604/a8a8fe4f/attachment-0005.mbox>


More information about the Freeipa-devel mailing list