[Freeipa-devel] [PATCHES] 225-230 Drop support for the legacy LDAP API

Jan Cholasta jcholast at redhat.com
Wed Jan 22 16:47:36 UTC 2014 

On 20.1.2014 12:23, Petr Viktorin wrote:
> On 01/14/2014 11:31 AM, Jan Cholasta wrote:
>> On 10.1.2014 16:02, Petr Viktorin wrote:
>>> On 01/07/2014 01:54 PM, Jan Cholasta wrote:
>>>> On 16.12.2013 14:45, Petr Viktorin wrote:
>>>>> On 12/16/2013 10:22 AM, Jan Cholasta wrote:
>>>>>> On 13.12.2013 15:16, Petr Viktorin wrote:
>>>>>>> On 12/10/2013 04:05 PM, Jan Cholasta wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I believe the time has come to drop support for the legacy (dn,
>>>>>>>> entry_attrs) tuple API and move to the new LDAPEntry API
>>>>>>>> exclusively.
>>>>>>>> The attached patches convert existing code which uses the old
>>>>>>>> API to
>>>>>>>> the
>>>>>>>> new API and remove backward compatibility code from the ipaldap
>>>>>>>> module.
>>>>>>>>
>>>>>>>> Note that there are still some functions/methods which accept
>>>>>>>> separate
>>>>>>>> dn and entry_attrs arguments, they will be adapted to LDAPEntry
>>>>>>>> later.
>>>>>>>>
>>>>>>>> Honza
>>>>>>>
>>>>>>> The first N-1 patches can be tested,acked,pushed independently,
>>>>>>> right?
>>>>>>
>>>>>> Yes.
>>>>>>
>>>>>>> If that's the case, ACK for 225
>>>>>
>>>>> Pushed that one to master, 5 more to go.
>>>>> bc3f3381c6bf0b4941889b775025a60f56318551
>>>>>
>>>
>>> 226 needs a rebase.
>>>
>>> 227: in install/tools/ipa-adtrust-install:
>>>
>>> +        entry_attrs = conn.make_entry(
>>> +            dn,
>>> +            objectclass=['top', 'pkiuser', 'nscontainer'],
>>> +            usercertificate=cert)
>>> +        conn.add_entry(entry_attrs)
>>>
>>> Shouldn't it be `usercertificate=[cert]` now?  Similarly in ra_cert, and
>>> in ipa-server-install with ipacertificatesubjectbase
>>>
>>> Otherwise this looks good.
>>>
>>> 228: in ipaserver/install/plugins/update_idranges.py, again we should
>>> use lists
>>>
>>> Otherwise it looks good
>>>
>>> 229: ACK
>>>
>>
>> Rebased and fixed everything, updated patches attached.
>
> Here, patch 226 breaks tests for selinuxusermap_enable/disable, at
> least. The EmptyModlist and AlreadyActive/AlreadyInactive error is no
> longer raised, since the previous entry state is no longer retrieved.
>

Well, I forgot to test this patchset after patches for 
<https://fedorahosted.org/freeipa/ticket/3488> were pushed, sorry.

Added new patch 235 which makes LDAPUpdate get old entry state from 
LDAP, it fixes most of the issues in *_mod commands.

Fixed the rest of the issues in patches 226-230 and rebased them on top 
of patch 235.

-- 
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-226.3-Convert-remaining-frontend-code-to-LDAPEntry-API.patch
Type: text/x-patch
Size: 103175 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140122/91844565/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-227.3-Convert-remaining-installer-code-to-LDAPEntry-API.patch
Type: text/x-patch
Size: 14635 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140122/91844565/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-228.3-Convert-remaining-update-code-to-LDAPEntry-API.patch
Type: text/x-patch
Size: 10421 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140122/91844565/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-229.3-Convert-remaining-test-code-to-LDAPEntry-API.patch
Type: text/x-patch
Size: 3334 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140122/91844565/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-230.3-Raise-an-exception-when-legacy-LDAP-API-is-used.patch
Type: text/x-patch
Size: 3254 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140122/91844565/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-235-Get-original-entry-state-from-LDAP-in-LDAPUpdate.patch
Type: text/x-patch
Size: 1106 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140122/91844565/attachment-0005.bin>

More information about the Freeipa-devel mailing list