summaryrefslogtreecommitdiffstats
path: root/pykolab/auth
diff options
context:
space:
mode:
Diffstat (limited to 'pykolab/auth')
-rw-r--r--pykolab/auth/__init__.py17
-rw-r--r--pykolab/auth/ldap/__init__.py21
-rw-r--r--pykolab/auth/ldap/syncrepl.py27
3 files changed, 55 insertions, 10 deletions
diff --git a/pykolab/auth/__init__.py b/pykolab/auth/__init__.py
index 6eaa874..b75f9c3 100644
--- a/pykolab/auth/__init__.py
+++ b/pykolab/auth/__init__.py
@@ -37,15 +37,10 @@ class Auth(pykolab.base.Base):
"""
Initialize the authentication class.
"""
- pykolab.base.Base.__init__(self)
+ pykolab.base.Base.__init__(self, domain=domain)
self._auth = None
- if not domain == None:
- self.domain = domain
- else:
- self.domain = conf.get('kolab', 'primary_domain')
-
def authenticate(self, login):
"""
Verify login credentials supplied in login against the appropriate
@@ -97,8 +92,12 @@ class Auth(pykolab.base.Base):
return
if domain == None:
- section = 'kolab'
- domain = conf.get('kolab', 'primary_domain')
+ if not self.domain == None:
+ section = self.domain
+ domain = self.domain
+ else:
+ section = 'kolab'
+ domain = conf.get('kolab', 'primary_domain')
else:
self.list_domains()
section = domain
@@ -228,6 +227,8 @@ class Auth(pykolab.base.Base):
except:
if not self.domain == kolab_primary_domain:
return [(self.domain, [])]
+ else:
+ domains = []
# If no domains are found, the primary domain is used.
if len(domains) < 1:
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index 441153a..a6a1044 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -868,8 +868,18 @@ class LDAP(pykolab.base.Base):
else:
override_search = False
+ config_base_dn = self.config_get('base_dn')
+ ldap_base_dn = self._kolab_domain_root_dn(self.domain)
+
+ if not ldap_base_dn == None and not ldap_base_dn == config_base_dn:
+ base_dn = ldap_base_dn
+ else:
+ base_dn = config_base_dn
+
+ log.debug(_("Synchronization is searching against base DN: %s") % (base_dn), level=8)
+
self._search(
- self.config_get('base_dn'),
+ base_dn,
filterstr=_filter,
attrlist=[
'*',
@@ -2021,6 +2031,15 @@ class LDAP(pykolab.base.Base):
else:
change = change_dict['change_type']
+ # See if we can find the cache entry - this way we can get to
+ # the value of a (former, on a deleted entry) result_attribute
+ result_attribute = conf.get('cyrus-sasl', 'result_attribute')
+ if not entry.has_key(result_attribute):
+ cache_entry = cache.get_entry(self.domain, entry, update=False)
+
+ if hasattr(cache_entry, 'result_attribute') and change == 'delete':
+ entry[result_attribute] = cache_entry.result_attribute
+
eval(
"self._change_%s_%s(entry, change_dict)" % (
change,
diff --git a/pykolab/auth/ldap/syncrepl.py b/pykolab/auth/ldap/syncrepl.py
index e02e086..03ab5ae 100644
--- a/pykolab/auth/ldap/syncrepl.py
+++ b/pykolab/auth/ldap/syncrepl.py
@@ -5,8 +5,13 @@ import ldap
import ldap.syncrepl
import ldapurl
+import pykolab
+
from pykolab import utils
+log = pykolab.getLogger('pykolab.syncrepl')
+conf = pykolab.getConf()
+
class DNSync(ldap.ldapobject.LDAPObject,ldap.syncrepl.SyncreplConsumer):
callback = None
@@ -28,16 +33,36 @@ class DNSync(ldap.ldapobject.LDAPObject,ldap.syncrepl.SyncreplConsumer):
return self.__db['cookie']
def syncrepl_delete(self, uuids):
+ log.debug("syncrepl_delete uuids: %r" % (uuids), level=8)
+
+ # Get the unique_attribute name to issue along with our
+ # callback (if any)
+ unique_attr = conf.get('ldap', 'unique_attribute')
+ if unique_attr == None:
+ unique_attr = 'entryuuid'
+
+ if unique_attr == 'nsuniqueid':
+ log.warning(
+ _("The name of the persistent, unique attribute " + \
+ "is very probably not compatible with the use of " + \
+ "syncrepl.")
+ )
+
+
for uuid in uuids:
dn = self.__db[uuid]
+ log.debug("syncrepl_delete dn: %r" % (dn), level=8)
+
if not self.callback == None:
self.callback(
change_type='delete',
previous_dn=None,
change_number=None,
dn=dn,
- entry={}
+ entry={
+ unique_attr: uuid
+ }
)
del self.__db[uuid]