Univention Bugzilla – Attachment 4486 Details for
Bug 26515
Rejected DNs sollten geblockt werden
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
bug_26515.patch
bug_26515.patch (text/plain), 7.05 KB, created by
Stefan Gohmann
on 2012-06-28 07:31 CEST
(
hide
)
Description:
bug_26515.patch
Filename:
MIME Type:
Creator:
Stefan Gohmann
Created:
2012-06-28 07:31 CEST
Size:
7.05 KB
patch
obsolete
>Index: modules/univention/s4connector/s4/__init__.py >=================================================================== >--- modules/univention/s4connector/s4/__init__.py (Revision 33813) >+++ modules/univention/s4connector/s4/__init__.py (Arbeitskopie) >@@ -664,14 +664,11 @@ > > self.open_s4() > >- if not self.config.has_section('S4'): >- ud.debug(ud.LDAP, ud.INFO,"__init__: init add config section 'S4'") >- self.config.add_section('S4') >+ for section in ['S4', 'S4 rejected', 'S4 rejected timestamp', 'S4 GUID' ]: >+ if not self.config.has_section(section): >+ ud.debug(ud.LDAP, ud.INFO,"__init__: init add config section %s" % section) >+ self.config.add_section(section) > >- if not self.config.has_section('S4 rejected'): >- ud.debug(ud.LDAP, ud.INFO,"__init__: init add config section 'S4 rejected'") >- self.config.add_section('S4 rejected') >- > if not self.config.has_option('S4','lastUSN'): > ud.debug(ud.LDAP, ud.INFO,"__init__: init lastUSN with 0") > self._set_config_option('S4','lastUSN','0') >@@ -679,9 +676,6 @@ > else: > self.__lastUSN=int(self._get_config_option('S4','lastUSN')) > >- if not self.config.has_section('S4 GUID'): >- ud.debug(ud.LDAP, ud.INFO,"__init__: init add config section 'S4 GUID'") >- self.config.add_section('S4 GUID') > try: > # LDAP_SERVER_SHOW_DELETED_OID -> 1.2.840.113556.1.4.417 > self.ctrl_show_deleted = LDAPControl('1.2.840.113556.1.4.417',criticality=1) >@@ -824,6 +818,8 @@ > _d=ud.function('ldap._save_rejected') > try: > self._set_config_option('S4 rejected',str(id),compatible_modstring(dn)) >+ if not self._get_config_option('S4 rejected timestamp', compatible_modstring(dn.lower())): >+ self._set_config_option('S4 rejected timestamp', compatible_modstring(dn.lower()), time.time()) > except UnicodeEncodeError, msg: > self._set_config_option('S4 rejected',str(id),'unknown') > self._debug_traceback(ud.WARN, >@@ -835,8 +831,23 @@ > > def _remove_rejected(self,id): > _d=ud.function('ldap._remove_rejected') >+ dn = self._get_rejected(str(id)) > self._remove_config_option('S4 rejected',str(id)) > >+ # Remove the timestamp entry for this rejected DN if this is the last >+ # rejected object with this DN >+ if dn: >+ found = False >+ for f, d in self.list_rejected(): >+ if d.lower() == dn.lower(): >+ found = True >+ break >+ if not found: >+ self._remove_config_option('S4 rejected timestamp',dn.lower()) >+ >+ def _get_rejected_timestamp(self, dn): >+ return self._get_config_option('S4 rejected timestamp',dn.lower()) >+ > def _list_rejected(self): > _d=ud.function('ldap._list_rejected') > result = [] >@@ -2081,7 +2092,25 @@ > return True > > pre_mapped_ucs_old_dn = old_dn >- >+ >+ ## Is the object rejected in S4? >+ # If sync_mode is not sync, it does not matter >+ if self.property[property_type].sync_mode == 'sync': >+ t_s4 = self._get_rejected_timestamp(pre_mapped_ucs_dn.lower()) >+ t_ucs = self._get_rejected_timestamp_ucs(object['dn'].lower()) >+ if t_s4: >+ ud.debug(ud.LDAP, ud.PROCESS, 't_s4=%s'% float(t_s4)) >+ if t_ucs: >+ ud.debug(ud.LDAP, ud.PROCESS, 't_ucs=%s'% float(t_ucs)) >+ >+ if t_s4: >+ # We have a rejected UCS object, so check the timestamp >+ if not t_ucs or float(t_s4) < float(t_ucs): >+ if t_ucs: >+ ud.debug(ud.LDAP, ud.PROCESS, 'This object is already rejected in the different direction (S4 to UCS). This direction (UCS to S4) will now also rejected until the firsrst rejection is solved.') >+ # The UCS object is older, this object must be synced first >+ return False >+ > if old_dn: > ud.debug(ud.LDAP, ud.INFO, "move %s from [%s] to [%s]" % (property_type, old_dn, object['dn'])) > if hasattr ( self.property[property_type], 'dn_mapping_function' ): >@@ -2272,7 +2301,7 @@ > modlist.append((ldap.MOD_DELETE, yank_empty_attr, None)) > > if modlist: >- ud.debug(ud.LDAP, ud.INFO, "sync_from_ucs: modlist: %s" % modlist) >+ ud.debug(ud.LDAP, ud.PROCESS, "sync_from_ucs: modlist: %s" % modlist) > self.lo_s4.lo.modify_ext_s(compatible_modstring(object['dn']), compatible_modlist(modlist), serverctrls=self.serverctrls_for_add_and_modify) > > >Index: modules/univention/s4connector/__init__.py >=================================================================== >--- modules/univention/s4connector/__init__.py (Revision 33813) >+++ modules/univention/s4connector/__init__.py (Arbeitskopie) >@@ -409,9 +409,9 @@ > > self.open_ucs() > >- for section in ['DN Mapping UCS','DN Mapping CON','UCS rejected']: >+ for section in ['DN Mapping UCS', 'DN Mapping CON', 'UCS rejected', 'UCS rejected timestamp']: > if not self.config.has_section(section): >- self.config.add_section(section) >+ self.config.add_section(section) > > ud.debug(ud.LDAP, ud.INFO, "init finished") > >@@ -488,6 +488,8 @@ > def _save_rejected_ucs(self, filename, dn): > _d=ud.function('ldap._save_rejected_ucs') > self._set_config_option('UCS rejected',filename,dn) >+ if not self._get_config_option('UCS rejected timestamp', dn.lower()): >+ self._set_config_option('UCS rejected timestamp', dn.lower(), time.time()) > > def _get_rejected_ucs(self, filename): > _d=ud.function('ldap._get_rejected_ucs') >@@ -495,8 +497,20 @@ > > def _remove_rejected_ucs(self,filename): > _d=ud.function('ldap._remove_rejected_ucs') >+ dn = self._get_rejected_ucs(filename) > self._remove_config_option('UCS rejected',filename) > >+ # Remove the timestamp entry for this rejected DN if this is the last >+ # rejected object with this DN >+ if dn: >+ found = False >+ for f, d in self.list_rejected_ucs(): >+ if d.lower() == dn.lower(): >+ found = True >+ break >+ if not found: >+ self._remove_config_option('UCS rejected timestamp',dn.lower()) >+ > def _list_rejected_ucs(self): > _d=ud.function('ldap._list_rejected_ucs') > result = [] >@@ -513,6 +527,9 @@ > > def list_rejected_ucs(self): > return self._get_config_items('UCS rejected') >+ >+ def _get_rejected_timestamp_ucs(self, dn): >+ return self._get_config_option('UCS rejected timestamp',dn.lower()) > > def _encode_dn_as_config_option(self, dn): > return dn >@@ -1243,6 +1260,24 @@ > ud.debug(ud.LDAP, ud.INFO, "sync_to_ucs ignored, sync_mode is %s" % self.property[property_type].sync_mode) > return True > >+ ## Is the object rejected in UCS? >+ # If sync_mode is not sync, it does not matter >+ if self.property[property_type].sync_mode == 'sync': >+ t_s4 = self._get_rejected_timestamp(premapped_s4_dn.lower()) >+ t_ucs = self._get_rejected_timestamp_ucs(object['dn'].lower()) >+ if t_s4: >+ ud.debug(ud.LDAP, ud.PROCESS, 't_s4=%s'% float(t_s4)) >+ if t_ucs: >+ ud.debug(ud.LDAP, ud.PROCESS, 't_ucs=%s'% float(t_ucs)) >+ >+ if t_ucs: >+ # We have a rejected UCS object, so check the timestamp >+ if not t_s4 or float(t_ucs) < float(t_s4): >+ if t_s4: >+ ud.debug(ud.LDAP, ud.PROCESS, 'This object is already rejected in the different direction (UCS to S4 LDAP). This direction (S4 to UCS) will now also rejected until the first rejection will solved.') >+ # The UCS object is older, this object must be synced first >+ return False >+ > if object.has_key('olddn'): > old_object = self.get_ucs_object(property_type,object['olddn']) > else:
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Actions:
View
|
Diff
Attachments on
bug 26515
: 4486