[openstack-keystone] Use newer python-ldap paging control API
Alan Pevec
apevec at fedoraproject.org
Tue Oct 28 23:57:49 UTC 2014
commit 7bf72c1557651328f1dc6c2bd41c748bbc2650ab
Author: Alan Pevec <alan.pevec at redhat.com>
Date: Wed Oct 29 00:56:47 2014 +0100
Use newer python-ldap paging control API
https://bugzilla.redhat.com/show_bug.cgi?id=1153131
...-Use-newer-python-ldap-paging-control-API.patch | 128 ++++++++++++++++++++
openstack-keystone.spec | 3 +-
2 files changed, 130 insertions(+), 1 deletions(-)
---
diff --git a/0003-Use-newer-python-ldap-paging-control-API.patch b/0003-Use-newer-python-ldap-paging-control-API.patch
new file mode 100644
index 0000000..6d0ee64
--- /dev/null
+++ b/0003-Use-newer-python-ldap-paging-control-API.patch
@@ -0,0 +1,128 @@
+From 6133f388f73b21b931462b917c49a8e175b35aa4 Mon Sep 17 00:00:00 2001
+From: Nathan Kinder <nkinder at redhat.com>
+Date: Wed, 15 Oct 2014 15:39:55 -0700
+Subject: [PATCH] Use newer python-ldap paging control API
+
+The API for using the LDAP simple paged results control changed
+between python-ldap version 2.3 and 2.4. Our current implementation
+fails with an AttributeError when trying to use paging with version
+2.4 of python-ldap.
+
+This patch detects the capabilities of the underlying python-ldap
+version and uses the newer API in versions of python-ldap that have
+removed the older API.
+
+Change-Id: I2986e12daea3edf50f299af5927d2a05278e82f7
+Closes-bug: #1381768
+(cherry picked from commit 1be4a15454e6917571bc937e3bb3589e8f79bc55)
+(cherry picked from commit db291b340e63b74d8d240abfc37d03fb163f33f1)
+---
+ keystone/common/ldap/core.py | 32 +++++++++++++++++++------
+ keystone/tests/unit/common/test_ldap.py | 42 +++++++++++++++++++++++++++++++++
+ 2 files changed, 67 insertions(+), 7 deletions(-)
+
+diff --git a/keystone/common/ldap/core.py b/keystone/common/ldap/core.py
+index 3267502..2da70e3 100644
+--- a/keystone/common/ldap/core.py
++++ b/keystone/common/ldap/core.py
+@@ -960,10 +960,24 @@ class KeystoneLDAPHandler(LDAPHandler):
+
+ def _paged_search_s(self, base, scope, filterstr, attrlist=None):
+ res = []
+- lc = ldap.controls.SimplePagedResultsControl(
+- controlType=ldap.LDAP_CONTROL_PAGE_OID,
+- criticality=True,
+- controlValue=(self.page_size, ''))
++ use_old_paging_api = False
++ # The API for the simple paged results control changed between
++ # python-ldap 2.3 and 2.4. We need to detect the capabilities
++ # of the python-ldap version we are using.
++ if hasattr(ldap, 'LDAP_CONTROL_PAGE_OID'):
++ use_old_paging_api = True
++ lc = ldap.controls.SimplePagedResultsControl(
++ controlType=ldap.LDAP_CONTROL_PAGE_OID,
++ criticality=True,
++ controlValue=(self.page_size, ''))
++ page_ctrl_oid = ldap.LDAP_CONTROL_PAGE_OID
++ else:
++ lc = ldap.controls.libldap.SimplePagedResultsControl(
++ criticality=True,
++ size=self.page_size,
++ cookie='')
++ page_ctrl_oid = ldap.controls.SimplePagedResultsControl.controlType
++
+ base_utf8 = utf8_encode(base)
+ filterstr_utf8 = utf8_encode(filterstr)
+ if attrlist is None:
+@@ -983,14 +997,18 @@ class KeystoneLDAPHandler(LDAPHandler):
+ # Receive the data
+ res.extend(rdata)
+ pctrls = [c for c in serverctrls
+- if c.controlType == ldap.LDAP_CONTROL_PAGE_OID]
++ if c.controlType == page_ctrl_oid]
+ if pctrls:
+ # LDAP server supports pagination
+- est, cookie = pctrls[0].controlValue
++ if use_old_paging_api:
++ est, cookie = pctrls[0].controlValue
++ lc.controlValue = (self.page_size, cookie)
++ else:
++ cookie = lc.cookie = pctrls[0].cookie
++
+ if cookie:
+ # There is more data still on the server
+ # so we request another page
+- lc.controlValue = (self.page_size, cookie)
+ msgid = self.conn.search_ext(base_utf8,
+ scope,
+ filterstr_utf8,
+diff --git a/keystone/tests/unit/common/test_ldap.py b/keystone/tests/unit/common/test_ldap.py
+index 61f2fd1..b3e70c9 100644
+--- a/keystone/tests/unit/common/test_ldap.py
++++ b/keystone/tests/unit/common/test_ldap.py
+@@ -349,3 +349,45 @@ class SslTlsTest(tests.TestCase):
+
+ # Ensure the cert trust option is set.
+ self.assertEqual(certdir, ldap.get_option(ldap.OPT_X_TLS_CACERTDIR))
++
++
++class LDAPPagedResultsTest(tests.TestCase):
++ """Tests the paged results functionality in keystone.common.ldap.core."""
++
++ def setUp(self):
++ super(LDAPPagedResultsTest, self).setUp()
++ self.clear_database()
++
++ ks_ldap.register_handler('fake://', fakeldap.FakeLdap)
++ self.addCleanup(common_ldap_core._HANDLERS.clear)
++
++ self.load_backends()
++ self.load_fixtures(default_fixtures)
++
++ def clear_database(self):
++ for shelf in fakeldap.FakeShelves:
++ fakeldap.FakeShelves[shelf].clear()
++
++ def config_overrides(self):
++ super(LDAPPagedResultsTest, self).config_overrides()
++ self.config_fixture.config(
++ group='identity',
++ driver='keystone.identity.backends.ldap.Identity')
++
++ def config_files(self):
++ config_files = super(LDAPPagedResultsTest, self).config_files()
++ config_files.append(tests.dirs.tests_conf('backend_ldap.conf'))
++ return config_files
++
++ @mock.patch.object(fakeldap.FakeLdap, 'search_ext')
++ @mock.patch.object(fakeldap.FakeLdap, 'result3')
++ def test_paged_results_control_api(self, mock_result3, mock_search_ext):
++ mock_result3.return_value = ('', [], 1, [])
++
++ self.config_fixture.config(group='ldap',
++ page_size=1)
++
++ conn = self.identity_api.user.get_connection()
++ conn._paged_search_s('dc=example,dc=test',
++ ldap.SCOPE_SUBTREE,
++ 'objectclass=*')
diff --git a/openstack-keystone.spec b/openstack-keystone.spec
index 71999f8..ed96adc 100644
--- a/openstack-keystone.spec
+++ b/openstack-keystone.spec
@@ -20,9 +20,9 @@ Source21: daemon_notify.sh
Source22: openstack-keystone.init
Source23: openstack-keystone.upstart
-
Patch0001: 0001-remove-runtime-dep-on-python-pbr.patch
Patch0002: 0002-sync-parameter-values-with-keystone-dist.conf.patch
+Patch0003: 0003-Use-newer-python-ldap-paging-control-API.patch
BuildArch: noarch
BuildRequires: python2-devel
@@ -117,6 +117,7 @@ This package contains documentation for Keystone.
%patch0001 -p1
%patch0002 -p1
+%patch0003 -p1
find . \( -name .gitignore -o -name .placeholder \) -delete
find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \;
More information about the scm-commits
mailing list