keystone.common.ldap package

Submodules

keystone.common.ldap.core module

class keystone.common.ldap.core.BaseLdap(conf)[source]

Bases: object

DEFAULT_EXTRA_ATTR_MAPPING = []
DEFAULT_FILTER = None
DEFAULT_ID_ATTR = 'cn'
DEFAULT_OBJECTCLASS = None
DEFAULT_OU = None
DEFAULT_STRUCTURAL_CLASSES = None
DEFAULT_SUFFIX = 'dc=example,dc=com'
DUMB_MEMBER_DN = 'cn=dumb,dc=nonexistent'
NotFound = None
affirm_unique(values)[source]
attribute_ignore = []
attribute_options_names = {}
check_allow_create()[source]
check_allow_delete()[source]
check_allow_update()[source]
create(values)[source]
delete(object_id)[source]
deleteTree(object_id)[source]
get(object_id, ldap_filter=None)[source]
get_all(ldap_filter=None)[source]
get_by_name(name, ldap_filter=None)[source]
get_connection(user=None, password=None)[source]
immutable_attrs = []
model = None
notfound_arg = None
options_name = None
tree_dn = None
update(object_id, values, old_obj=None)[source]
class keystone.common.ldap.core.EnabledEmuMixIn(conf)[source]

Bases: keystone.common.ldap.core.BaseLdap

Emulates boolean ‘enabled’ attribute if turned on.

Creates groupOfNames holding all enabled objects of this class, all missing objects are considered disabled.

Options:

  • $name_enabled_emulation - boolean, on/off
  • $name_enabled_emulation_dn - DN of that groupOfNames, default is cn=enabled_${name}s,${tree_dn}

Where ${name}s is the plural of self.options_name (‘users’ or ‘tenants’), ${tree_dn} is self.tree_dn.

create(values)[source]
delete(object_id)[source]
get(object_id, ldap_filter=None)[source]
get_all(ldap_filter=None)[source]
update(object_id, values, old_obj=None)[source]
class keystone.common.ldap.core.LdapWrapper(url, page_size, alias_dereferencing=None, use_tls=False, tls_cacertfile=None, tls_cacertdir=None, tls_req_cert='demand', chase_referrals=None)[source]

Bases: object

add_s(dn, attrs)[source]
delete_ext_s(dn, serverctrls)[source]
delete_s(dn)[source]
modify_s(dn, modlist)[source]
paged_search_s(dn, scope, query, attrlist=None)[source]
search_s(dn, scope, query, attrlist=None)[source]
simple_bind_s(user, password)[source]
unbind_s()[source]
keystone.common.ldap.core.convert_ldap_result(ldap_result)[source]

Convert LDAP search result to Python types used by OpenStack.

Each result tuple is of the form (dn, attrs), where dn is a string containing the DN (distinguished name) of the entry, and attrs is a dictionary containing the attributes associated with the entry. The keys of attrs are strings, and the associated values are lists of strings.

OpenStack wants to use Python types of its choosing. Strings will be unicode, truth values boolean, whole numbers int’s, etc. DN’s will also be decoded from UTF-8 to unicode.

Parameters:ldap_result – LDAP search result
Returns:list of 2-tuples containing (dn, attrs) where dn is unicode and attrs is a dict whose values are type converted to OpenStack preferred types.
keystone.common.ldap.core.dn_startswith(descendant_dn, dn)[source]

Returns True if and only if the descendant_dn is under the dn.

Parameters:
  • descendant_dn – Either a string DN or a DN parsed by ldap.dn.str2dn.
  • dn – Either a string DN or a DN parsed by ldap.dn.str2dn.
keystone.common.ldap.core.get_handler(conn_url)[source]
keystone.common.ldap.core.is_ava_value_equal(attribute_type, val1, val2)[source]

Returns True if and only if the AVAs are equal.

When comparing AVAs, the equality matching rule for the attribute type should be taken into consideration. For simplicity, this implementation does a case-insensitive comparison.

Note that this function uses prep_case_insenstive so the limitations of that function apply here.

keystone.common.ldap.core.is_dn_equal(dn1, dn2)[source]

Returns True if and only if the DNs are equal.

Two DNs are equal if they’ve got the same number of RDNs and if the RDNs are the same at each position. See RFC4517.

Note that this function uses is_rdn_equal to compare RDNs so the limitations of that function apply here.

Parameters:
  • dn1 – Either a string DN or a DN parsed by ldap.dn.str2dn.
  • dn2 – Either a string DN or a DN parsed by ldap.dn.str2dn.
keystone.common.ldap.core.is_rdn_equal(rdn1, rdn2)[source]

Returns True if and only if the RDNs are equal.

  • RDNs must have the same number of AVAs.
  • Each AVA of the RDNs must be the equal for the same attribute type. The order isn’t significant. Note that an attribute type will only be in one AVA in an RDN, otherwise the DN wouldn’t be valid.
  • Attribute types aren’t case sensitive. Note that attribute type comparison is more complicated than implemented. This function only compares case-insentive. The code should handle multiple names for an attribute type (e.g., cn, commonName, and 2.5.4.3 are the same).

Note that this function uses is_ava_value_equal to compare AVAs so the limitations of that function apply here.

keystone.common.ldap.core.ldap2py(val)[source]

Convert an LDAP formatted value to Python type used by OpenStack.

Virtually all LDAP values are stored as UTF-8 encoded strings. OpenStack prefers values which are Python types, e.g. unicode, boolean, integer, etc.

Parameters:val – LDAP formatted value
Returns:val converted to preferred Python type
keystone.common.ldap.core.ldap_scope(scope)[source]
keystone.common.ldap.core.parse_deref(opt)[source]
keystone.common.ldap.core.parse_tls_cert(opt)[source]
keystone.common.ldap.core.prep_case_insensitive(value)[source]

Prepare a string for case-insensitive comparison.

This is defined in RFC4518. For simplicity, all this function does is lowercase all the characters, strip leading and trailing whitespace, and compress sequences of spaces to a single space.

keystone.common.ldap.core.py2ldap(val)[source]

Type convert a Python value to a type accepted by LDAP (unicode).

The LDAP API only accepts strings for values therefore convert the value’s type to a unicode string. A subsequent type conversion will encode the unicode as UTF-8 as required by the python-ldap API, but for now we just want a string representation of the value.

Parameters:val – The value to convert to a LDAP string representation
Returns:unicode string representation of value.
keystone.common.ldap.core.register_handler(prefix, handler)[source]
keystone.common.ldap.core.safe_iter(attrs)[source]
keystone.common.ldap.core.utf8_decode(value)[source]

Decode a from UTF-8 into unicode.

If the value is a binary string assume it’s UTF-8 encoded and decode it into a unicode string. Otherwise convert the value from its type into a unicode string.

Parameters:value – value to be returned as unicode
Returns:value as unicode
Raises:UnicodeDecodeError for invalid UTF-8 encoding
keystone.common.ldap.core.utf8_encode(value)[source]

Encode a basestring to UTF-8.

If the string is unicode encode it to UTF-8, if the string is str then assume it’s already encoded. Otherwise raise a TypeError.

Parameters:value – A basestring
Returns:UTF-8 encoded version of value
Raises:TypeError if value is not basestring

Module contents

Table Of Contents

Previous topic

keystone.common.kvs.backends package

Next topic

keystone.common.sql package

This Page