def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys,
**options):
"""
Remove memberPrincipal values. This is done afterward because it
isn't a DN and the LDAPAddMember method explicitly only handles DNs.
See servicedelegation_add_member() for an explanation of what
failedattr is.
"""
ldap = self.obj.backend
failed[self.principal_failedattr] = {}
failed[self.principal_failedattr][self.principal_attr] = []
names = options.get(self.member_names[self.principal_attr], [])
if names:
for name in names:
if not name:
continue
name = normalize_principal(name)
try:
if name in entry_attrs.get(self.principal_attr, []):
entry_attrs[self.principal_attr].remove(name)
else:
raise errors.NotGroupMember()
except errors.PublicError as e:
failed[self.principal_failedattr][
self.principal_attr].append((name, unicode(e)))
else:
completed += 1
try:
ldap.update_entry(entry_attrs)
except errors.EmptyModlist:
pass
return completed, dn
def remove_entry_from_group(self, dn, group_dn, member_attr='member'):
"""Remove entry from group."""
assert isinstance(dn, DN)
assert isinstance(group_dn, DN)
self.log.debug(
"remove_entry_from_group: dn=%s group_dn=%s member_attr=%s", dn,
group_dn, member_attr)
# remove dn from group entry's `member_attr` attribute
modlist = [(_ldap.MOD_DELETE, member_attr, [dn])]
# update group entry
try:
with self.error_handler():
modlist = [(a, b, self.encode(c)) for a, b, c in modlist]
self.conn.modify_s(str(group_dn), modlist)
except errors.MidairCollision:
raise errors.NotGroupMember()