def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): """ Remove memberPrincipal values. This is done afterward because it isn't a DN and the LDAPAddMember method explicitly only handles DNs. See servicedelegation_add_member() for an explanation of what failedattr is. """ ldap = self.obj.backend failed[self.principal_failedattr] = {} failed[self.principal_failedattr][self.principal_attr] = [] names = options.get(self.member_names[self.principal_attr], []) if names: for name in names: if not name: continue name = normalize_principal(name) try: if name in entry_attrs.get(self.principal_attr, []): entry_attrs[self.principal_attr].remove(name) else: raise errors.NotGroupMember() except errors.PublicError as e: failed[self.principal_failedattr][ self.principal_attr].append((name, unicode(e))) else: completed += 1 try: ldap.update_entry(entry_attrs) except errors.EmptyModlist: pass return completed, dn
def remove_entry_from_group(self, dn, group_dn, member_attr='member'): """Remove entry from group.""" assert isinstance(dn, DN) assert isinstance(group_dn, DN) self.log.debug( "remove_entry_from_group: dn=%s group_dn=%s member_attr=%s", dn, group_dn, member_attr) # remove dn from group entry's `member_attr` attribute modlist = [(_ldap.MOD_DELETE, member_attr, [dn])] # update group entry try: with self.error_handler(): modlist = [(a, b, self.encode(c)) for a, b, c in modlist] self.conn.modify_s(str(group_dn), modlist) except errors.MidairCollision: raise errors.NotGroupMember()