summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPetr Viktorin <pviktori@redhat.com>2013-01-30 08:22:44 -0500
committerMartin Kosek <mkosek@redhat.com>2013-03-01 16:59:46 +0100
commitfe138877d3246653e27d0024602ceb96cd07782e (patch)
treeee338eeeb3a7695dde6d4564f4f7e9213df1fc06
parentaef4c82f47a49e7e81b1c740d8575bad7cf1cf64 (diff)
downloadfreeipa-fe138877d3246653e27d0024602ceb96cd07782e.tar.gz
freeipa-fe138877d3246653e27d0024602ceb96cd07782e.tar.xz
freeipa-fe138877d3246653e27d0024602ceb96cd07782e.zip
Use IPAdmin rather than raw python-ldap in migration.bind
The get_base_dn function still uses python-ldap because get_ipa_basedn is shared with client code, which doesn't have access to uor LDAP wrappers. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
-rw-r--r--install/migration/migration.py19
1 files changed, 11 insertions, 8 deletions
diff --git a/install/migration/migration.py b/install/migration/migration.py
index 7da7443df..38f280f4b 100644
--- a/install/migration/migration.py
+++ b/install/migration/migration.py
@@ -29,6 +29,8 @@ import wsgiref
from ipapython.ipa_log_manager import root_logger
from ipapython.ipautil import get_ipa_basedn
from ipapython.dn import DN
+from ipalib import errors
+from ipaserver.ipaldap import IPAdmin
def convert_exception(error):
@@ -79,17 +81,18 @@ def bind(ldap_uri, base_dn, username, password):
raise IOError(errno.EIO, 'Cannot get Base DN')
bind_dn = DN(('uid', username), ('cn', 'users'), ('cn', 'accounts'), base_dn)
try:
- conn = ldap.initialize(ldap_uri)
- conn.simple_bind_s(str(bind_dn), password)
- except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM,
- ldap.NO_SUCH_OBJECT), e:
- root_logger.error('migration invalid credentials for %s: %s' % (bind_dn, convert_exception(e)))
- raise IOError(errno.EPERM, 'Invalid LDAP credentials for user %s' % username)
- except ldap.LDAPError, e:
+ conn = IPAdmin(ldap_uri=ldap_uri)
+ conn.do_simple_bind(str(bind_dn), password)
+ except (errors.ACIError, errors.DatabaseError, errors.NotFound), e:
+ root_logger.error(
+ 'migration invalid credentials for %s: %s' % (bind_dn, e))
+ raise IOError(
+ errno.EPERM, 'Invalid LDAP credentials for user %s' % username)
+ except Exception, e:
root_logger.error('migration bind failed: %s' % convert_exception(e))
raise IOError(errno.EIO, 'Bind error')
finally:
- conn.unbind_s()
+ conn.unbind()
def application(environ, start_response):