diff options
author | Simo Sorce <ssorce@redhat.com> | 2011-03-14 15:22:27 -0400 |
---|---|---|
committer | Adam Young <ayoung@redhat.com> | 2011-03-14 15:26:07 -0400 |
commit | 0b6b2342d0d723336b2c612460e3b7ec43f21112 (patch) | |
tree | 3129ef1ef3aa232fb79bb17ef27a5814a85a8147 | |
parent | dcf7a18b4ea40fcc3927121452a883a5a1fd391b (diff) | |
download | freeipa-0b6b2342d0d723336b2c612460e3b7ec43f21112.tar.gz freeipa-0b6b2342d0d723336b2c612460e3b7ec43f21112.tar.xz freeipa-0b6b2342d0d723336b2c612460e3b7ec43f21112.zip |
Domain to Realm
Explicitly use the realm specified on the command line.
Many places were assuming that the domain and realm were the same.
https://bugzilla.redhat.com/show_bug.cgi?id=684690
https://fedorahosted.org/freeipa/ticket/1091
-rw-r--r-- | ipaserver/install/ldapupdate.py | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index 0cee70ba9..a2eebebcc 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -67,13 +67,16 @@ class LDAPUpdate: self.pw_name = pwd.getpwuid(os.geteuid()).pw_name - krbctx = krbV.default_context() - try: - self.realm = krbctx.default_realm - suffix = util.realm_to_suffix(self.realm) - except krbV.Krb5Error: - self.realm = None - suffix = None + if sub_dict.get("REALM"): + self.realm = sub_dict["REALM"] + else: + krbctx = krbV.default_context() + try: + self.realm = krbctx.default_realm + suffix = util.realm_to_suffix(self.realm) + except krbV.Krb5Error: + self.realm = None + suffix = None domain = ipautil.get_domain_name() libarch = self.__identify_arch() @@ -84,7 +87,7 @@ class LDAPUpdate: raise RuntimeError("Unable to determine hostname") else: fqdn = "ldapi://%%2fvar%%2frun%%2fslapd-%s.socket" % "-".join( - domain.upper().split(".") + self.realm.split(".") ) if not self.sub_dict.get("REALM") and self.realm is not None: @@ -108,7 +111,7 @@ class LDAPUpdate: # Try out the password #if not self.ldapi: try: - conn = ipaldap.IPAdmin(fqdn, ldapi=True, realm=domain.upper()) + conn = ipaldap.IPAdmin(fqdn, ldapi=True, realm=self.realm) conn.do_simple_bind(binddn="cn=directory manager", bindpw=self.dm_password) conn.unbind() except ldap.CONNECT_ERROR: @@ -659,7 +662,9 @@ class LDAPUpdate: # self.conn = ipaldap.IPAdmin(ldapi=True, realm=self.realm) # self.conn.do_external_bind(self.pw_name) #else: - self.conn = ipaldap.IPAdmin(self.sub_dict['FQDN'], ldapi=self.ldapi, realm=self.sub_dict['DOMAIN'].upper()) + self.conn = ipaldap.IPAdmin(self.sub_dict['FQDN'], + ldapi=self.ldapi, + realm=self.realm) self.conn.do_simple_bind(bindpw=self.dm_password) else: raise RuntimeError("Offline updates are not supported.") |