diff options
| author | Martin Basti <mbasti@redhat.com> | 2014-08-27 15:06:42 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-09-26 13:21:15 +0200 |
| commit | 29ba9d9d26b92498902d40d71adae193308b5c92 (patch) | |
| tree | 9b188a66b8ff28869102fe2263dd5902916d0204 /ipapython | |
| parent | dea825fd9cdd36a6fa371b2a5e1d1f35c177c6ef (diff) | |
| download | freeipa-29ba9d9d26b92498902d40d71adae193308b5c92.tar.gz freeipa-29ba9d9d26b92498902d40d71adae193308b5c92.tar.xz freeipa-29ba9d9d26b92498902d40d71adae193308b5c92.zip | |
Refactoring of autobind, object_exists
Required to prevent code duplications
ipaldap.IPAdmin now has method do_bind, which tries several bind methods
ipaldap.IPAClient now has method object_exists(dn)
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/ipaldap.py | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index 2818f787b..1702daa25 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -27,6 +27,8 @@ from decimal import Decimal from copy import deepcopy import contextlib import collections +import os +import pwd import ldap import ldap.sasl @@ -53,6 +55,10 @@ _debug_log_ldap = False _missing = object() +# Autobind modes +AUTOBIND_AUTO = 1 +AUTOBIND_ENABLED = 2 +AUTOBIND_DISABLED = 3 def unicode_from_utf8(val): ''' @@ -1633,6 +1639,18 @@ class LDAPClient(object): with self.error_handler(): self.conn.delete_s(dn) + def entry_exists(self, dn): + """ + Test whether the given object exists in LDAP. + """ + assert isinstance(dn, DN) + try: + self.get_entry(dn, attrs_list=[]) + except errors.NotFound: + return False + else: + return True + class IPAdmin(LDAPClient): @@ -1742,6 +1760,25 @@ class IPAdmin(LDAPClient): self.__bind_with_wait( self.conn.sasl_interactive_bind_s, timeout, None, auth_tokens) + def do_bind(self, dm_password="", autobind=AUTOBIND_AUTO, timeout=DEFAULT_TIMEOUT): + if dm_password: + self.do_simple_bind(bindpw=dm_password, timeout=timeout) + return + if autobind != AUTOBIND_DISABLED and os.getegid() == 0 and self.ldapi: + try: + # autobind + pw_name = pwd.getpwuid(os.geteuid()).pw_name + self.do_external_bind(pw_name, timeout=timeout) + return + except errors.NotFound, e: + if autobind == AUTOBIND_ENABLED: + # autobind was required and failed, raise + # exception that it failed + raise + + #fall back + self.do_sasl_gssapi_bind(timeout=timeout) + def modify_s(self, *args, **kwargs): # FIXME: for backwards compatibility only return self.conn.modify_s(*args, **kwargs) |