Use wrapper for sasl gssapi binds so it behaves like other binds

By calling directly sasl_interactive_bind_s() we were not calling __lateinit()
This in turn resulted in some variables like dbdir not to be set on the
IPAadmin object.
Keep all bind types in the same place so the same common sbind steps can be
performed in each case.

Related to: https://fedorahosted.org/freeipa/ticket/1022

1 files changed, 6 insertions, 2 deletions

diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index d2d3d98a7..b72a43ee3 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -36,7 +36,7 @@ from ipaserver import ipautil
 from ipalib import errors
 
 # Global variable to define SASL auth
-sasl_auth = ldap.sasl.sasl({},'GSSAPI')
+SASL_AUTH = ldap.sasl.sasl({},'GSSAPI')
 
 class Entry:
     """
@@ -338,7 +338,7 @@ class IPAdmin(SimpleLDAPObject):
         try:
             if krbccache is not None:
                 os.environ["KRB5CCNAME"] = krbccache
-                self.sasl_interactive_bind_s("", sasl_auth)
+                self.sasl_interactive_bind_s("", SASL_AUTH)
                 self.principal = principal
             self.proxydn = None
         except ldap.LDAPError, e:
@@ -350,6 +350,10 @@ class IPAdmin(SimpleLDAPObject):
         self.simple_bind_s(binddn, bindpw)
         self.__lateinit()
 
+    def do_sasl_gssapi_bind(self):
+        self.sasl_interactive_bind_s('', SASL_AUTH)
+        self.__lateinit()
+
     def do_external_bind(self, user_name=None):
         auth_tokens = ldap.sasl.external(user_name)
         self.sasl_interactive_bind_s("", auth_tokens)