diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-08-26 14:09:36 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2009-08-27 13:36:58 -0400 |
commit | cab55250760ad1633ed115564f83750fd91e230d (patch) | |
tree | 059651fa5008c50d17c8b01a1521705bee9f2478 /ipaserver/plugins | |
parent | 08fc563212faeca9aa4dc9339acedcac3751ca5d (diff) | |
download | freeipa-cab55250760ad1633ed115564f83750fd91e230d.tar.gz freeipa-cab55250760ad1633ed115564f83750fd91e230d.tar.xz freeipa-cab55250760ad1633ed115564f83750fd91e230d.zip |
Enable ldapi connections in the management framework.
If you don't want to use ldapi then you can remove the ldap_uri setting
in /etc/ipa/default.conf. The default for the framework is to use
ldap://localhost:389/
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r-- | ipaserver/plugins/ldap2.py | 31 |
1 files changed, 11 insertions, 20 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 9587cbe2e..6e3c86946 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -115,9 +115,7 @@ def _get_url(host, port, using_cacert=False): return 'ldap://%s:%d' % (host, port) # retrieves LDAP schema from server -def _load_schema(host, port): - url = _get_url(host, port) - +def _load_schema(url): try: conn = _ldap.initialize(url) # assume anonymous access is enabled @@ -136,7 +134,7 @@ def _load_schema(host, port): return _ldap.schema.SubSchema(schema_entry[1]) # cache schema when importing module -_schema = _load_schema(api.env.ldap_host, api.env.ldap_port) +_schema = _load_schema(api.env.ldap_uri) def _get_syntax(attr, value): schema = api.Backend.ldap2._schema @@ -164,28 +162,25 @@ class ldap2(CrudBackend, Encoder): self.encoder_settings.decode_dict_vals_table = _syntax_mapping self.encoder_settings.decode_dict_vals_table_keygen = _get_syntax self.encoder_settings.decode_postprocessor = lambda x: string.lower(x) - self._host = api.env.ldap_host - self._port = api.env.ldap_port + self._ldapuri = api.env.ldap_uri self._schema = _schema - self._ssl = False CrudBackend.__init__(self) def __del__(self): self.disconnect() def __str__(self): - return _get_url(self._host, self._port, self._ssl) + return self._ldapuri @encode_args(3, 4, 'bind_dn', 'bind_pw') - def create_connection(self, host=None, port=None, ccache=None, + def create_connection(self, ldapuri=None, ccache=None, bind_dn='', bind_pw='', debug_level=255, tls_cacertfile=None, tls_certfile=None, tls_keyfile=None): """ Connect to LDAP server. Keyword arguments: - host -- hostname or IP of the server. - port -- port number + ldapuri -- the LDAP server to connect to ccache -- Kerberos V5 ccache name bind_dn -- dn used to bind to the server bind_pw -- password used to bind to the server @@ -196,25 +191,21 @@ class ldap2(CrudBackend, Encoder): Extends backend.Connectible.create_connection. """ - if host is not None: - self._host = host - if port is not None: - self._port = port + if ldapuri is not None: + self._ldapuri = ldapuri # if we don't have this server's schema cached, do it now - if self._host != api.env.ldap_host or self._port != api.env.ldap_port: - self._schema = _load_schema(self._host, self._port) + if self._ldapuri != api.env.ldap_uri: + self._schema = _load_schema(self._ldapuri) if tls_cacertfile is not None: _ldap.set_option(_ldap.OPT_X_TLS_CACERTFILE, tls_cacertfile) - self._ssl = True if tls_certfile is not None: _ldap.set_option(_ldap.OPT_X_TLS_CERTFILE, tls_certfile) - self._ssl = True if tls_keyfile is not None: _ldap.set_option(_ldap.OPT_X_TLS_KEYFILE, tls_keyfile) - conn = _ldap.initialize(str(self)) + conn = _ldap.initialize(self._ldapuri) if ccache is not None: os.environ['KRB5CCNAME'] = ccache conn.sasl_interactive_bind_s('', _sasl_auth) |