diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2011-09-30 10:09:55 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-10-05 10:58:25 +0200 |
| commit | 12bfed37d4d22319e2cfadb5d9b460da7e748432 (patch) | |
| tree | 58deb5415d489ac25bad5df267a2df523ba142cc /ipaserver | |
| parent | a16b5b4c00ca9b82cd40a2c2be22c9e77e0ce64a (diff) | |
| download | freeipa-12bfed37d4d22319e2cfadb5d9b460da7e748432.tar.gz freeipa-12bfed37d4d22319e2cfadb5d9b460da7e748432.tar.xz freeipa-12bfed37d4d22319e2cfadb5d9b460da7e748432.zip | |
Add a function for formatting network locations of the form host:port for use in URLs.
If the host part is a literal IPv6 address, it must be enclosed in square
brackets (RFC 2732).
ticket 1869
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/bindinstance.py | 2 | ||||
| -rw-r--r-- | ipaserver/install/cainstance.py | 10 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 2 | ||||
| -rw-r--r-- | ipaserver/install/replication.py | 6 | ||||
| -rw-r--r-- | ipaserver/ipaldap.py | 7 |
5 files changed, 14 insertions, 13 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index cdf7b939d..f9bd3a84e 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -96,7 +96,7 @@ def dns_container_exists(fqdn, suffix): return True try: - server = ldap.initialize("ldap://" + fqdn) + server = ldap.initialize("ldap://" + ipautil.format_netloc(fqdn)) server.simple_bind_s() except ldap.SERVER_DOWN: raise RuntimeError('LDAP server on %s is not responding. Is IPA installed?' % fqdn) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 6a86e8ccc..d244097d8 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -663,7 +663,7 @@ class CAInstance(service.Service): args.append("-clone_start_tls") args.append("true") args.append("-clone_uri") - args.append("https://%s:%d" % (self.master_host, 443)) + args.append("https://%s" % ipautil.format_netloc(self.master_host, 443)) else: args.append("-clone") args.append("false") @@ -747,7 +747,7 @@ class CAInstance(service.Service): '-p', self.admin_password, '-d', self.ca_agent_db, '-r', '/ca/agent/ca/profileReview?requestId=%s' % self.requestId, - '%s:%d' % (self.fqdn, AGENT_SECURE_PORT), + '%s' % ipautil.format_netloc(self.fqdn, AGENT_SECURE_PORT), ] (stdout, stderr, returncode) = ipautil.run(args, nolog=(self.admin_password,)) @@ -767,7 +767,7 @@ class CAInstance(service.Service): '-d', self.ca_agent_db, '-e', params, '-r', '/ca/agent/ca/profileProcess', - '%s:%d' % (self.fqdn, AGENT_SECURE_PORT), + '%s' % ipautil.format_netloc(self.fqdn, AGENT_SECURE_PORT), ] (stdout, stderr, returncode) = ipautil.run(args, nolog=(self.admin_password,)) @@ -810,7 +810,7 @@ class CAInstance(service.Service): # Create an RA user in the CA LDAP server and add that user to # the appropriate groups so it can issue certificates without # manual intervention. - ld = ldap.initialize("ldap://%s:%d" % (self.fqdn, self.ds_port)) + ld = ldap.initialize("ldap://%s" % ipautil.format_netloc(self.fqdn, self.ds_port)) ld.protocol_version=ldap.VERSION3 ld.simple_bind_s("cn=Directory Manager", self.dm_password) @@ -1035,7 +1035,7 @@ class CAInstance(service.Service): installutils.set_directive(caconfig, 'ca.publish.rule.instance.LdapXCertRule.enable', 'false', quotes=False, separator='=') # Fix the CRL URI in the profile - installutils.set_directive('/var/lib/%s/profiles/ca/caIPAserviceCert.cfg' % PKI_INSTANCE_NAME, 'policyset.serverCertSet.9.default.params.crlDistPointsPointName_0', 'https://%s/ipa/crl/MasterCRL.bin' % self.fqdn, quotes=False, separator='=') + installutils.set_directive('/var/lib/%s/profiles/ca/caIPAserviceCert.cfg' % PKI_INSTANCE_NAME, 'policyset.serverCertSet.9.default.params.crlDistPointsPointName_0', 'https://%s/ipa/crl/MasterCRL.bin' % ipautil.format_netloc(self.fqdn), quotes=False, separator='=') ipaservices.restore_context(publishdir) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 790b560b9..f2b16dfe8 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -112,7 +112,7 @@ def is_ds_running(): def has_managed_entries(host_name, dm_password): """Check to see if the Managed Entries plugin is available""" - ldapuri = 'ldap://%s' % host_name + ldapuri = 'ldap://%s' % ipautil.format_netloc(host_name) conn = None try: conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='cn=config') diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 986fb5e83..a6bd7af37 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -319,7 +319,7 @@ class ReplicationManager(object): return cn def to_ldap_url(self, conn): - return "ldap://%s:%d/" % (conn.host, conn.port) + return "ldap://%s/" % ipautil.format_netloc(conn.host, conn.port) def setup_chaining_farm(self, conn): try: @@ -544,7 +544,7 @@ class ReplicationManager(object): dn = 'cn=%s,cn=mapping tree,cn=config' % esc1_suffix # TODO: should we detect proto/port somehow ? mod = [(ldap.MOD_DELETE, 'nsslapd-referral', - 'ldap://%s:389/%s' % (hostname, esc2_suffix))] + 'ldap://%s/%s' % (ipautil.format_netloc(hostname, 389), esc2_suffix))] try: self.conn.modify_s(dn, mod) @@ -700,7 +700,7 @@ class ReplicationManager(object): self.ad_suffix = "" try: # Validate AD connection - ad_conn = ldap.initialize('ldap://%s' % ad_dc_name) + ad_conn = ldap.initialize('ldap://%s' % ipautil.format_netloc(ad_dc_name)) #the next one is to workaround bugs arounf opendalp libs+NSS db ad_conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0) ad_conn.set_option(ldap.OPT_X_TLS_CACERTFILE, cacert) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index 4de09f1e5..5477417ac 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -34,6 +34,7 @@ from ldap.controls import LDAPControl,DecodeControlTuples,EncodeControlTuples from ldap.ldapobject import SimpleLDAPObject from ipaserver import ipautil from ipalib import errors +from ipapython.ipautil import format_netloc # Global variable to define SASL auth SASL_AUTH = ldap.sasl.sasl({},'GSSAPI') @@ -215,12 +216,12 @@ class IPAdmin(SimpleLDAPObject): its own encryption. """ if self.cacert is not None: - SimpleLDAPObject.__init__(self,'ldaps://%s:%d' % (self.host,self.port)) + SimpleLDAPObject.__init__(self,'ldaps://%s' % format_netloc(self.host, self.port)) else: if self.ldapi: SimpleLDAPObject.__init__(self,'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % "-".join(self.realm.split("."))) else: - SimpleLDAPObject.__init__(self,'ldap://%s:%d' % (self.host,self.port)) + SimpleLDAPObject.__init__(self,'ldap://%s' % format_netloc(self.host, self.port)) def __init__(self,host='',port=389,cacert=None,bindcert=None,bindkey=None,proxydn=None,debug=None,ldapi=False,realm=None): """We just set our instance variables and wrap the methods - the real @@ -330,7 +331,7 @@ class IPAdmin(SimpleLDAPObject): raise errors.DatabaseError(desc=desc,info=info) def toLDAPURL(self): - return "ldap://%s:%d/" % (self.host,self.port) + return "ldap://%s/" % format_netloc(self.host, self.port) def set_proxydn(self, proxydn): self.proxydn = proxydn |