diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-11-21 20:14:12 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-04-16 06:58:31 +0000 |
| commit | 32505157ea34bfc9f807ff7c8d3e5962f4581475 (patch) | |
| tree | afa706033841b98e865329585d846cdb697d4c8c /ipaserver | |
| parent | 232e04d861416a0b154ecda9a82e188b56eb9ba9 (diff) | |
| download | freeipa-32505157ea34bfc9f807ff7c8d3e5962f4581475.tar.gz freeipa-32505157ea34bfc9f807ff7c8d3e5962f4581475.tar.xz freeipa-32505157ea34bfc9f807ff7c8d3e5962f4581475.zip | |
ldap: Use LDAPClient bind and unbind methods in ldap2
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/plugins/ldap2.py | 62 |
1 files changed, 28 insertions, 34 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 98b038ab9..1e103dcfb 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -162,47 +162,41 @@ class ldap2(LDAPClient, CrudBackend): conn.set_option(_ldap.OPT_X_SASL_SSF_MIN, minssf) if maxssf < minssf: conn.set_option(_ldap.OPT_X_SASL_SSF_MAX, minssf) - if ccache is not None: - if isinstance(ccache, krbV.CCache): - principal = ccache.principal().name - # Get a fully qualified CCACHE name (schema+name) - # As we do not use the krbV.CCache object later, - # we can safely overwrite it - ccache = "%(type)s:%(name)s" % dict(type=ccache.type, - name=ccache.name) - else: - principal = krbV.CCache(name=ccache, - context=krbV.default_context()).principal().name - - os.environ['KRB5CCNAME'] = ccache - conn.sasl_interactive_bind_s(None, SASL_GSSAPI, - serverctrls=serverctrls, - clientctrls=clientctrls) - setattr(context, 'principal', principal) + + if ccache is not None: + if isinstance(ccache, krbV.CCache): + principal = ccache.principal().name + # Get a fully qualified CCACHE name (schema+name) + # As we do not use the krbV.CCache object later, + # we can safely overwrite it + ccache = "%(type)s:%(name)s" % dict(type=ccache.type, + name=ccache.name) else: - # no kerberos ccache, use simple bind or external sasl - if autobind: - pent = pwd.getpwuid(os.geteuid()) - auth_tokens = _ldap.sasl.external(pent.pw_name) - conn.sasl_interactive_bind_s(None, auth_tokens, - serverctrls=serverctrls, - clientctrls=clientctrls) - else: - conn.simple_bind_s(bind_dn, bind_pw, - serverctrls=serverctrls, - clientctrls=clientctrls) + principal = krbV.CCache(name=ccache, + context=krbV.default_context()).principal().name + + os.environ['KRB5CCNAME'] = ccache + self.gssapi_bind(server_controls=serverctrls, + client_controls=clientctrls) + setattr(context, 'principal', principal) + else: + # no kerberos ccache, use simple bind or external sasl + if autobind: + pent = pwd.getpwuid(os.geteuid()) + self.external_bind(pent.pw_name, + server_controls=serverctrls, + client_controls=clientctrls) + else: + self.simple_bind(bind_dn, bind_pw, + server_controls=serverctrls, + client_controls=clientctrls) return conn def destroy_connection(self): """Disconnect from LDAP server.""" try: - self.conn.unbind_s() - except _ldap.LDAPError: - # ignore when trying to unbind multiple times - pass - - try: + self.unbind() LDAPClient._disconnect(self) except errors.PublicError: # ignore when trying to unbind multiple times |