Enable ldapi connections in the management framework.

If you don't want to use ldapi then you can remove the ldap_uri setting in /etc/ipa/default.conf. The default for the framework is to use ldap://localhost:389/
author: Rob Crittenden <rcritten@redhat.com> 2009-08-26 14:09:36 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2009-08-27 13:36:58 -0400
commit: cab55250760ad1633ed115564f83750fd91e230d (patch)
tree: 059651fa5008c50d17c8b01a1521705bee9f2478 /ipaserver
parent: 08fc563212faeca9aa4dc9339acedcac3751ca5d (diff)
download: freeipa-cab55250760ad1633ed115564f83750fd91e230d.tar.gz
freeipa-cab55250760ad1633ed115564f83750fd91e230d.tar.xz
freeipa-cab55250760ad1633ed115564f83750fd91e230d.zip
2 files changed, 15 insertions, 20 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index d7394e561..061b827bc 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -169,6 +169,7 @@ class DsInstance(service.Service):
         self.step("enabling memberof plugin", self.__add_memberof_module)
         self.step("enabling referential integrity plugin", self.__add_referint_module)
         self.step("enabling winsync plugin", self.__add_winsync_module)
+        self.step("enabling ldapi", self.__enable_ldapi)
         self.step("configuring uniqueness plugin", self.__set_unique_attrs)
         self.step("creating indices", self.__create_indices)
         self.step("configuring ssl for ds instance", self.__enable_ssl)
@@ -374,6 +375,9 @@ class DsInstance(service.Service):
         shutil.copyfile(ipautil.SHARE_DIR + "certmap.conf.template",
                         config_dirname(self.serverid) + "certmap.conf")
 
+    def __enable_ldapi(self):
+        self._ldap_mod("ldapi.ldif", self.sub_dict)
+
     def change_admin_password(self, password):
         logging.debug("Changing admin password")
         dirname = config_dirname(self.serverid)
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 9587cbe2e..6e3c86946 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -115,9 +115,7 @@ def _get_url(host, port, using_cacert=False):
     return 'ldap://%s:%d' % (host, port)
 
 # retrieves LDAP schema from server
-def _load_schema(host, port):
-    url = _get_url(host, port)
-
+def _load_schema(url):
     try:
         conn = _ldap.initialize(url)
         # assume anonymous access is enabled
@@ -136,7 +134,7 @@ def _load_schema(host, port):
     return _ldap.schema.SubSchema(schema_entry[1])
 
 # cache schema when importing module
-_schema = _load_schema(api.env.ldap_host, api.env.ldap_port)
+_schema = _load_schema(api.env.ldap_uri)
 
 def _get_syntax(attr, value):
     schema = api.Backend.ldap2._schema
@@ -164,28 +162,25 @@ class ldap2(CrudBackend, Encoder):
         self.encoder_settings.decode_dict_vals_table = _syntax_mapping
         self.encoder_settings.decode_dict_vals_table_keygen = _get_syntax
         self.encoder_settings.decode_postprocessor = lambda x: string.lower(x)
-        self._host = api.env.ldap_host
-        self._port = api.env.ldap_port
+        self._ldapuri = api.env.ldap_uri
         self._schema = _schema
-        self._ssl = False
         CrudBackend.__init__(self)
 
     def __del__(self):
         self.disconnect()
 
     def __str__(self):
-        return _get_url(self._host, self._port, self._ssl)
+        return self._ldapuri
 
     @encode_args(3, 4, 'bind_dn', 'bind_pw')
-    def create_connection(self, host=None, port=None, ccache=None,
+    def create_connection(self, ldapuri=None, ccache=None,
             bind_dn='', bind_pw='', debug_level=255,
             tls_cacertfile=None, tls_certfile=None, tls_keyfile=None):
         """
         Connect to LDAP server.
 
         Keyword arguments:
-        host -- hostname or IP of the server.
-        port -- port number
+        ldapuri -- the LDAP server to connect to
         ccache -- Kerberos V5 ccache name
         bind_dn -- dn used to bind to the server
         bind_pw -- password used to bind to the server
@@ -196,25 +191,21 @@ class ldap2(CrudBackend, Encoder):
 
         Extends backend.Connectible.create_connection.
         """
-        if host is not None:
-            self._host = host
-        if port is not None:
-            self._port = port
+        if ldapuri is not None:
+            self._ldapuri = ldapuri
 
         # if we don't have this server's schema cached, do it now
-        if self._host != api.env.ldap_host or self._port != api.env.ldap_port:
-            self._schema = _load_schema(self._host, self._port)
+        if self._ldapuri != api.env.ldap_uri:
+            self._schema = _load_schema(self._ldapuri)
 
         if tls_cacertfile is not None:
             _ldap.set_option(_ldap.OPT_X_TLS_CACERTFILE, tls_cacertfile)
-            self._ssl = True
         if tls_certfile is not None:
             _ldap.set_option(_ldap.OPT_X_TLS_CERTFILE, tls_certfile)
-            self._ssl = True
         if tls_keyfile is not None:
             _ldap.set_option(_ldap.OPT_X_TLS_KEYFILE, tls_keyfile)
 
-        conn = _ldap.initialize(str(self))
+        conn = _ldap.initialize(self._ldapuri)
         if ccache is not None:
             os.environ['KRB5CCNAME'] = ccache
             conn.sasl_interactive_bind_s('', _sasl_auth)
author	Rob Crittenden <rcritten@redhat.com>	2009-08-26 14:09:36 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2009-08-27 13:36:58 -0400
commit	cab55250760ad1633ed115564f83750fd91e230d (patch)
tree	059651fa5008c50d17c8b01a1521705bee9f2478 /ipaserver
parent	08fc563212faeca9aa4dc9339acedcac3751ca5d (diff)
download	freeipa-cab55250760ad1633ed115564f83750fd91e230d.tar.gz freeipa-cab55250760ad1633ed115564f83750fd91e230d.tar.xz freeipa-cab55250760ad1633ed115564f83750fd91e230d.zip