summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/baseldap.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib/plugins/baseldap.py')
-rw-r--r--ipalib/plugins/baseldap.py26
1 files changed, 26 insertions, 0 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 1ff7a2a..94f5738 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -36,6 +36,12 @@ from ipalib.util import json_serialize
from ipalib.dn import *
global_output_params = (
+ Flag('has_keytab',
+ label=_('Keytab'),
+ ),
+ Flag('has_password',
+ label=_('Password'),
+ ),
Str('member',
label=_('Failed members'),
),
@@ -319,6 +325,7 @@ class LDAPObject(Object):
uuid_attribute = ''
attribute_members = {}
rdnattr = None
+ password_attributes = []
# Can bind as this entry (has userPassword or krbPrincipalKey)
bindable = False
relationships = {
@@ -407,6 +414,25 @@ class LDAPObject(Object):
)
del entry_attrs[attr]
+ def get_password_attributes(self, ldap, dn, entry_attrs):
+ """
+ Search on the entry to determine if it has a password or
+ keytab set.
+
+ A tuple is used to determine which attribute is set
+ in entry_attrs. The value is set to True/False whether a
+ given password type is set.
+ """
+ for (pwattr, attr) in self.password_attributes:
+ search_filter = '(%s=*)' % pwattr
+ try:
+ (entries, truncated) = ldap.find_entries(
+ search_filter, [pwattr], dn, ldap.SCOPE_BASE
+ )
+ entry_attrs[attr] = True
+ except errors.NotFound:
+ entry_attrs[attr] = False
+
def handle_not_found(self, *keys):
pkey = ''
if self.primary_key: