From 00cffce6c2ba0121188326535d6c9cd244a4ae5b Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Fri, 30 Sep 2011 16:52:30 +0200
Subject: ipa-client assumes a single namingcontext

When LDAP server contains more that one suffixes, the ipa client
installation does not detect it as IPA server and fails to install.
Fix ipa server discovery so that it correctly searches all naming
contexts for the IPA one.

https://fedorahosted.org/freeipa/ticket/1868
---
 ipapython/ipautil.py | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

(limited to 'ipapython/ipautil.py')

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 72cf400f9..cfc979edb 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -22,6 +22,8 @@ PLUGINS_SHARE_DIR = "/usr/share/ipa/plugins"
 
 GEN_PWD_LEN = 12
 
+IPA_BASEDN_INFO = 'ipa v2.0'
+
 import string
 import tempfile
 import logging
@@ -33,6 +35,7 @@ import stat
 import shutil
 import urllib2
 import socket
+import ldap
 
 from ipapython import ipavalidate
 from types import *
@@ -1126,3 +1129,37 @@ def bind_port_responder(port, socket_stream=True, socket_timeout=None, responder
                 s.sendto(responder_data, addr)
     finally:
         s.close()
+
+def get_ipa_basedn(conn):
+    """
+    Get base DN of IPA suffix in given LDAP server.
+
+    None is returned if the suffix is not found
+
+    :param conn: Bound LDAP connection that will be used for searching
+    """
+    entries = conn.search_ext_s(
+        '', scope=ldap.SCOPE_BASE, attrlist=['namingcontexts']
+    )
+
+    contexts = entries[0][1]['namingcontexts']
+    for context in contexts:
+        logging.debug("Check if naming context '%s' is for IPA" % context)
+        try:
+            entry = conn.search_s(context, ldap.SCOPE_BASE, "(info=IPA*)")
+        except ldap.NO_SUCH_OBJECT:
+            logging.debug("LDAP server did not return info attribute to check for IPA version")
+            continue
+        if len(entry) == 0:
+            logging.debug("Info attribute with IPA server version not found")
+            continue
+        info = entry[0][1]['info'][0].lower()
+        if info != IPA_BASEDN_INFO:
+            logging.debug("Detected IPA server version (%s) did not match the client (%s)" \
+                % (info, IPA_BASEDN_INFO))
+            continue
+        logging.debug("Naming context '%s' is a valid IPA context" % context)
+        return context
+
+    return None
+
-- 
cgit