From 1ee66ffe03a0616c65215bc751a7ef6e674780ef Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Tue, 29 Jan 2013 12:01:36 -0500
Subject: Remove IPAdmin.sasl_interactive_bind_s

Also, rename remaining uses of SASL_AUTH to SASL_GSSAPI to better
reflect what it is.

Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
---
 ipaserver/dcerpc.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'ipaserver/dcerpc.py')

diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index 140e26f77..a0c6e6919 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -441,15 +441,12 @@ class DomainValidator(object):
         if auth:
             (ccache_name, principal) = self.__kinit_as_trusted_account(info, auth)
             if ccache_name:
-                cb_info = dict()
-                # pass empty dict, SASL GSSAPI is able to get all from the ccache
-                sasl_auth = _ldap.sasl.sasl(cb_info,'GSSAPI')
                 old_ccache = os.environ.get('KRB5CCNAME')
                 os.environ["KRB5CCNAME"] = ccache_name
                 # OPT_X_SASL_NOCANON is used to avoid hard requirement for PTR
                 # records pointing back to the same host name
                 conn.set_option(_ldap.OPT_X_SASL_NOCANON, _ldap.OPT_ON)
-                conn.sasl_interactive_bind_s(None, sasl_auth)
+                conn.do_sasl_gssapi_bind()
                 if basedn is None:
                     # Use domain root base DN
                     basedn = DN(*map(lambda p: ('dc', p), info['dns_domain'].split('.')))
-- 
cgit