Use ldapi: instead of unsecured ldap: in ipa core tools.

The patch also corrects exception handling in some of the tools.

Fix #874

1 files changed, 7 insertions, 2 deletions

diff --git a/install/migration/migration.py b/install/migration/migration.py
index 6b447f37..ed6ade9e 100644
--- a/install/migration/migration.py
+++ b/install/migration/migration.py
@@ -20,13 +20,14 @@
 Password migration script
 """
 
+import cgi
 import errno
+import glob
 import ldap
-import cgi
 import wsgiref
 
 BASE_DN = ''
-LDAP_URI = 'ldap://localhost:389'
+LDAP_URI = 'ldaps://localhost:636'
 
 def wsgi_redirect(start_response, loc):
     start_response('302 Found', [('Location', loc)])
@@ -83,6 +84,10 @@ def application(environ, start_response):
     if not form_data.has_key('username') or not form_data.has_key('password'):
         return wsgi_redirect(start_response, 'invalid.html')
 
+    slapd_sockets = glob.glob('/var/run/slapd-*.socket')
+    if slapd_sockets:
+        LDAP_URI = 'ldapi://%s' % slapd_sockets[0].replace('/', '%2f')
+
     try:
         bind(form_data['username'].value, form_data['password'].value)
     except IOError as err: