4 files changed, 13 insertions, 12 deletions

diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 19ff1f90..931b1392 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -142,7 +142,7 @@ def list_masters(realm, host, replica, dirman_passwd, verbose):
             if dirman_passwd:
                 conn.do_simple_bind(bindpw=dirman_passwd)
             else:
-                conn.sasl_interactive_bind_s('', ipaldap.sasl_auth)
+                conn.do_sasl_gssapi_bind()
 
             dn = 'cn=masters,cn=ipa,cn=etc,%s' % util.realm_to_suffix(realm)
             entries = conn.search_s(dn, ldap.SCOPE_ONELEVEL)
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 1f1598a4..402577f1 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -39,8 +39,6 @@ TIMEOUT = 120
 IPA_REPLICA = 1
 WINSYNC = 2
 
-SASL_AUTH = ldap.sasl.sasl({}, 'GSSAPI')
-
 def check_replication_plugin():
     """
     Confirm that the 389-ds replication is installed.
@@ -64,7 +62,7 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd):
     if dirman_passwd:
         conn.do_simple_bind(bindpw=dirman_passwd)
     else:
-        conn.sasl_interactive_bind_s('', SASL_AUTH)
+        conn.do_sasl_gssapi_bind()
     entry = conn.search_s('cn=IPA Version Replication,cn=plugins,cn=config', ldap.SCOPE_BASE, 'objectclass=*')
     if entry[0].getValue('nsslapd-pluginenabled') == 'off':
         conn.modify_s(entry[0].dn, [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'on')])
@@ -90,7 +88,7 @@ class ReplicationManager:
         if dirman_passwd:
             self.conn.do_simple_bind(bindpw=dirman_passwd)
         else:
-            self.conn.sasl_interactive_bind_s('', SASL_AUTH)
+            self.conn.do_sasl_gssapi_bind()
 
         self.repl_man_passwd = dirman_passwd
 
@@ -605,7 +603,7 @@ class ReplicationManager:
         if r_bindpw:
             r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw)
         else:
-            r_conn.sasl_interactive_bind_s('', SASL_AUTH)
+            r_conn.do_sasl_gssapi_bind()
 
         #Setup the first half
         l_id = self._get_replica_id(self.conn, r_conn)
@@ -684,7 +682,7 @@ class ReplicationManager:
         if r_bindpw:
             r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw)
         else:
-            r_conn.sasl_interactive_bind_s('', SASL_AUTH)
+            r_conn.do_sasl_gssapi_bind()
 
         # First off make sure servers are in sync so that both KDCs
         # have all princiapls and their passwords and can release
@@ -714,7 +712,7 @@ class ReplicationManager:
         if r_bindpw:
             r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw)
         else:
-            r_conn.sasl_interactive_bind_s('', SASL_AUTH)
+            r_conn.do_sasl_gssapi_bind()
 
         # Allow krb principals to act as replicas
         self.setup_krb_princs_as_replica_binddns(self.conn, r_conn)
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 41b22141..ec4855f8 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -31,7 +31,6 @@ import datetime
 from ipaserver.install import installutils
 
 CACERT = "/etc/ipa/ca.crt"
-SASL_AUTH = ldap.sasl.sasl({}, 'GSSAPI')
 
 SERVICE_LIST = {
     'KDC':('krb5kdc', 10),
@@ -299,7 +298,7 @@ class Service:
             if dm_password:
                 conn.do_simple_bind(bindpw=dm_password)
             else:
-                conn.sasl_interactive_bind_s('', SASL_AUTH)
+                conn.do_sasl_gssapi_bind_()
         except Exception, e:
             logging.debug("Could not connect to the Directory Server on %s: %s" % (fqdn, str(e)))
             raise e
diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index d2d3d98a..b72a43ee 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -36,7 +36,7 @@ from ipaserver import ipautil
 from ipalib import errors
 
 # Global variable to define SASL auth
-sasl_auth = ldap.sasl.sasl({},'GSSAPI')
+SASL_AUTH = ldap.sasl.sasl({},'GSSAPI')
 
 class Entry:
     """
@@ -338,7 +338,7 @@ class IPAdmin(SimpleLDAPObject):
         try:
             if krbccache is not None:
                 os.environ["KRB5CCNAME"] = krbccache
-                self.sasl_interactive_bind_s("", sasl_auth)
+                self.sasl_interactive_bind_s("", SASL_AUTH)
                 self.principal = principal
             self.proxydn = None
         except ldap.LDAPError, e:
@@ -350,6 +350,10 @@ class IPAdmin(SimpleLDAPObject):
         self.simple_bind_s(binddn, bindpw)
         self.__lateinit()
 
+    def do_sasl_gssapi_bind(self):
+        self.sasl_interactive_bind_s('', SASL_AUTH)
+        self.__lateinit()
+
     def do_external_bind(self, user_name=None):
         auth_tokens = ldap.sasl.external(user_name)
         self.sasl_interactive_bind_s("", auth_tokens)