diff options
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/replication.py | 12 | ||||
| -rw-r--r-- | ipaserver/install/service.py | 3 | ||||
| -rw-r--r-- | ipaserver/ipaldap.py | 8 |
3 files changed, 12 insertions, 11 deletions
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 1f1598a4..402577f1 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -39,8 +39,6 @@ TIMEOUT = 120 IPA_REPLICA = 1 WINSYNC = 2 -SASL_AUTH = ldap.sasl.sasl({}, 'GSSAPI') - def check_replication_plugin(): """ Confirm that the 389-ds replication is installed. @@ -64,7 +62,7 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd): if dirman_passwd: conn.do_simple_bind(bindpw=dirman_passwd) else: - conn.sasl_interactive_bind_s('', SASL_AUTH) + conn.do_sasl_gssapi_bind() entry = conn.search_s('cn=IPA Version Replication,cn=plugins,cn=config', ldap.SCOPE_BASE, 'objectclass=*') if entry[0].getValue('nsslapd-pluginenabled') == 'off': conn.modify_s(entry[0].dn, [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'on')]) @@ -90,7 +88,7 @@ class ReplicationManager: if dirman_passwd: self.conn.do_simple_bind(bindpw=dirman_passwd) else: - self.conn.sasl_interactive_bind_s('', SASL_AUTH) + self.conn.do_sasl_gssapi_bind() self.repl_man_passwd = dirman_passwd @@ -605,7 +603,7 @@ class ReplicationManager: if r_bindpw: r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw) else: - r_conn.sasl_interactive_bind_s('', SASL_AUTH) + r_conn.do_sasl_gssapi_bind() #Setup the first half l_id = self._get_replica_id(self.conn, r_conn) @@ -684,7 +682,7 @@ class ReplicationManager: if r_bindpw: r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw) else: - r_conn.sasl_interactive_bind_s('', SASL_AUTH) + r_conn.do_sasl_gssapi_bind() # First off make sure servers are in sync so that both KDCs # have all princiapls and their passwords and can release @@ -714,7 +712,7 @@ class ReplicationManager: if r_bindpw: r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw) else: - r_conn.sasl_interactive_bind_s('', SASL_AUTH) + r_conn.do_sasl_gssapi_bind() # Allow krb principals to act as replicas self.setup_krb_princs_as_replica_binddns(self.conn, r_conn) diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 41b22141..ec4855f8 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -31,7 +31,6 @@ import datetime from ipaserver.install import installutils CACERT = "/etc/ipa/ca.crt" -SASL_AUTH = ldap.sasl.sasl({}, 'GSSAPI') SERVICE_LIST = { 'KDC':('krb5kdc', 10), @@ -299,7 +298,7 @@ class Service: if dm_password: conn.do_simple_bind(bindpw=dm_password) else: - conn.sasl_interactive_bind_s('', SASL_AUTH) + conn.do_sasl_gssapi_bind_() except Exception, e: logging.debug("Could not connect to the Directory Server on %s: %s" % (fqdn, str(e))) raise e diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index d2d3d98a..b72a43ee 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -36,7 +36,7 @@ from ipaserver import ipautil from ipalib import errors # Global variable to define SASL auth -sasl_auth = ldap.sasl.sasl({},'GSSAPI') +SASL_AUTH = ldap.sasl.sasl({},'GSSAPI') class Entry: """ @@ -338,7 +338,7 @@ class IPAdmin(SimpleLDAPObject): try: if krbccache is not None: os.environ["KRB5CCNAME"] = krbccache - self.sasl_interactive_bind_s("", sasl_auth) + self.sasl_interactive_bind_s("", SASL_AUTH) self.principal = principal self.proxydn = None except ldap.LDAPError, e: @@ -350,6 +350,10 @@ class IPAdmin(SimpleLDAPObject): self.simple_bind_s(binddn, bindpw) self.__lateinit() + def do_sasl_gssapi_bind(self): + self.sasl_interactive_bind_s('', SASL_AUTH) + self.__lateinit() + def do_external_bind(self, user_name=None): auth_tokens = ldap.sasl.external(user_name) self.sasl_interactive_bind_s("", auth_tokens) |