diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2014-07-02 16:30:18 +0300 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-07-04 08:13:23 +0200 |
| commit | a9fe37e0664079ad2da7b0d9b9b7c7e244a25bf9 (patch) | |
| tree | 6f1b2e235ae7dfbce579e9dbf4367940e03a837f /ipapython | |
| parent | 76ec9384fb112ee528c5198af0261182f1ad049e (diff) | |
| download | freeipa-a9fe37e0664079ad2da7b0d9b9b7c7e244a25bf9.tar.gz freeipa-a9fe37e0664079ad2da7b0d9b9b7c7e244a25bf9.tar.xz freeipa-a9fe37e0664079ad2da7b0d9b9b7c7e244a25bf9.zip | |
ipa-ldap-updater: make possible to use LDAPI with autobind in case of hardened LDAP configuration
When nsslapd-minssf is greater than 0, running as root
ipa-ldap-updater [-l]
will fail even if we force use of autobind for root over LDAPI.
The reason for this is that schema updater doesn't get ldapi flag passed and
attempts to connect to LDAP port instead and for hardened configurations
using simple bind over LDAP is not enough.
Additionally, report properly previously unhandled LDAP exceptions.
https://fedorahosted.org/freeipa/ticket/3468
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/ipaldap.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index 44918c39a..2818f787b 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -1204,6 +1204,10 @@ class LDAPClient(object): pass except ldap.CONNECT_ERROR: raise errors.DatabaseError(desc=desc, info=info) + except ldap.UNWILLING_TO_PERFORM: + raise errors.DatabaseError(desc=desc, info=info) + except ldap.AUTH_UNKNOWN: + raise errors.ACIError(info='%s (%s)' % (info,desc)) except ldap.LDAPError, e: if 'NOT_ALLOWED_TO_DELEGATE' in info: raise errors.ACIError( |