diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2013-04-25 15:14:34 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2013-11-18 16:54:21 +0100 |
| commit | 070868f4357e6e80c45a76a98313f9591ebc56f7 (patch) | |
| tree | 709cf997e19145e8d32c24110cf0bd18198ad40a /ipaserver | |
| parent | e8fc70f149d73a5e822f488f4e96be4e71a2c424 (diff) | |
| download | freeipa.git-070868f4357e6e80c45a76a98313f9591ebc56f7.tar.gz freeipa.git-070868f4357e6e80c45a76a98313f9591ebc56f7.tar.xz freeipa.git-070868f4357e6e80c45a76a98313f9591ebc56f7.zip | |
ldapupdate: Factor out connection code
The connection code will be the same for both the LDAP updater
and the new schema updater.
Preparation for: https://fedorahosted.org/freeipa/ticket/3454
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/ldapupdate.py | 76 |
1 files changed, 36 insertions, 40 deletions
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index 9140231c..69eb1895 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -49,6 +49,35 @@ from ipaserver.install.plugins import PRE_UPDATE, POST_UPDATE from ipaserver.plugins import ldap2 +def connect(ldapi=False, realm=None, fqdn=None, dm_password=None, pw_name=None): + """Create a connection for updates""" + if ldapi: + conn = ipaldap.IPAdmin(ldapi=True, realm=realm) + else: + conn = ipaldap.IPAdmin(fqdn, ldapi=False, realm=realm) + try: + if dm_password: + conn.do_simple_bind(binddn=DN(('cn', 'directory manager')), + bindpw=dm_password) + elif os.getegid() == 0: + try: + # autobind + conn.do_external_bind(pw_name) + except errors.NotFound: + # Fall back + conn.do_sasl_gssapi_bind() + else: + conn.do_sasl_gssapi_bind() + except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN): + raise RuntimeError("Unable to connect to LDAP server %s" % fqdn) + except ldap.INVALID_CREDENTIALS: + raise RuntimeError( + "The password provided is incorrect for LDAP server %s" % fqdn) + except ldap.LOCAL_ERROR, e: + raise RuntimeError('%s' % e.args[0].get('info', '').strip()) + return conn + + class BadSyntax(installutils.ScriptError): def __init__(self, value): self.value = value @@ -187,26 +216,10 @@ class LDAPUpdate: if online: # Try out the connection/password - try: - conn = ipaldap.IPAdmin(fqdn, ldapi=self.ldapi, realm=self.realm) - if self.dm_password: - conn.do_simple_bind(binddn=DN(('cn', 'directory manager')), bindpw=self.dm_password) - elif os.getegid() == 0: - try: - # autobind - conn.do_external_bind(self.pw_name) - except errors.NotFound: - # Fall back - conn.do_sasl_gssapi_bind() - else: - conn.do_sasl_gssapi_bind() - conn.unbind() - except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN): - raise RuntimeError("Unable to connect to LDAP server %s" % fqdn) - except ldap.INVALID_CREDENTIALS: - raise RuntimeError("The password provided is incorrect for LDAP server %s" % fqdn) - except ldap.LOCAL_ERROR, e: - raise RuntimeError('%s' % e.args[0].get('info', '').strip()) + # (This will raise if the server is not available) + self.create_connection() + self.conn.unbind() + self.conn = None else: raise RuntimeError("Offline updates are not supported.") @@ -885,26 +898,9 @@ class LDAPUpdate: def create_connection(self): if self.online: - if self.ldapi: - self.conn = ipaldap.IPAdmin(ldapi=True, realm=self.realm) - else: - self.conn = ipaldap.IPAdmin(self.sub_dict['FQDN'], - ldapi=False, - realm=self.realm) - try: - if self.dm_password: - self.conn.do_simple_bind(binddn=DN(('cn', 'directory manager')), bindpw=self.dm_password) - elif os.getegid() == 0: - try: - # autobind - self.conn.do_external_bind(self.pw_name) - except errors.NotFound: - # Fall back - self.conn.do_sasl_gssapi_bind() - else: - self.conn.do_sasl_gssapi_bind() - except ldap.LOCAL_ERROR, e: - raise RuntimeError('%s' % e.args[0].get('info', '').strip()) + self.conn = connect( + ldapi=self.ldapi, realm=self.realm, fqdn=self.sub_dict['FQDN'], + dm_password=self.dm_password, pw_name=self.pw_name) else: raise RuntimeError("Offline updates are not supported.") |