diff options
author | Nathaniel McCallum <npmccallum@redhat.com> | 2014-05-28 11:38:40 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-06-26 15:55:24 +0200 |
commit | 14b38b7704778b4000a7b1b31d78fbb6b45e647b (patch) | |
tree | 13408e8d9f6204e7f311592bd4c1ab7f284a6744 /ipaserver/plugins/ldap2.py | |
parent | 1c94edd3a09711d85ba099bd815c0bdd8f0210c1 (diff) | |
download | freeipa-14b38b7704778b4000a7b1b31d78fbb6b45e647b.tar.gz freeipa-14b38b7704778b4000a7b1b31d78fbb6b45e647b.tar.xz freeipa-14b38b7704778b4000a7b1b31d78fbb6b45e647b.zip |
Add /session/token_sync POST support
This HTTP call takes the following parameters:
* user
* password
* first_code
* second_code
* token (optional)
Using this information, the server will perform token synchronization.
If the token is not specified, all tokens will be searched for synchronization.
Otherwise, only the token specified will be searched.
https://fedorahosted.org/freeipa/ticket/4218
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipaserver/plugins/ldap2.py')
-rw-r--r-- | ipaserver/plugins/ldap2.py | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 29bb20d41..9ecd0b87c 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -93,7 +93,7 @@ class ldap2(LDAPClient, CrudBackend): def create_connection(self, ccache=None, bind_dn=None, bind_pw='', tls_cacertfile=None, tls_certfile=None, tls_keyfile=None, - debug_level=0, autobind=False): + debug_level=0, autobind=False, serverctrls=None, clientctrls=None): """ Connect to LDAP server. @@ -151,16 +151,22 @@ class ldap2(LDAPClient, CrudBackend): context=krbV.default_context()).principal().name os.environ['KRB5CCNAME'] = ccache - conn.sasl_interactive_bind_s(None, SASL_GSSAPI) + conn.sasl_interactive_bind_s(None, SASL_GSSAPI, + serverctrls=serverctrls, + clientctrls=clientctrls) setattr(context, 'principal', principal) else: # no kerberos ccache, use simple bind or external sasl if autobind: pent = pwd.getpwuid(os.geteuid()) auth_tokens = _ldap.sasl.external(pent.pw_name) - conn.sasl_interactive_bind_s(None, auth_tokens) + conn.sasl_interactive_bind_s(None, auth_tokens, + serverctrls=serverctrls, + clientctrls=clientctrls) else: - conn.simple_bind_s(bind_dn, bind_pw) + conn.simple_bind_s(bind_dn, bind_pw, + serverctrls=serverctrls, + clientctrls=clientctrls) return conn |