diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-09-30 16:52:30 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-09-30 16:53:59 +0200 |
| commit | 00cffce6c2ba0121188326535d6c9cd244a4ae5b (patch) | |
| tree | c23b640c15773e3c30ecfdf86a88a835c9e6d9b0 /ipapython/ipautil.py | |
| parent | 8f2e3333952edcce8d27a4d8fc23386908819030 (diff) | |
| download | freeipa-00cffce6c2ba0121188326535d6c9cd244a4ae5b.tar.gz freeipa-00cffce6c2ba0121188326535d6c9cd244a4ae5b.tar.xz freeipa-00cffce6c2ba0121188326535d6c9cd244a4ae5b.zip | |
ipa-client assumes a single namingcontext
When LDAP server contains more that one suffixes, the ipa client
installation does not detect it as IPA server and fails to install.
Fix ipa server discovery so that it correctly searches all naming
contexts for the IPA one.
https://fedorahosted.org/freeipa/ticket/1868
Diffstat (limited to 'ipapython/ipautil.py')
| -rw-r--r-- | ipapython/ipautil.py | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 72cf400f9..cfc979edb 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -22,6 +22,8 @@ PLUGINS_SHARE_DIR = "/usr/share/ipa/plugins" GEN_PWD_LEN = 12 +IPA_BASEDN_INFO = 'ipa v2.0' + import string import tempfile import logging @@ -33,6 +35,7 @@ import stat import shutil import urllib2 import socket +import ldap from ipapython import ipavalidate from types import * @@ -1126,3 +1129,37 @@ def bind_port_responder(port, socket_stream=True, socket_timeout=None, responder s.sendto(responder_data, addr) finally: s.close() + +def get_ipa_basedn(conn): + """ + Get base DN of IPA suffix in given LDAP server. + + None is returned if the suffix is not found + + :param conn: Bound LDAP connection that will be used for searching + """ + entries = conn.search_ext_s( + '', scope=ldap.SCOPE_BASE, attrlist=['namingcontexts'] + ) + + contexts = entries[0][1]['namingcontexts'] + for context in contexts: + logging.debug("Check if naming context '%s' is for IPA" % context) + try: + entry = conn.search_s(context, ldap.SCOPE_BASE, "(info=IPA*)") + except ldap.NO_SUCH_OBJECT: + logging.debug("LDAP server did not return info attribute to check for IPA version") + continue + if len(entry) == 0: + logging.debug("Info attribute with IPA server version not found") + continue + info = entry[0][1]['info'][0].lower() + if info != IPA_BASEDN_INFO: + logging.debug("Detected IPA server version (%s) did not match the client (%s)" \ + % (info, IPA_BASEDN_INFO)) + continue + logging.debug("Naming context '%s' is a valid IPA context" % context) + return context + + return None + |