Add /session/token_sync POST support

This HTTP call takes the following parameters: * user * password * first_code * second_code * token (optional) Using this information, the server will perform token synchronization. If the token is not specified, all tokens will be searched for synchronization. Otherwise, only the token specified will be searched. https://fedorahosted.org/freeipa/ticket/4218 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
author: Nathaniel McCallum <npmccallum@redhat.com> 2014-05-28 11:38:40 -0400
committer: Martin Kosek <mkosek@redhat.com> 2014-06-26 15:55:24 +0200
commit: 14b38b7704778b4000a7b1b31d78fbb6b45e647b (patch)
tree: 13408e8d9f6204e7f311592bd4c1ab7f284a6744 /ipaserver/plugins/ldap2.py
parent: 1c94edd3a09711d85ba099bd815c0bdd8f0210c1 (diff)
download: freeipa-14b38b7704778b4000a7b1b31d78fbb6b45e647b.tar.gz
freeipa-14b38b7704778b4000a7b1b31d78fbb6b45e647b.tar.xz
freeipa-14b38b7704778b4000a7b1b31d78fbb6b45e647b.zip
1 files changed, 10 insertions, 4 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 29bb20d41..9ecd0b87c 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -93,7 +93,7 @@ class ldap2(LDAPClient, CrudBackend):
 
     def create_connection(self, ccache=None, bind_dn=None, bind_pw='',
             tls_cacertfile=None, tls_certfile=None, tls_keyfile=None,
-            debug_level=0, autobind=False):
+            debug_level=0, autobind=False, serverctrls=None, clientctrls=None):
         """
         Connect to LDAP server.
 
@@ -151,16 +151,22 @@ class ldap2(LDAPClient, CrudBackend):
                         context=krbV.default_context()).principal().name
 
                 os.environ['KRB5CCNAME'] = ccache
-                conn.sasl_interactive_bind_s(None, SASL_GSSAPI)
+                conn.sasl_interactive_bind_s(None, SASL_GSSAPI,
+                                             serverctrls=serverctrls,
+                                             clientctrls=clientctrls)
                 setattr(context, 'principal', principal)
             else:
                 # no kerberos ccache, use simple bind or external sasl
                 if autobind:
                     pent = pwd.getpwuid(os.geteuid())
                     auth_tokens = _ldap.sasl.external(pent.pw_name)
-                    conn.sasl_interactive_bind_s(None, auth_tokens)
+                    conn.sasl_interactive_bind_s(None, auth_tokens,
+                                                 serverctrls=serverctrls,
+                                                 clientctrls=clientctrls)
                 else:
-                    conn.simple_bind_s(bind_dn, bind_pw)
+                    conn.simple_bind_s(bind_dn, bind_pw,
+                                       serverctrls=serverctrls,
+                                       clientctrls=clientctrls)
 
         return conn
author	Nathaniel McCallum <npmccallum@redhat.com>	2014-05-28 11:38:40 -0400
committer	Martin Kosek <mkosek@redhat.com>	2014-06-26 15:55:24 +0200
commit	14b38b7704778b4000a7b1b31d78fbb6b45e647b (patch)
tree	13408e8d9f6204e7f311592bd4c1ab7f284a6744 /ipaserver/plugins/ldap2.py
parent	1c94edd3a09711d85ba099bd815c0bdd8f0210c1 (diff)
download	freeipa-14b38b7704778b4000a7b1b31d78fbb6b45e647b.tar.gz freeipa-14b38b7704778b4000a7b1b31d78fbb6b45e647b.tar.xz freeipa-14b38b7704778b4000a7b1b31d78fbb6b45e647b.zip