diff options
| author | Tomas Krizek <tkrizek@redhat.com> | 2016-11-02 20:31:19 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-11-07 11:34:03 +0100 |
| commit | 41098e3f7bb517f7445ed34d555bc3fb2083c6ce (patch) | |
| tree | 857c7c477abd60f8ccda1f543efd5b257ef68fd9 /ipaserver/plugins | |
| parent | a9585ec563d1e54c3cd7de14789457f72cd00843 (diff) | |
| download | freeipa-41098e3f7bb517f7445ed34d555bc3fb2083c6ce.tar.gz freeipa-41098e3f7bb517f7445ed34d555bc3fb2083c6ce.tar.xz freeipa-41098e3f7bb517f7445ed34d555bc3fb2083c6ce.zip | |
ldap2: modify arguments for create_connection
* Remove unused and obsolete function arguments:
* tls_certfile
* tls_keyfile
* debug_level
* Rename tls_cacertfile to cacert (same as name in LDAPClient)
* Set cacert to constants.CACERT by default.
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/plugins')
| -rw-r--r-- | ipaserver/plugins/ldap2.py | 24 | ||||
| -rw-r--r-- | ipaserver/plugins/migration.py | 8 |
2 files changed, 12 insertions, 20 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 2d08f1c79..82b2dba0e 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -31,7 +31,7 @@ import os import ldap as _ldap -from ipalib import krb_utils +from ipalib import krb_utils, constants from ipapython.dn import DN from ipapython.ipaldap import (LDAPClient, AUTOBIND_AUTO, AUTOBIND_ENABLED, AUTOBIND_DISABLED) @@ -126,8 +126,7 @@ class ldap2(CrudBackend, LDAPClient): return self.ldap_uri def create_connection( - self, ccache=None, bind_dn=None, bind_pw='', tls_cacertfile=None, - tls_certfile=None, tls_keyfile=None, debug_level=0, + self, ccache=None, bind_dn=None, bind_pw='', cacert=None, autobind=AUTOBIND_AUTO, serverctrls=None, clientctrls=None, time_limit=_missing, size_limit=_missing): """ @@ -139,9 +138,7 @@ class ldap2(CrudBackend, LDAPClient): bind_dn -- dn used to bind to the server bind_pw -- password used to bind to the server debug_level -- LDAP debug level option - tls_cacertfile -- TLS CA certificate filename - tls_certfile -- TLS certificate filename - tls_keyfile - TLS bind key filename + cacert -- TLS CA certificate filename autobind - autobind as the current user time_limit, size_limit -- maximum time and size limit for LDAP possible options: @@ -155,23 +152,18 @@ class ldap2(CrudBackend, LDAPClient): if bind_dn is None: bind_dn = DN(('cn', 'directory manager')) assert isinstance(bind_dn, DN) - if tls_cacertfile is not None: - _ldap.set_option(_ldap.OPT_X_TLS_CACERTFILE, tls_cacertfile) - if tls_certfile is not None: - _ldap.set_option(_ldap.OPT_X_TLS_CERTFILE, tls_certfile) - if tls_keyfile is not None: - _ldap.set_option(_ldap.OPT_X_TLS_KEYFILE, tls_keyfile) + + if cacert is None: + cacert = constants.CACERT if time_limit is not _missing: self.time_limit = time_limit if size_limit is not _missing: self.size_limit = size_limit - if debug_level: - _ldap.set_option(_ldap.OPT_DEBUG_LEVEL, debug_level) - client = LDAPClient(self.ldap_uri, - force_schema_updates=self._force_schema_updates) + force_schema_updates=self._force_schema_updates, + cacert=cacert) conn = client._conn with client.error_handler(): diff --git a/ipaserver/plugins/migration.py b/ipaserver/plugins/migration.py index b61ef96d6..5090a2646 100644 --- a/ipaserver/plugins/migration.py +++ b/ipaserver/plugins/migration.py @@ -890,19 +890,19 @@ migration process might be incomplete\n''') cacert = None if options.get('cacertfile') is not None: - #store CA cert into file + # store CA cert into file tmp_ca_cert_f = write_tmp_file(options['cacertfile']) cacert = tmp_ca_cert_f.name - #start TLS connection + # start TLS connection ds_ldap.connect(bind_dn=options['binddn'], bind_pw=bindpw, - tls_cacertfile=cacert) + cacert=cacert) tmp_ca_cert_f.close() else: ds_ldap.connect(bind_dn=options['binddn'], bind_pw=bindpw) - #check whether the compat plugin is enabled + # check whether the compat plugin is enabled if not options.get('compat'): try: ldap.get_entry(DN(('cn', 'compat'), (api.env.basedn))) |