diff options
| author | Tomas Krizek <tkrizek@redhat.com> | 2016-10-05 17:42:32 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-11-07 11:34:03 +0100 |
| commit | de58a5c60596de8b45c8016c3318bac78305477a (patch) | |
| tree | 80ea270b7dd694ab2ecd6404526e156858758260 /ipaserver | |
| parent | 5760b7e983da6bda8f5383d9079551e4acb4c2da (diff) | |
| download | freeipa-de58a5c60596de8b45c8016c3318bac78305477a.tar.gz freeipa-de58a5c60596de8b45c8016c3318bac78305477a.tar.xz freeipa-de58a5c60596de8b45c8016c3318bac78305477a.zip | |
ipaldap: merge simple_bind into LDAPClient
* Use LDAPClient.simple_bind instead of extra call to IPAdmin.do_simple_bind
* Rename binddn to bind_dn
* Rename bindpw to bind_password
* Explicitly specify bind_dn in all calls
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/cainstance.py | 4 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 13 | ||||
| -rw-r--r-- | ipaserver/install/ldapupdate.py | 4 | ||||
| -rw-r--r-- | ipaserver/install/replication.py | 12 | ||||
| -rw-r--r-- | ipaserver/install/server/replicainstall.py | 6 |
5 files changed, 21 insertions, 18 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index f115624bc..e6a7e24f6 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1500,8 +1500,8 @@ def replica_ca_install_check(config): with ipaldap.LDAPClient(ca_ldap_url, start_tls=True, force_schema_updates=False) as connection: - connection.simple_bind(DN(('cn', 'Directory Manager')), - config.dirman_password) + connection.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=config.dirman_password) rschema = connection.schema result = rschema.get_obj(ldap.schema.models.ObjectClass, objectclass) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index aaaba0788..c18a8f329 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -659,8 +659,8 @@ class DsInstance(service.Service): root_logger.debug("Waiting for memberof task to complete.") conn = ipaldap.IPAdmin(self.fqdn) if self.dm_password: - conn.do_simple_bind( - DN(('cn', 'directory manager')), self.dm_password) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=self.dm_password) else: conn.do_sasl_gssapi_bind() replication.wait_for_task(conn, dn) @@ -794,7 +794,8 @@ class DsInstance(service.Service): 'restart_dirsrv %s' % self.serverid) conn = ipaldap.IPAdmin(self.fqdn) - conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=self.dm_password) mod = [(ldap.MOD_REPLACE, "nsSSLClientAuth", "allowed"), (ldap.MOD_REPLACE, "nsSSL3Ciphers", "default"), @@ -830,7 +831,8 @@ class DsInstance(service.Service): trust_flags = dict(reversed(dsdb.list_certs())) conn = ipaldap.IPAdmin(self.fqdn) - conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=self.dm_password) nicknames = dsdb.find_root_cert(self.cacert_name)[:-1] for nickname in nicknames: @@ -853,7 +855,8 @@ class DsInstance(service.Service): subject_base=self.subject_base) conn = ipaldap.IPAdmin(self.fqdn) - conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=self.dm_password) self.import_ca_certs(dsdb, self.ca_is_configured, conn) diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index 8744caa2b..5f8eb79c9 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -59,8 +59,8 @@ def connect(ldapi=False, realm=None, fqdn=None, dm_password=None, pw_name=None): conn = ipaldap.IPAdmin(fqdn, ldapi=False, realm=realm, decode_attrs=False) try: if dm_password: - conn.do_simple_bind(binddn=DN(('cn', 'directory manager')), - bindpw=dm_password) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=dm_password) elif os.getegid() == 0: try: # autobind diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index fcd0b320a..5e1b11366 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -117,7 +117,8 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd): """ conn = ipaldap.IPAdmin(hostname, realm=realm, ldapi=True) if dirman_passwd: - conn.do_simple_bind(bindpw=dirman_passwd) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=dirman_passwd) else: conn.do_sasl_gssapi_bind() entry = conn.get_entry(DN(('cn', 'IPA Version Replication'), @@ -217,7 +218,8 @@ class ReplicationManager(object): else: self.conn = ipaldap.IPAdmin(hostname, port=port, cacert=CACERT) if dirman_passwd: - self.conn.do_simple_bind(bindpw=dirman_passwd) + self.conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=dirman_passwd) else: self.conn.do_sasl_gssapi_bind() else: @@ -1009,7 +1011,7 @@ class ReplicationManager(object): start_tls=True) if r_bindpw: - r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw) + r_conn.simple_bind(r_binddn, r_bindpw) else: r_conn.do_sasl_gssapi_bind() @@ -1115,7 +1117,7 @@ class ReplicationManager(object): def convert_to_gssapi_replication(self, r_hostname, r_binddn, r_bindpw): r_conn = ipaldap.IPAdmin(r_hostname, port=PORT, cacert=CACERT) if r_bindpw: - r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw) + r_conn.simple_bind(r_binddn, r_bindpw) else: r_conn.do_sasl_gssapi_bind() @@ -1145,7 +1147,7 @@ class ReplicationManager(object): # allow connections using two different CA certs r_conn = ipaldap.IPAdmin(r_hostname, port=PORT, cacert=CACERT) if r_bindpw: - r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw) + r_conn.simple_bind(r_binddn, r_bindpw) else: r_conn.do_sasl_gssapi_bind() diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 683dfb508..b016dbd19 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -51,8 +51,6 @@ from .common import BaseServer if six.PY3: unicode = str -DIRMAN_DN = DN(('cn', 'directory manager')) - def get_dirman_password(): return installutils.read_password("Directory Manager (existing master)", @@ -637,7 +635,7 @@ def install_check(installer): replman = None try: # Try out the password - conn.connect(bind_dn=DIRMAN_DN, bind_pw=config.dirman_password, + conn.connect(bind_dn=ipaldap.DIRMAN_DN, bind_pw=config.dirman_password, tls_cacertfile=cafile) replman = ReplicationManager(config.realm_name, config.master_host_name, @@ -791,7 +789,7 @@ def install(installer): remote_api = installer._remote_api conn = remote_api.Backend.ldap2 try: - conn.connect(bind_dn=DIRMAN_DN, bind_pw=config.dirman_password, + conn.connect(bind_dn=ipaldap.DIRMAN_DN, bind_pw=config.dirman_password, tls_cacertfile=cafile) # Install CA cert so that we can do SSL connections with ldap |