diff options
-rw-r--r-- | install/migration/migration.py | 2 | ||||
-rwxr-xr-x | install/tools/ipa-csreplica-manage | 6 | ||||
-rwxr-xr-x | install/tools/ipa-managed-entries | 6 | ||||
-rwxr-xr-x | install/tools/ipa-replica-manage | 9 | ||||
-rw-r--r-- | ipaclient/ipadiscovery.py | 2 | ||||
-rw-r--r-- | ipapython/ipaldap.py | 11 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 4 | ||||
-rw-r--r-- | ipaserver/install/dsinstance.py | 13 | ||||
-rw-r--r-- | ipaserver/install/ldapupdate.py | 4 | ||||
-rw-r--r-- | ipaserver/install/replication.py | 12 | ||||
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 6 | ||||
-rw-r--r-- | ipatests/test_install/test_updates.py | 3 | ||||
-rw-r--r-- | ipatests/test_integration/host.py | 2 |
13 files changed, 44 insertions, 36 deletions
diff --git a/install/migration/migration.py b/install/migration/migration.py index 1d5e30704..a87b488fc 100644 --- a/install/migration/migration.py +++ b/install/migration/migration.py @@ -49,7 +49,7 @@ def bind(ldap_uri, base_dn, username, password): bind_dn = DN(('uid', username), ('cn', 'users'), ('cn', 'accounts'), base_dn) try: conn = IPAdmin(ldap_uri=ldap_uri) - conn.do_simple_bind(bind_dn, password) + conn.simple_bind(bind_dn, password) except (errors.ACIError, errors.DatabaseError, errors.NotFound) as e: root_logger.error( 'migration invalid credentials for %s: %s' % (bind_dn, e)) diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index 87c1c2a95..b5474eb45 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -94,7 +94,8 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose): try: # connect to main IPA LDAP server conn = ipaldap.IPAdmin(host, 636, cacert=CACERT) - conn.do_simple_bind(bindpw=dirman_passwd) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=dirman_passwd) dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm)) entries = conn.get_entries(dn, conn.SCOPE_ONELEVEL) @@ -295,7 +296,8 @@ def add_link(realm, replica1, replica2, dirman_passwd, options): sys.exit(str(e)) try: conn = ipaldap.IPAdmin(replica2, 636, cacert=CACERT) - conn.do_simple_bind(bindpw=dirman_passwd) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=dirman_passwd) dn = DN(('cn', 'CA'), ('cn', replica2), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm)) diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries index 8a89da8a8..9dc7eae76 100755 --- a/install/tools/ipa-managed-entries +++ b/install/tools/ipa-managed-entries @@ -91,7 +91,8 @@ def main(): if options.dirman_password: try: - conn.do_simple_bind(bindpw=options.dirman_password) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=options.dirman_password) except errors.ACIError: sys.exit("Invalid credentials") else: @@ -101,7 +102,8 @@ def main(): if dirman_password is None: sys.exit("Directory Manager password required") try: - conn.do_simple_bind(bindpw=dirman_password) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=dirman_password) except errors.ACIError: sys.exit("Invalid credentials") except errors.ExecutionError as lde: diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 5ca7f5948..e7c30895b 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -169,7 +169,8 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose, nolookup=False): try: conn = ipaldap.IPAdmin(host, 636, cacert=CACERT) if dirman_passwd: - conn.do_simple_bind(bindpw=dirman_passwd) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=dirman_passwd) else: conn.do_sasl_gssapi_bind() except Exception as e: @@ -628,7 +629,8 @@ def clean_dangling_ruvs(realm, host, options): """ conn = ipaldap.IPAdmin(host, 636, cacert=CACERT) try: - conn.do_simple_bind(bindpw=options.dirman_passwd) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=options.dirman_passwd) # get all masters masters_dn = DN(api.env.container_masters, api.env.basedn) @@ -673,7 +675,8 @@ def clean_dangling_ruvs(realm, host, options): for master_cn, master_info in info.items(): try: conn = ipaldap.IPAdmin(master_cn, 636, cacert=CACERT) - conn.do_simple_bind(bindpw=options.dirman_passwd) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=options.dirman_passwd) master_info['online'] = True except Exception: print("The server '{host}' appears to be offline." diff --git a/ipaclient/ipadiscovery.py b/ipaclient/ipadiscovery.py index 2075c3374..e546ab061 100644 --- a/ipaclient/ipadiscovery.py +++ b/ipaclient/ipadiscovery.py @@ -386,7 +386,7 @@ class IPADiscovery(object): lh = ipaldap.IPAdmin(thost, protocol='ldap', no_schema=True, decode_attrs=False) try: - lh.do_simple_bind(DN(), '') + lh.simple_bind(DN(), '') # get IPA base DN root_logger.debug("Search LDAP server for IPA base DN") diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index 6506bed34..c4f8c7c2e 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -61,6 +61,8 @@ TRUNCATED_SIZE_LIMIT = object() TRUNCATED_TIME_LIMIT = object() TRUNCATED_ADMIN_LIMIT = object() +DIRMAN_DN = DN(('cn', 'directory manager')) + def unicode_from_utf8(val): ''' @@ -1050,6 +1052,7 @@ class LDAPClient(object): def __enter__(self): return self + def __exit__(self, exc_type, exc_value, traceback): self.close() @@ -1075,8 +1078,6 @@ class LDAPClient(object): """ with self.error_handler(): self._flush_schema() - if bind_dn is None: - bind_dn = DN() assert isinstance(bind_dn, DN) bind_dn = str(bind_dn) bind_password = self.encode(bind_password) @@ -1630,10 +1631,6 @@ class IPAdmin(LDAPClient): def __str__(self): return self.host + ":" + str(self.port) - def do_simple_bind(self, binddn=DN(('cn', 'directory manager')), - bindpw=""): - self.simple_bind(binddn, bindpw) - def do_sasl_gssapi_bind(self): self.gssapi_bind() @@ -1642,7 +1639,7 @@ class IPAdmin(LDAPClient): def do_bind(self, dm_password="", autobind=AUTOBIND_AUTO): if dm_password: - self.do_simple_bind(bindpw=dm_password) + self.simple_bind(bind_dn=DIRMAN_DN, bind_password=dm_password) return if autobind != AUTOBIND_DISABLED and os.getegid() == 0 and self.ldapi: try: diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index f115624bc..e6a7e24f6 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1500,8 +1500,8 @@ def replica_ca_install_check(config): with ipaldap.LDAPClient(ca_ldap_url, start_tls=True, force_schema_updates=False) as connection: - connection.simple_bind(DN(('cn', 'Directory Manager')), - config.dirman_password) + connection.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=config.dirman_password) rschema = connection.schema result = rschema.get_obj(ldap.schema.models.ObjectClass, objectclass) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index aaaba0788..c18a8f329 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -659,8 +659,8 @@ class DsInstance(service.Service): root_logger.debug("Waiting for memberof task to complete.") conn = ipaldap.IPAdmin(self.fqdn) if self.dm_password: - conn.do_simple_bind( - DN(('cn', 'directory manager')), self.dm_password) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=self.dm_password) else: conn.do_sasl_gssapi_bind() replication.wait_for_task(conn, dn) @@ -794,7 +794,8 @@ class DsInstance(service.Service): 'restart_dirsrv %s' % self.serverid) conn = ipaldap.IPAdmin(self.fqdn) - conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=self.dm_password) mod = [(ldap.MOD_REPLACE, "nsSSLClientAuth", "allowed"), (ldap.MOD_REPLACE, "nsSSL3Ciphers", "default"), @@ -830,7 +831,8 @@ class DsInstance(service.Service): trust_flags = dict(reversed(dsdb.list_certs())) conn = ipaldap.IPAdmin(self.fqdn) - conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=self.dm_password) nicknames = dsdb.find_root_cert(self.cacert_name)[:-1] for nickname in nicknames: @@ -853,7 +855,8 @@ class DsInstance(service.Service): subject_base=self.subject_base) conn = ipaldap.IPAdmin(self.fqdn) - conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=self.dm_password) self.import_ca_certs(dsdb, self.ca_is_configured, conn) diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index 8744caa2b..5f8eb79c9 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -59,8 +59,8 @@ def connect(ldapi=False, realm=None, fqdn=None, dm_password=None, pw_name=None): conn = ipaldap.IPAdmin(fqdn, ldapi=False, realm=realm, decode_attrs=False) try: if dm_password: - conn.do_simple_bind(binddn=DN(('cn', 'directory manager')), - bindpw=dm_password) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=dm_password) elif os.getegid() == 0: try: # autobind diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index fcd0b320a..5e1b11366 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -117,7 +117,8 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd): """ conn = ipaldap.IPAdmin(hostname, realm=realm, ldapi=True) if dirman_passwd: - conn.do_simple_bind(bindpw=dirman_passwd) + conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=dirman_passwd) else: conn.do_sasl_gssapi_bind() entry = conn.get_entry(DN(('cn', 'IPA Version Replication'), @@ -217,7 +218,8 @@ class ReplicationManager(object): else: self.conn = ipaldap.IPAdmin(hostname, port=port, cacert=CACERT) if dirman_passwd: - self.conn.do_simple_bind(bindpw=dirman_passwd) + self.conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=dirman_passwd) else: self.conn.do_sasl_gssapi_bind() else: @@ -1009,7 +1011,7 @@ class ReplicationManager(object): start_tls=True) if r_bindpw: - r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw) + r_conn.simple_bind(r_binddn, r_bindpw) else: r_conn.do_sasl_gssapi_bind() @@ -1115,7 +1117,7 @@ class ReplicationManager(object): def convert_to_gssapi_replication(self, r_hostname, r_binddn, r_bindpw): r_conn = ipaldap.IPAdmin(r_hostname, port=PORT, cacert=CACERT) if r_bindpw: - r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw) + r_conn.simple_bind(r_binddn, r_bindpw) else: r_conn.do_sasl_gssapi_bind() @@ -1145,7 +1147,7 @@ class ReplicationManager(object): # allow connections using two different CA certs r_conn = ipaldap.IPAdmin(r_hostname, port=PORT, cacert=CACERT) if r_bindpw: - r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw) + r_conn.simple_bind(r_binddn, r_bindpw) else: r_conn.do_sasl_gssapi_bind() diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 683dfb508..b016dbd19 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -51,8 +51,6 @@ from .common import BaseServer if six.PY3: unicode = str -DIRMAN_DN = DN(('cn', 'directory manager')) - def get_dirman_password(): return installutils.read_password("Directory Manager (existing master)", @@ -637,7 +635,7 @@ def install_check(installer): replman = None try: # Try out the password - conn.connect(bind_dn=DIRMAN_DN, bind_pw=config.dirman_password, + conn.connect(bind_dn=ipaldap.DIRMAN_DN, bind_pw=config.dirman_password, tls_cacertfile=cafile) replman = ReplicationManager(config.realm_name, config.master_host_name, @@ -791,7 +789,7 @@ def install(installer): remote_api = installer._remote_api conn = remote_api.Backend.ldap2 try: - conn.connect(bind_dn=DIRMAN_DN, bind_pw=config.dirman_password, + conn.connect(bind_dn=ipaldap.DIRMAN_DN, bind_pw=config.dirman_password, tls_cacertfile=cafile) # Install CA cert so that we can do SSL connections with ldap diff --git a/ipatests/test_install/test_updates.py b/ipatests/test_install/test_updates.py index 4053d3547..553788d2a 100644 --- a/ipatests/test_install/test_updates.py +++ b/ipatests/test_install/test_updates.py @@ -64,7 +64,8 @@ class test_update(unittest.TestCase): raise nose.SkipTest("No directory manager password") self.updater = LDAPUpdate(dm_password=self.dm_password, sub_dict={}) self.ld = ipaldap.IPAdmin(fqdn) - self.ld.do_simple_bind(bindpw=self.dm_password) + self.ld.simple_bind(bind_dn=ipaldap.DIRMAN_DN, + bind_password=self.dm_password) self.testdir = os.path.abspath(os.path.dirname(__file__)) if not ipautil.file_exists(os.path.join(self.testdir, "0_reset.update")): diff --git a/ipatests/test_integration/host.py b/ipatests/test_integration/host.py index 399884fdb..8b9ebd5e8 100644 --- a/ipatests/test_integration/host.py +++ b/ipatests/test_integration/host.py @@ -47,7 +47,7 @@ class Host(pytest_multihost.host.Host): ldap = IPAdmin(self.external_hostname) binddn = self.config.dirman_dn self.log.info('LDAP bind as %s' % binddn) - ldap.do_simple_bind(binddn, self.config.dirman_password) + ldap.simple_bind(binddn, self.config.dirman_password) return ldap @classmethod |