diff options
Diffstat (limited to 'ipapython/secrets/common.py')
| -rw-r--r-- | ipapython/secrets/common.py | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/ipapython/secrets/common.py b/ipapython/secrets/common.py new file mode 100644 index 000000000..2b906b649 --- /dev/null +++ b/ipapython/secrets/common.py @@ -0,0 +1,45 @@ +# Copyright (C) 2015 IPA Project Contributors, see COPYING for license +from __future__ import print_function +import ldap +import ldap.sasl +import ldap.filter + + +class iSecLdap(object): + + def __init__(self, uri, auth_type=None): + self.uri = uri + if auth_type is not None: + self.auth_type = auth_type + else: + if uri.startswith('ldapi'): + self.auth_type = 'EXTERNAL' + else: + self.auth_type = 'GSSAPI' + self._basedn = None + + @property + def basedn(self): + if self._basedn is None: + conn = self.connect() + r = conn.search_s('', ldap.SCOPE_BASE) + self._basedn = r[0][1]['defaultnamingcontext'][0] + return self._basedn + + def connect(self): + conn = ldap.initialize(self.uri) + if self.auth_type == 'EXTERNAL': + auth_tokens = ldap.sasl.external(None) + elif self.auth_type == 'GSSAPI': + auth_tokens = ldap.sasl.sasl({}, 'GSSAPI') + else: + raise ValueError( + 'Invalid authentication type: %s' % self.auth_type) + conn.sasl_interactive_bind_s('', auth_tokens) + return conn + + def build_filter(self, formatstr, args): + escaped_args = dict() + for key, value in args.iteritems(): + escaped_args[key] = ldap.filter.escape_filter_chars(value) + return formatstr.format(**escaped_args) |