diff options
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/ipautil.py | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 72cf400f9..cfc979edb 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -22,6 +22,8 @@ PLUGINS_SHARE_DIR = "/usr/share/ipa/plugins" GEN_PWD_LEN = 12 +IPA_BASEDN_INFO = 'ipa v2.0' + import string import tempfile import logging @@ -33,6 +35,7 @@ import stat import shutil import urllib2 import socket +import ldap from ipapython import ipavalidate from types import * @@ -1126,3 +1129,37 @@ def bind_port_responder(port, socket_stream=True, socket_timeout=None, responder s.sendto(responder_data, addr) finally: s.close() + +def get_ipa_basedn(conn): + """ + Get base DN of IPA suffix in given LDAP server. + + None is returned if the suffix is not found + + :param conn: Bound LDAP connection that will be used for searching + """ + entries = conn.search_ext_s( + '', scope=ldap.SCOPE_BASE, attrlist=['namingcontexts'] + ) + + contexts = entries[0][1]['namingcontexts'] + for context in contexts: + logging.debug("Check if naming context '%s' is for IPA" % context) + try: + entry = conn.search_s(context, ldap.SCOPE_BASE, "(info=IPA*)") + except ldap.NO_SUCH_OBJECT: + logging.debug("LDAP server did not return info attribute to check for IPA version") + continue + if len(entry) == 0: + logging.debug("Info attribute with IPA server version not found") + continue + info = entry[0][1]['info'][0].lower() + if info != IPA_BASEDN_INFO: + logging.debug("Detected IPA server version (%s) did not match the client (%s)" \ + % (info, IPA_BASEDN_INFO)) + continue + logging.debug("Naming context '%s' is a valid IPA context" % context) + return context + + return None + |