From 2ef1eb0ae75270d37dcbb106e431a98eb02f0993 Mon Sep 17 00:00:00 2001
From: David Kupka <dkupka@redhat.com>
Date: Mon, 23 Nov 2015 07:48:40 +0000
Subject: ipa-otptoken-import: Fix connection to ldap.

https://fedorahosted.org/freeipa/ticket/5475

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 ipaserver/install/ipa_otptoken_import.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ipaserver/install/ipa_otptoken_import.py b/ipaserver/install/ipa_otptoken_import.py
index 9e70b74a1..10b8af6f1 100644
--- a/ipaserver/install/ipa_otptoken_import.py
+++ b/ipaserver/install/ipa_otptoken_import.py
@@ -36,7 +36,7 @@ from six.moves import xrange
 
 from ipapython import admintool
 from ipalib import api, errors
-from ipaserver.plugins.ldap2 import ldap2
+from ipaserver.plugins.ldap2 import ldap2, AUTOBIND_DISABLED
 
 if six.PY3:
     unicode = str
@@ -511,9 +511,9 @@ class OTPTokenImport(admintool.AdminTool):
         api.bootstrap(in_server=True)
         api.finalize()
 
-        conn = ldap2(api)
         try:
-            conn.connect()
+            api.Backend.ldap2.connect(ccache=os.environ.get('KRB5CCNAME'),
+                                      autobind=AUTOBIND_DISABLED)
         except (gssapi.exceptions.GSSError, errors.ACIError):
             raise admintool.ScriptError("Unable to connect to LDAP! Did you kinit?")
 
@@ -528,7 +528,7 @@ class OTPTokenImport(admintool.AdminTool):
                     self.log.info("Added token: %s", keypkg.id)
                     keypkg.remove()
         finally:
-            conn.disconnect()
+            api.Backend.ldap2.disconnect()
 
         # Write out the XML file without the tokens that succeeded.
         self.doc.save(self.output)
-- 
cgit