diff options
author | Martin Kosek <mkosek@redhat.com> | 2011-10-25 15:34:45 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-11-16 08:53:39 +0100 |
commit | d301007e697b8dc6b67fe9c128f4a2b381cdf9d2 (patch) | |
tree | 4940385ce543108f0d35ab2d9bdcf222db6343bc | |
parent | 452eaf5436bfff90c88d75f23c3f71e5be43eaec (diff) | |
download | freeipa-d301007e697b8dc6b67fe9c128f4a2b381cdf9d2.tar.gz freeipa-d301007e697b8dc6b67fe9c128f4a2b381cdf9d2.tar.xz freeipa-d301007e697b8dc6b67fe9c128f4a2b381cdf9d2.zip |
Fix ipa-managed-entries bind procedure
Make sure that when Directory Manager password is entered,
we directly do a simple bind instead of trying binding via GSSAPI.
Also capture ldap.INVALID_CREDENTIALS exception and provide nice
error message than crash.
https://fedorahosted.org/freeipa/ticket/1927
-rwxr-xr-x | install/tools/ipa-managed-entries | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries index 610b19420..92f02ef59 100755 --- a/install/tools/ipa-managed-entries +++ b/install/tools/ipa-managed-entries @@ -106,15 +106,21 @@ def main(): try: filter = '(objectClass=extensibleObject)' conn = ipaldap.IPAdmin(host, 636, cacert=CACERT) - conn.do_sasl_gssapi_bind() - except ldap.LOCAL_ERROR: + if options.dirman_password: - dirman_password = options.dirman_password + conn.do_simple_bind(bindpw=options.dirman_password) else: - dirman_password = get_dirman_password() - if dirman_password is None: - sys.exit("\nDirectory Manager password required") - conn.do_simple_bind(bindpw=dirman_password) + conn.do_sasl_gssapi_bind() + except ldap.LOCAL_ERROR: + dirman_password = get_dirman_password() + if dirman_password is None: + sys.exit("\nDirectory Manager password required") + try: + conn.do_simple_bind(bindpw=dirman_password) + except ldap.INVALID_CREDENTIALS: + sys.exit("Invalid credentials") + except ldap.INVALID_CREDENTIALS: + sys.exit("Invalid credentials") except errors.ExecutionError, lde: sys.exit("An error occurred while connecting to the server.\n%s\n" % str(lde)) |