Fix ipa-managed-entries bind procedure

Make sure that when Directory Manager password is entered,
we directly do a simple bind instead of trying binding via GSSAPI.
Also capture ldap.INVALID_CREDENTIALS exception and provide nice
error message than crash.

https://fedorahosted.org/freeipa/ticket/1927

1 files changed, 13 insertions, 7 deletions

diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries
index 610b19420..92f02ef59 100755
--- a/install/tools/ipa-managed-entries
+++ b/install/tools/ipa-managed-entries
@@ -106,15 +106,21 @@ def main():
     try:
         filter = '(objectClass=extensibleObject)'
         conn = ipaldap.IPAdmin(host, 636, cacert=CACERT)
-        conn.do_sasl_gssapi_bind()
-    except ldap.LOCAL_ERROR:
+
         if options.dirman_password:
-            dirman_password = options.dirman_password
+            conn.do_simple_bind(bindpw=options.dirman_password)
         else:
-            dirman_password = get_dirman_password()
-            if dirman_password is None:
-                sys.exit("\nDirectory Manager password required")
-        conn.do_simple_bind(bindpw=dirman_password)
+            conn.do_sasl_gssapi_bind()
+    except ldap.LOCAL_ERROR:
+        dirman_password = get_dirman_password()
+        if dirman_password is None:
+            sys.exit("\nDirectory Manager password required")
+        try:
+            conn.do_simple_bind(bindpw=dirman_password)
+        except ldap.INVALID_CREDENTIALS:
+            sys.exit("Invalid credentials")
+    except ldap.INVALID_CREDENTIALS:
+        sys.exit("Invalid credentials")
     except errors.ExecutionError, lde:
         sys.exit("An error occurred while connecting to the server.\n%s\n" %
             str(lde))