Avoid ipa-dnskeysync-replica & ipa-ods-exporter crashes caused by exceeding LDAP limits

ldap2 internally does LDAP search to find out what LDAP search limits
should be used (!). The problem is that this internal search has hardcoded
limits and throws LimitExceeded exception when DS is too slow.

DNSSEC daemons do not need any abstractions from ldap2 so we are going
to use ipaldap directly. This will avoid the unnecessary search and
associated risks.

https://fedorahosted.org/freeipa/ticket/5342

Reviewed-By: Martin Basti <mbasti@redhat.com>

daemons/dnssec/ipa-dnskeysync-replica

@@ -28,7 +28,6 @@ from ipapython.dn import DN
 from ipapython.ipa_log_manager import root_logger, standard_logging_setup
 from ipapython import ipaldap
 from ipapython import ipautil
-from ipaserver.plugins.ldap2 import ldap2
 from ipaplatform.paths import paths
 
 from ipapython.dnssec.abshsm import sync_pkcs11_metadata, ldap2p11helper_api_params, wrappingmech_name2id
@@ -154,10 +153,9 @@ os.environ['KRB5CCNAME'] = ccache_filename
 log.debug('Got TGT')
 
 # LDAP initialization
-ldap = ipalib.api.Backend[ldap2]
-# fixme
+ldap = ipaldap.LDAPClient(ipalib.api.env.ldap_uri)
 log.debug('Connecting to LDAP')
-ldap.connect(ccache=ccache_filename)
+ldap.gssapi_bind()
 log.debug('Connected')
 
 

daemons/dnssec/ipa-ods-exporter

@@ -38,7 +38,6 @@ from ipapython.dn import DN
 from ipapython.ipa_log_manager import root_logger, standard_logging_setup
 from ipapython import ipaldap
 from ipapython import ipautil
-from ipaserver.plugins.ldap2 import ldap2
 from ipaplatform.paths import paths
 
 from ipapython.dnssec.abshsm import sync_pkcs11_metadata, wrappingmech_name2id
@@ -503,10 +502,9 @@ log.debug('Got TGT')
 
 # LDAP initialization
 dns_dn = DN(ipalib.api.env.container_dns, ipalib.api.env.basedn)
-ldap = ipalib.api.Backend[ldap2]
-# fixme
+ldap = ipaldap.LDAPClient(ipalib.api.env.ldap_uri)
 log.debug('Connecting to LDAP')
-ldap.connect(ccache=ccache_name)
+ldap.gssapi_bind()
 log.debug('Connected')