Unified ldap_initialize() function

Replace all ldap.initialize() calls with a helper function ldap_initialize(). It handles cacert and cert validation correctly. It also provides a unique place to handle python-ldap 3.0 bytes warnings in the future. Fixes: https://pagure.io/freeipa/issue/7411 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-02-15 12:30:06 +01:00
parent c701cd21d3
commit 1b0c55a3b3
7 changed files with 47 additions and 21 deletions
--- a/ipaserver/secrets/common.py
+++ b/ipaserver/secrets/common.py
@@ -4,6 +4,8 @@ import ldap
 import ldap.sasl
 import ldap.filter

+from ipapython.ipaldap import ldap_initialize
+

 class iSecLdap(object):

@@ -27,7 +29,7 @@ class iSecLdap(object):
        return self._basedn

    def connect(self):
-        conn = ldap.initialize(self.uri)
+        conn = ldap_initialize(self.uri)
        if self.auth_type == 'EXTERNAL':
            auth_tokens = ldap.sasl.external(None)
        elif self.auth_type == 'GSSAPI':