Remove IPAdmin.sasl_interactive_bind_s

Also, rename remaining uses of SASL_AUTH to SASL_GSSAPI to better
reflect what it is.

Part of the work for: https://fedorahosted.org/freeipa/ticket/2660

ipaserver/dcerpc.py

@@ -441,15 +441,12 @@ class DomainValidator(object):
         if auth:
             (ccache_name, principal) = self.__kinit_as_trusted_account(info, auth)
             if ccache_name:
-                cb_info = dict()
-                # pass empty dict, SASL GSSAPI is able to get all from the ccache
-                sasl_auth = _ldap.sasl.sasl(cb_info,'GSSAPI')
                 old_ccache = os.environ.get('KRB5CCNAME')
                 os.environ["KRB5CCNAME"] = ccache_name
                 # OPT_X_SASL_NOCANON is used to avoid hard requirement for PTR
                 # records pointing back to the same host name
                 conn.set_option(_ldap.OPT_X_SASL_NOCANON, _ldap.OPT_ON)
-                conn.sasl_interactive_bind_s(None, sasl_auth)
+                conn.do_sasl_gssapi_bind()
                 if basedn is None:
                     # Use domain root base DN
                     basedn = DN(*map(lambda p: ('dc', p), info['dns_domain'].split('.')))

ipaserver/ipaldap.py

@@ -41,7 +41,7 @@ from ipapython.ipa_log_manager import log_mgr
 from ipapython.dn import DN, RDN
 
 # Global variable to define SASL auth
-SASL_AUTH = ldap.sasl.sasl({}, 'GSSAPI')
+SASL_GSSAPI = ldap.sasl.sasl({}, 'GSSAPI')
 
 DEFAULT_TIMEOUT = 10
 DN_SYNTAX_OID = '1.3.6.1.4.1.1466.115.121.1.12'
@@ -1617,12 +1617,12 @@ class IPAdmin(LDAPClient):
 
     def do_sasl_gssapi_bind(self, timeout=DEFAULT_TIMEOUT):
         self.__bind_with_wait(
-            self.sasl_interactive_bind_s, timeout, None, SASL_AUTH)
+            self.conn.sasl_interactive_bind_s, timeout, None, SASL_GSSAPI)
 
     def do_external_bind(self, user_name=None, timeout=DEFAULT_TIMEOUT):
         auth_tokens = ldap.sasl.external(user_name)
         self.__bind_with_wait(
-            self.sasl_interactive_bind_s, timeout, None, auth_tokens)
+            self.conn.sasl_interactive_bind_s, timeout, None, auth_tokens)
 
     def updateEntry(self,dn,oldentry,newentry):
         # FIXME: for backwards compatibility only
@@ -1712,10 +1712,6 @@ class IPAdmin(LDAPClient):
         # FIXME: for backwards compatibility only
         return self.conn.set_option(*args, **kwargs)
 
-    def sasl_interactive_bind_s(self, *args, **kwargs):
-        # FIXME: for backwards compatibility only
-        return self.conn.sasl_interactive_bind_s(*args, **kwargs)
-
     def encode(self, *args, **kwargs):
         # FIXME: for backwards compatibility only
         return self.conn.encode(*args, **kwargs)

ipaserver/plugins/ldap2.py

@@ -36,7 +36,7 @@ import krbV
 import ldap as _ldap
 
 from ipapython.dn import DN
-from ipaserver.ipaldap import SASL_AUTH, IPASimpleLDAPObject, LDAPClient
+from ipaserver.ipaldap import SASL_GSSAPI, IPASimpleLDAPObject, LDAPClient
 
 
 try:
@@ -156,7 +156,7 @@ class ldap2(LDAPClient, CrudBackend):
                         context=krbV.default_context()).principal().name
 
                 os.environ['KRB5CCNAME'] = ccache
-                conn.sasl_interactive_bind_s(None, SASL_AUTH)
+                conn.sasl_interactive_bind_s(None, SASL_GSSAPI)
                 setattr(context, 'principal', principal)
             else:
                 # no kerberos ccache, use simple bind or external sasl