IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ldap2: modify arguments for create_connection

Browse Source 
* Remove unused and obsolete function arguments:
    * tls_certfile
    * tls_keyfile
    * debug_level
* Rename tls_cacertfile to cacert (same as name in LDAPClient)
* Set cacert to constants.CACERT by default.

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Tomas Krizek 2016-11-02 20:31:19 +01:00 committed by Martin Basti
parent a9585ec563
commit 41098e3f7b
3 changed files with 14 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ipaserver/install/server/replicainstall.py
View File

@ -633,7 +633,7 @@ def install_check(installer):
try: try:
# Try out the password # Try out the password
conn.connect(bind_dn=ipaldap.DIRMAN_DN, bind_pw=config.dirman_password, conn.connect(bind_dn=ipaldap.DIRMAN_DN, bind_pw=config.dirman_password,
tls_cacertfile=cafile) cacert=cafile)
replman = ReplicationManager(config.realm_name, replman = ReplicationManager(config.realm_name,
config.master_host_name, config.master_host_name,
config.dirman_password) config.dirman_password)
@ -787,7 +787,7 @@ def install(installer):
conn = remote_api.Backend.ldap2 conn = remote_api.Backend.ldap2
try: try:
conn.connect(bind_dn=ipaldap.DIRMAN_DN, bind_pw=config.dirman_password, conn.connect(bind_dn=ipaldap.DIRMAN_DN, bind_pw=config.dirman_password,
tls_cacertfile=cafile) cacert=cafile)
# Install CA cert so that we can do SSL connections with ldap # Install CA cert so that we can do SSL connections with ldap
install_ca_cert(conn, api.env.basedn, api.env.realm, cafile) install_ca_cert(conn, api.env.basedn, api.env.realm, cafile)

24
ipaserver/plugins/ldap2.py
View File

@ -31,7 +31,7 @@ import os
import ldap as _ldap import ldap as _ldap
from ipalib import krb_utils from ipalib import krb_utils, constants
from ipapython.dn import DN from ipapython.dn import DN
from ipapython.ipaldap import (LDAPClient, AUTOBIND_AUTO, AUTOBIND_ENABLED, from ipapython.ipaldap import (LDAPClient, AUTOBIND_AUTO, AUTOBIND_ENABLED,
AUTOBIND_DISABLED) AUTOBIND_DISABLED)
@ -126,8 +126,7 @@ class ldap2(CrudBackend, LDAPClient):
return self.ldap_uri return self.ldap_uri
def create_connection( def create_connection(
self, ccache=None, bind_dn=None, bind_pw='', tls_cacertfile=None, self, ccache=None, bind_dn=None, bind_pw='', cacert=None,
tls_certfile=None, tls_keyfile=None, debug_level=0,
autobind=AUTOBIND_AUTO, serverctrls=None, clientctrls=None, autobind=AUTOBIND_AUTO, serverctrls=None, clientctrls=None,
time_limit=_missing, size_limit=_missing): time_limit=_missing, size_limit=_missing):
""" """
@ -139,9 +138,7 @@ class ldap2(CrudBackend, LDAPClient):
bind_dn -- dn used to bind to the server bind_dn -- dn used to bind to the server
bind_pw -- password used to bind to the server bind_pw -- password used to bind to the server
debug_level -- LDAP debug level option debug_level -- LDAP debug level option
tls_cacertfile -- TLS CA certificate filename cacert -- TLS CA certificate filename
tls_certfile -- TLS certificate filename
tls_keyfile - TLS bind key filename
autobind - autobind as the current user autobind - autobind as the current user
time_limit, size_limit -- maximum time and size limit for LDAP time_limit, size_limit -- maximum time and size limit for LDAP
possible options: possible options:
@ -155,23 +152,18 @@ class ldap2(CrudBackend, LDAPClient):
if bind_dn is None: if bind_dn is None:
bind_dn = DN(('cn', 'directory manager')) bind_dn = DN(('cn', 'directory manager'))
assert isinstance(bind_dn, DN) assert isinstance(bind_dn, DN)
if tls_cacertfile is not None:
_ldap.set_option(_ldap.OPT_X_TLS_CACERTFILE, tls_cacertfile) if cacert is None:
if tls_certfile is not None: cacert = constants.CACERT
_ldap.set_option(_ldap.OPT_X_TLS_CERTFILE, tls_certfile)
if tls_keyfile is not None:
_ldap.set_option(_ldap.OPT_X_TLS_KEYFILE, tls_keyfile)
if time_limit is not _missing: if time_limit is not _missing:
self.time_limit = time_limit self.time_limit = time_limit
if size_limit is not _missing: if size_limit is not _missing:
self.size_limit = size_limit self.size_limit = size_limit
if debug_level:
_ldap.set_option(_ldap.OPT_DEBUG_LEVEL, debug_level)
client = LDAPClient(self.ldap_uri, client = LDAPClient(self.ldap_uri,
force_schema_updates=self._force_schema_updates) force_schema_updates=self._force_schema_updates,
cacert=cacert)
conn = client._conn conn = client._conn
with client.error_handler(): with client.error_handler():

8
ipaserver/plugins/migration.py
View File

@ -890,19 +890,19 @@ migration process might be incomplete\n''')
cacert = None cacert = None
if options.get('cacertfile') is not None: if options.get('cacertfile') is not None:
#store CA cert into file # store CA cert into file
tmp_ca_cert_f = write_tmp_file(options['cacertfile']) tmp_ca_cert_f = write_tmp_file(options['cacertfile'])
cacert = tmp_ca_cert_f.name cacert = tmp_ca_cert_f.name
#start TLS connection # start TLS connection
ds_ldap.connect(bind_dn=options['binddn'], bind_pw=bindpw, ds_ldap.connect(bind_dn=options['binddn'], bind_pw=bindpw,
tls_cacertfile=cacert) cacert=cacert)
tmp_ca_cert_f.close() tmp_ca_cert_f.close()
else: else:
ds_ldap.connect(bind_dn=options['binddn'], bind_pw=bindpw) ds_ldap.connect(bind_dn=options['binddn'], bind_pw=bindpw)
#check whether the compat plugin is enabled # check whether the compat plugin is enabled
if not options.get('compat'): if not options.get('compat'):
try: try:
ldap.get_entry(DN(('cn', 'compat'), (api.env.basedn))) ldap.get_entry(DN(('cn', 'compat'), (api.env.basedn)))