mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
installutils: add DM password validator
Add a validator that checks whether provided Directory Manager is valid by attempting to connect to LDAP. Related https://pagure.io/freeipa/issue/6892 Signed-off-by: Tomas Krizek <tkrizek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
parent
80d61c2e01
commit
7a4a368c53
@ -50,6 +50,7 @@ import ipaplatform
|
||||
from ipapython import ipautil, admintool, version
|
||||
from ipapython.admintool import ScriptError
|
||||
from ipapython.ipa_log_manager import root_logger
|
||||
from ipapython.ipaldap import DIRMAN_DN, LDAPClient
|
||||
from ipalib.util import validate_hostname
|
||||
from ipalib import api, errors, x509
|
||||
from ipapython.dn import DN
|
||||
@ -329,6 +330,21 @@ def _read_password_default_validator(password):
|
||||
if len(password) < 8:
|
||||
raise ValueError("Password must be at least 8 characters long")
|
||||
|
||||
|
||||
def validate_dm_password_ldap(password):
|
||||
"""
|
||||
Validate DM password by attempting to connect to LDAP. api.env has to
|
||||
contain valid ldap_uri.
|
||||
"""
|
||||
client = LDAPClient(api.env.ldap_uri, cacert=paths.IPA_CA_CRT)
|
||||
try:
|
||||
client.simple_bind(DIRMAN_DN, password)
|
||||
except errors.ACIError:
|
||||
raise ValueError("Invalid Directory Manager password")
|
||||
else:
|
||||
client.unbind()
|
||||
|
||||
|
||||
def read_password(user, confirm=True, validate=True, retry=True, validator=_read_password_default_validator):
|
||||
correct = False
|
||||
pwd = None
|
||||
|
Loading…
Reference in New Issue
Block a user