IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Disable schema retrieval and attribute decoding when talking to AD GC.

Browse Source
This commit is contained in:
Jan Cholasta 2013-03-07 10:56:49 +01:00 committed by Martin Kosek
parent f423364fa8
commit 9955ba0714
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ipaserver/dcerpc.py
View File

@ -434,7 +434,7 @@ class DomainValidator(object):
Actual search in AD LDAP server, using SASL GSSAPI authentication Actual search in AD LDAP server, using SASL GSSAPI authentication
Returns LDAP result or None Returns LDAP result or None
""" """
conn = IPAdmin(host=host, port=port) conn = IPAdmin(host=host, port=port, no_schema=True, decode_attrs=False)
auth = self.__extract_trusted_auth(info) auth = self.__extract_trusted_auth(info)
if attrs is None: if attrs is None:
attrs = [] attrs = []
@ -450,10 +450,7 @@ class DomainValidator(object):
if basedn is None: if basedn is None:
# Use domain root base DN # Use domain root base DN
basedn = DN(*map(lambda p: ('dc', p), info['dns_domain'].split('.'))) basedn = DN(*map(lambda p: ('dc', p), info['dns_domain'].split('.')))
# We don't use conn.getEntry() because it will attempt to fetch schema from GC and that will fail entries = conn.get_entries(basedn, scope, filter, attrs)
filterstr = conn.encode(filter)
attrlist = conn.encode(attrs)
entries = conn.conn.conn.search_s(str(basedn), scope, filterstr, attrlist, 0)
os.environ["KRB5CCNAME"] = old_ccache os.environ["KRB5CCNAME"] = old_ccache
return entries return entries