mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Do not crash client basedn discovery when SSF not met
ipa-client-install runs anonymous search in non-rootdse space which may raise UNWILLING_TO_PERFORM error. This case was only covered for BIND, but not for the actual LDAP queries. https://fedorahosted.org/freeipa/ticket/4459 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
parent
724391a71b
commit
aa0639284c
@ -335,6 +335,10 @@ class IPADiscovery(object):
|
|||||||
no_schema=True, decode_attrs=False)
|
no_schema=True, decode_attrs=False)
|
||||||
try:
|
try:
|
||||||
lh.do_simple_bind(DN(), '')
|
lh.do_simple_bind(DN(), '')
|
||||||
|
|
||||||
|
# get IPA base DN
|
||||||
|
root_logger.debug("Search LDAP server for IPA base DN")
|
||||||
|
basedn = get_ipa_basedn(lh)
|
||||||
except errors.ACIError:
|
except errors.ACIError:
|
||||||
root_logger.debug("LDAP Error: Anonymous access not allowed")
|
root_logger.debug("LDAP Error: Anonymous access not allowed")
|
||||||
return [NO_ACCESS_TO_LDAP]
|
return [NO_ACCESS_TO_LDAP]
|
||||||
@ -350,10 +354,6 @@ class IPADiscovery(object):
|
|||||||
else:
|
else:
|
||||||
return [UNKNOWN_ERROR]
|
return [UNKNOWN_ERROR]
|
||||||
|
|
||||||
# get IPA base DN
|
|
||||||
root_logger.debug("Search LDAP server for IPA base DN")
|
|
||||||
basedn = get_ipa_basedn(lh)
|
|
||||||
|
|
||||||
if basedn is None:
|
if basedn is None:
|
||||||
root_logger.debug("The server is not an IPA server")
|
root_logger.debug("The server is not an IPA server")
|
||||||
return [NOT_IPA_SERVER]
|
return [NOT_IPA_SERVER]
|
||||||
|
Loading…
Reference in New Issue
Block a user