ipaldap: merge simple_bind into LDAPClient

* Use LDAPClient.simple_bind instead of extra call to IPAdmin.do_simple_bind * Rename binddn to bind_dn * Rename bindpw to bind_password * Explicitly specify bind_dn in all calls https://fedorahosted.org/freeipa/ticket/6461 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-01-26 16:16:31 -06:00 · 2016-10-05 17:42:32 +02:00 · 2016-10-05 17:42:32 +02:00 · de58a5c605
commit de58a5c605
parent 5760b7e983
13 changed files with 44 additions and 36 deletions
--- a/install/migration/migration.py
+++ b/install/migration/migration.py
@ -49,7 +49,7 @@ def bind(ldap_uri, base_dn, username, password):
    bind_dn = DN(('uid', username), ('cn', 'users'), ('cn', 'accounts'), base_dn)
    try:
        conn = IPAdmin(ldap_uri=ldap_uri)
-        conn.do_simple_bind(bind_dn, password)
+        conn.simple_bind(bind_dn, password)
    except (errors.ACIError, errors.DatabaseError, errors.NotFound) as e:
        root_logger.error(
            'migration invalid credentials for %s: %s' % (bind_dn, e))
--- a/install/tools/ipa-csreplica-manage
+++ b/install/tools/ipa-csreplica-manage
@ -94,7 +94,8 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose):
    try:
        # connect to main IPA LDAP server
        conn = ipaldap.IPAdmin(host, 636, cacert=CACERT)
-        conn.do_simple_bind(bindpw=dirman_passwd)
+        conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                         bind_password=dirman_passwd)

        dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm))
        entries = conn.get_entries(dn, conn.SCOPE_ONELEVEL)
@ -295,7 +296,8 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
        sys.exit(str(e))
    try:
        conn = ipaldap.IPAdmin(replica2, 636, cacert=CACERT)
-        conn.do_simple_bind(bindpw=dirman_passwd)
+        conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                         bind_password=dirman_passwd)

        dn = DN(('cn', 'CA'), ('cn', replica2), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
                ipautil.realm_to_suffix(realm))
--- a/install/tools/ipa-managed-entries
+++ b/install/tools/ipa-managed-entries
@ -91,7 +91,8 @@ def main():

        if options.dirman_password:
            try:
-                conn.do_simple_bind(bindpw=options.dirman_password)
+                conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                                 bind_password=options.dirman_password)
            except errors.ACIError:
                sys.exit("Invalid credentials")
        else:
@ -101,7 +102,8 @@ def main():
        if dirman_password is None:
            sys.exit("Directory Manager password required")
        try:
-            conn.do_simple_bind(bindpw=dirman_password)
+            conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                             bind_password=dirman_password)
        except errors.ACIError:
            sys.exit("Invalid credentials")
    except errors.ExecutionError as lde:
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@ -169,7 +169,8 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose, nolookup=False):
    try:
        conn = ipaldap.IPAdmin(host, 636, cacert=CACERT)
        if dirman_passwd:
-            conn.do_simple_bind(bindpw=dirman_passwd)
+            conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                             bind_password=dirman_passwd)
        else:
            conn.do_sasl_gssapi_bind()
    except Exception as e:
@ -628,7 +629,8 @@ def clean_dangling_ruvs(realm, host, options):
    """
    conn = ipaldap.IPAdmin(host, 636, cacert=CACERT)
    try:
-        conn.do_simple_bind(bindpw=options.dirman_passwd)
+        conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                         bind_password=options.dirman_passwd)

        # get all masters
        masters_dn = DN(api.env.container_masters, api.env.basedn)
@ -673,7 +675,8 @@ def clean_dangling_ruvs(realm, host, options):
    for master_cn, master_info in info.items():
        try:
            conn = ipaldap.IPAdmin(master_cn, 636, cacert=CACERT)
-            conn.do_simple_bind(bindpw=options.dirman_passwd)
+            conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                             bind_password=options.dirman_passwd)
            master_info['online'] = True
        except Exception:
            print("The server '{host}' appears to be offline."
--- a/ipaclient/ipadiscovery.py
+++ b/ipaclient/ipadiscovery.py
@ -386,7 +386,7 @@ class IPADiscovery(object):
                lh = ipaldap.IPAdmin(thost, protocol='ldap',
                                     no_schema=True, decode_attrs=False)
            try:
-                lh.do_simple_bind(DN(), '')
+                lh.simple_bind(DN(), '')

                # get IPA base DN
                root_logger.debug("Search LDAP server for IPA base DN")
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@ -61,6 +61,8 @@ TRUNCATED_SIZE_LIMIT = object()
 TRUNCATED_TIME_LIMIT = object()
 TRUNCATED_ADMIN_LIMIT = object()

+DIRMAN_DN = DN(('cn', 'directory manager'))
+

 def unicode_from_utf8(val):
    '''
@ -1050,6 +1052,7 @@ class LDAPClient(object):
    def __enter__(self):
        return self

+
    def __exit__(self, exc_type, exc_value, traceback):
        self.close()

@ -1075,8 +1078,6 @@ class LDAPClient(object):
        """
        with self.error_handler():
            self._flush_schema()
-            if bind_dn is None:
-                bind_dn = DN()
            assert isinstance(bind_dn, DN)
            bind_dn = str(bind_dn)
            bind_password = self.encode(bind_password)
@ -1630,10 +1631,6 @@ class IPAdmin(LDAPClient):
    def __str__(self):
        return self.host + ":" + str(self.port)

-    def do_simple_bind(self, binddn=DN(('cn', 'directory manager')),
-                       bindpw=""):
-        self.simple_bind(binddn, bindpw)
-
    def do_sasl_gssapi_bind(self):
        self.gssapi_bind()

@ -1642,7 +1639,7 @@ class IPAdmin(LDAPClient):

    def do_bind(self, dm_password="", autobind=AUTOBIND_AUTO):
        if dm_password:
-            self.do_simple_bind(bindpw=dm_password)
+            self.simple_bind(bind_dn=DIRMAN_DN, bind_password=dm_password)
            return
        if autobind != AUTOBIND_DISABLED and os.getegid() == 0 and self.ldapi:
            try:
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@ -1500,8 +1500,8 @@ def replica_ca_install_check(config):
        with ipaldap.LDAPClient(ca_ldap_url,
                                start_tls=True,
                                force_schema_updates=False) as connection:
-            connection.simple_bind(DN(('cn', 'Directory Manager')),
-                                   config.dirman_password)
+            connection.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                                   bind_password=config.dirman_password)
            rschema = connection.schema
            result = rschema.get_obj(ldap.schema.models.ObjectClass,
                                     objectclass)
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@ -659,8 +659,8 @@ class DsInstance(service.Service):
        root_logger.debug("Waiting for memberof task to complete.")
        conn = ipaldap.IPAdmin(self.fqdn)
        if self.dm_password:
-            conn.do_simple_bind(
-                DN(('cn', 'directory manager')), self.dm_password)
+            conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                             bind_password=self.dm_password)
        else:
            conn.do_sasl_gssapi_bind()
        replication.wait_for_task(conn, dn)
@ -794,7 +794,8 @@ class DsInstance(service.Service):
                'restart_dirsrv %s' % self.serverid)

        conn = ipaldap.IPAdmin(self.fqdn)
-        conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password)
+        conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                         bind_password=self.dm_password)

        mod = [(ldap.MOD_REPLACE, "nsSSLClientAuth", "allowed"),
               (ldap.MOD_REPLACE, "nsSSL3Ciphers", "default"),
@ -830,7 +831,8 @@ class DsInstance(service.Service):
        trust_flags = dict(reversed(dsdb.list_certs()))

        conn = ipaldap.IPAdmin(self.fqdn)
-        conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password)
+        conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                         bind_password=self.dm_password)

        nicknames = dsdb.find_root_cert(self.cacert_name)[:-1]
        for nickname in nicknames:
@ -853,7 +855,8 @@ class DsInstance(service.Service):
                            subject_base=self.subject_base)

        conn = ipaldap.IPAdmin(self.fqdn)
-        conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password)
+        conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                         bind_password=self.dm_password)

        self.import_ca_certs(dsdb, self.ca_is_configured, conn)

--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@ -59,8 +59,8 @@ def connect(ldapi=False, realm=None, fqdn=None, dm_password=None, pw_name=None):
        conn = ipaldap.IPAdmin(fqdn, ldapi=False, realm=realm, decode_attrs=False)
    try:
        if dm_password:
-            conn.do_simple_bind(binddn=DN(('cn', 'directory manager')),
-                                bindpw=dm_password)
+            conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                             bind_password=dm_password)
        elif os.getegid() == 0:
            try:
                # autobind
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@ -117,7 +117,8 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd):
    """
    conn = ipaldap.IPAdmin(hostname, realm=realm, ldapi=True)
    if dirman_passwd:
-        conn.do_simple_bind(bindpw=dirman_passwd)
+        conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                         bind_password=dirman_passwd)
    else:
        conn.do_sasl_gssapi_bind()
    entry = conn.get_entry(DN(('cn', 'IPA Version Replication'),
@ -217,7 +218,8 @@ class ReplicationManager(object):
            else:
                self.conn = ipaldap.IPAdmin(hostname, port=port, cacert=CACERT)
            if dirman_passwd:
-                self.conn.do_simple_bind(bindpw=dirman_passwd)
+                self.conn.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                                      bind_password=dirman_passwd)
            else:
                self.conn.do_sasl_gssapi_bind()
        else:
@ -1009,7 +1011,7 @@ class ReplicationManager(object):
            start_tls=True)

        if r_bindpw:
-            r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw)
+            r_conn.simple_bind(r_binddn, r_bindpw)
        else:
            r_conn.do_sasl_gssapi_bind()

@ -1115,7 +1117,7 @@ class ReplicationManager(object):
    def convert_to_gssapi_replication(self, r_hostname, r_binddn, r_bindpw):
        r_conn = ipaldap.IPAdmin(r_hostname, port=PORT, cacert=CACERT)
        if r_bindpw:
-            r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw)
+            r_conn.simple_bind(r_binddn, r_bindpw)
        else:
            r_conn.do_sasl_gssapi_bind()

@ -1145,7 +1147,7 @@ class ReplicationManager(object):
        # allow connections using two different CA certs
        r_conn = ipaldap.IPAdmin(r_hostname, port=PORT, cacert=CACERT)
        if r_bindpw:
-            r_conn.do_simple_bind(binddn=r_binddn, bindpw=r_bindpw)
+            r_conn.simple_bind(r_binddn, r_bindpw)
        else:
            r_conn.do_sasl_gssapi_bind()

--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@ -51,8 +51,6 @@ from .common import BaseServer
 if six.PY3:
    unicode = str

-DIRMAN_DN = DN(('cn', 'directory manager'))
-

 def get_dirman_password():
    return installutils.read_password("Directory Manager (existing master)",
@ -637,7 +635,7 @@ def install_check(installer):
    replman = None
    try:
        # Try out the password
-        conn.connect(bind_dn=DIRMAN_DN, bind_pw=config.dirman_password,
+        conn.connect(bind_dn=ipaldap.DIRMAN_DN, bind_pw=config.dirman_password,
                     tls_cacertfile=cafile)
        replman = ReplicationManager(config.realm_name,
                                     config.master_host_name,
@ -791,7 +789,7 @@ def install(installer):
    remote_api = installer._remote_api
    conn = remote_api.Backend.ldap2
    try:
-        conn.connect(bind_dn=DIRMAN_DN, bind_pw=config.dirman_password,
+        conn.connect(bind_dn=ipaldap.DIRMAN_DN, bind_pw=config.dirman_password,
                     tls_cacertfile=cafile)

        # Install CA cert so that we can do SSL connections with ldap
--- a/ipatests/test_install/test_updates.py
+++ b/ipatests/test_install/test_updates.py
@ -64,7 +64,8 @@ class test_update(unittest.TestCase):
            raise nose.SkipTest("No directory manager password")
        self.updater = LDAPUpdate(dm_password=self.dm_password, sub_dict={})
        self.ld = ipaldap.IPAdmin(fqdn)
-        self.ld.do_simple_bind(bindpw=self.dm_password)
+        self.ld.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
+                            bind_password=self.dm_password)
        self.testdir = os.path.abspath(os.path.dirname(__file__))
        if not ipautil.file_exists(os.path.join(self.testdir,
                                                "0_reset.update")):
--- a/ipatests/test_integration/host.py
+++ b/ipatests/test_integration/host.py
@ -47,7 +47,7 @@ class Host(pytest_multihost.host.Host):
        ldap = IPAdmin(self.external_hostname)
        binddn = self.config.dirman_dn
        self.log.info('LDAP bind as %s' % binddn)
-        ldap.do_simple_bind(binddn, self.config.dirman_password)
+        ldap.simple_bind(binddn, self.config.dirman_password)
        return ldap

    @classmethod