user, migration: use LDAPClient for ad-hoc LDAP connections

Use LDAPClient instead of ldap2 for ad-hoc remote LDAP connections in the user_status and migrate-ds plugins. Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-02-23 09:44:04 +00:00 · 2017-02-23 09:44:04 +00:00 · e9cb74fd27
commit e9cb74fd27
parent 53c5c0ad7b
2 changed files with 10 additions and 17 deletions
--- a/ipaserver/plugins/migration.py
+++ b/ipaserver/plugins/migration.py
@ -28,13 +28,9 @@ from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, Bool
 from ipalib.cli import to_cli
 from ipalib.plugable import Registry
 from .user import NO_UPG_MAGIC
-if api.env.in_server and api.env.context in ['lite', 'server']:
-    try:
-        from ipaserver.plugins.ldap2 import ldap2
-    except Exception as e:
-        raise e
 from ipalib import _
 from ipapython.dn import DN
+from ipapython.ipaldap import LDAPClient
 from ipapython.ipautil import write_tmp_file
 from ipapython.kerberos import Principal
 import datetime
@ -885,8 +881,6 @@ migration process might be incomplete\n''')
            return dict(result={}, failed={}, enabled=False, compat=True)

        # connect to DS
-        ds_ldap = ldap2(self.api, ldap_uri=ldapuri)
-
        cacert = None
        if options.get('cacertfile') is not None:
            # store CA cert into file
@ -894,12 +888,13 @@ migration process might be incomplete\n''')
            cacert = tmp_ca_cert_f.name

            # start TLS connection
-            ds_ldap.connect(bind_dn=options['binddn'], bind_pw=bindpw,
-                            cacert=cacert)
+            ds_ldap = LDAPClient(ldapuri, cacert=cacert)
+            ds_ldap.simple_bind(options['binddn'], bindpw)

            tmp_ca_cert_f.close()
        else:
-            ds_ldap.connect(bind_dn=options['binddn'], bind_pw=bindpw)
+            ds_ldap = LDAPClient(ldapuri, cacert=cacert)
+            ds_ldap.simple_bind(options['binddn'], bindpw)

        # check whether the compat plugin is enabled
        if not options.get('compat'):
--- a/ipaserver/plugins/user.py
+++ b/ipaserver/plugins/user.py
@ -21,7 +21,7 @@
 import time
 from time import gmtime, strftime
 import posixpath
-import os
+
 import six

 from ipalib import api
@ -63,12 +63,10 @@ from ipalib import _, ngettext
 from ipalib import output
 from ipaplatform.paths import paths
 from ipapython.dn import DN
+from ipapython.ipaldap import LDAPClient
 from ipapython.ipautil import ipa_generate_password, TMP_PWD_ENTROPY_BITS
 from ipalib.capabilities import client_has_capability

-if api.env.in_server:
-    from ipaserver.plugins.ldap2 import ldap2
-
 if six.PY3:
    unicode = str

@ -1119,9 +1117,9 @@ class user_status(LDAPQuery):
            if host == api.env.host:
                other_ldap = self.obj.backend
            else:
-                other_ldap = ldap2(self.api, ldap_uri='ldap://%s' % host)
                try:
-                    other_ldap.connect(ccache=os.environ['KRB5CCNAME'])
+                    other_ldap = LDAPClient(ldap_uri='ldap://%s' % host)
+                    other_ldap.gssapi_bind()
                except Exception as e:
                    self.error("user_status: Connecting to %s failed with %s" % (host, str(e)))
                    newresult = {'dn': dn}
@ -1166,7 +1164,7 @@ class user_status(LDAPQuery):
                count += 1

            if host != api.env.host:
-                other_ldap.disconnect()
+                other_ldap.close()

        return dict(result=entries,
                    count=count,