mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-28 18:01:23 -06:00
463dda3067
Add a customized Custodia daemon and enable it after installation. Generates server keys and loads them in LDAP autonomously on install or update. Provides client code classes too. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
46 lines
1.4 KiB
Python
46 lines
1.4 KiB
Python
# Copyright (C) 2015 IPA Project Contributors, see COPYING for license
|
|
from __future__ import print_function
|
|
import ldap
|
|
import ldap.sasl
|
|
import ldap.filter
|
|
|
|
|
|
class iSecLdap(object):
|
|
|
|
def __init__(self, uri, auth_type=None):
|
|
self.uri = uri
|
|
if auth_type is not None:
|
|
self.auth_type = auth_type
|
|
else:
|
|
if uri.startswith('ldapi'):
|
|
self.auth_type = 'EXTERNAL'
|
|
else:
|
|
self.auth_type = 'GSSAPI'
|
|
self._basedn = None
|
|
|
|
@property
|
|
def basedn(self):
|
|
if self._basedn is None:
|
|
conn = self.connect()
|
|
r = conn.search_s('', ldap.SCOPE_BASE)
|
|
self._basedn = r[0][1]['defaultnamingcontext'][0]
|
|
return self._basedn
|
|
|
|
def connect(self):
|
|
conn = ldap.initialize(self.uri)
|
|
if self.auth_type == 'EXTERNAL':
|
|
auth_tokens = ldap.sasl.external(None)
|
|
elif self.auth_type == 'GSSAPI':
|
|
auth_tokens = ldap.sasl.sasl({}, 'GSSAPI')
|
|
else:
|
|
raise ValueError(
|
|
'Invalid authentication type: %s' % self.auth_type)
|
|
conn.sasl_interactive_bind_s('', auth_tokens)
|
|
return conn
|
|
|
|
def build_filter(self, formatstr, args):
|
|
escaped_args = dict()
|
|
for key, value in args.iteritems():
|
|
escaped_args[key] = ldap.filter.escape_filter_chars(value)
|
|
return formatstr.format(**escaped_args)
|