mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-02 12:16:56 -06:00
b0e5168841
https://pagure.io/freeipa/issue/4985 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
46 lines
1.4 KiB
Python
46 lines
1.4 KiB
Python
# Copyright (C) 2015 IPA Project Contributors, see COPYING for license
|
|
from __future__ import print_function
|
|
import ldap
|
|
import ldap.sasl
|
|
import ldap.filter
|
|
|
|
|
|
class iSecLdap(object):
|
|
|
|
def __init__(self, uri, auth_type=None):
|
|
self.uri = uri
|
|
if auth_type is not None:
|
|
self.auth_type = auth_type
|
|
else:
|
|
if uri.startswith('ldapi'):
|
|
self.auth_type = 'EXTERNAL'
|
|
else:
|
|
self.auth_type = 'GSSAPI'
|
|
self._basedn = None
|
|
|
|
@property
|
|
def basedn(self):
|
|
if self._basedn is None:
|
|
conn = self.connect()
|
|
r = conn.search_s('', ldap.SCOPE_BASE)
|
|
self._basedn = r[0][1]['defaultnamingcontext'][0].decode('utf-8')
|
|
return self._basedn
|
|
|
|
def connect(self):
|
|
conn = ldap.initialize(self.uri)
|
|
if self.auth_type == 'EXTERNAL':
|
|
auth_tokens = ldap.sasl.external(None)
|
|
elif self.auth_type == 'GSSAPI':
|
|
auth_tokens = ldap.sasl.sasl({}, 'GSSAPI')
|
|
else:
|
|
raise ValueError(
|
|
'Invalid authentication type: %s' % self.auth_type)
|
|
conn.sasl_interactive_bind_s('', auth_tokens)
|
|
return conn
|
|
|
|
def build_filter(self, formatstr, args):
|
|
escaped_args = dict()
|
|
for key, value in args.items():
|
|
escaped_args[key] = ldap.filter.escape_filter_chars(value)
|
|
return formatstr.format(**escaped_args)
|