From a68c95d11612108375877ff45bdb53ce6fc8fbe4 Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tkrizek@redhat.com>
Date: Nov 10 2016 16:40:49 +0000
Subject: ipaldap: remove do_bind from LDAPClient


Remove do_bind() method that was a relict used in IPAdmin. Replace
its uses with simple / external binds.

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Basti <mbasti@redhat.com>

---

diff --git a/install/tools/ipa-httpd-kdcproxy b/install/tools/ipa-httpd-kdcproxy
index 20674c2..329565c 100755
--- a/install/tools/ipa-httpd-kdcproxy
+++ b/install/tools/ipa-httpd-kdcproxy
@@ -79,7 +79,7 @@ class KDCProxyConfig(object):
         self.log.debug('ldap_uri: %s', self.ldap_uri)
         try:
             self.con = LDAPClient(self.ldap_uri)
-            self.con.do_bind()
+            self.con.external_bind()
         except (errors.NetworkError, socket.timeout) as e:
             msg = 'Unable to connect to dirsrv: %s' % e
             raise CheckError(msg)
diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
index 2994c01..ed5c804 100644
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@@ -749,26 +749,6 @@ class LDAPClient(object):
     def __str__(self):
         return self.ldap_uri
 
-    def do_bind(self, dm_password="", autobind=AUTOBIND_AUTO):
-        if dm_password:
-            self.simple_bind(bind_dn=DIRMAN_DN,
-                             bind_password=dm_password)
-            return
-        if (autobind != AUTOBIND_DISABLED and os.getegid() == 0 and
-                self._protocol == 'ldapi'):
-            try:
-                # autobind
-                self.external_bind()
-                return
-            except errors.NotFound:
-                if autobind == AUTOBIND_ENABLED:
-                    # autobind was required and failed, raise
-                    # exception that it failed
-                    raise
-
-        # fall back
-        self.gssapi_bind()
-
     def modify_s(self, dn, modlist):
         # FIXME: for backwards compatibility only
         assert isinstance(dn, DN)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 7d6f3ba..9810246 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -241,7 +241,7 @@ def dns_container_exists(fqdn, suffix, dm_password=None, ldapi=False,
         ldap_uri = ipaldap.get_ldap_uri(fqdn, 636, ldapi=ldapi, realm=realm,
                                         cacert=CACERT)
         conn = ipaldap.LDAPClient(ldap_uri, cacert=CACERT)
-        conn.do_bind(dm_password)
+        conn.simple_bind(ipaldap.DIRMAN_DN, dm_password)
     except ldap.SERVER_DOWN:
         raise RuntimeError('LDAP server on %s is not responding. Is IPA installed?' % fqdn)
 
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
index a6c1013..bc2477b 100644
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@@ -44,8 +44,7 @@ def dnssec_container_exists(fqdn, suffix, dm_password=None, ldapi=False,
         ldap_uri = ipaldap.get_ldap_uri(fqdn, 636, ldapi=ldapi, realm=realm,
                                         cacert=CACERT)
         conn = ipaldap.LDAPClient(ldap_uri, cacert=CACERT)
-
-        conn.do_bind(dm_password)
+        conn.simple_bind(ipaldap.DIRMAN_DN, dm_password)
     except ldap.SERVER_DOWN:
         raise RuntimeError('LDAP server on %s is not responding. Is IPA installed?' % fqdn)