From e9cb74fd27f4015ad980781785d95bd4107b6f40 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Jul 04 2017 10:06:33 +0000 Subject: user, migration: use LDAPClient for ad-hoc LDAP connections Use LDAPClient instead of ldap2 for ad-hoc remote LDAP connections in the user_status and migrate-ds plugins. Reviewed-By: Martin Babinsky Reviewed-By: Christian Heimes --- diff --git a/ipaserver/plugins/migration.py b/ipaserver/plugins/migration.py index 72abd14..e8d102a 100644 --- a/ipaserver/plugins/migration.py +++ b/ipaserver/plugins/migration.py @@ -28,13 +28,9 @@ from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, Bool from ipalib.cli import to_cli from ipalib.plugable import Registry from .user import NO_UPG_MAGIC -if api.env.in_server and api.env.context in ['lite', 'server']: - try: - from ipaserver.plugins.ldap2 import ldap2 - except Exception as e: - raise e from ipalib import _ from ipapython.dn import DN +from ipapython.ipaldap import LDAPClient from ipapython.ipautil import write_tmp_file from ipapython.kerberos import Principal import datetime @@ -885,8 +881,6 @@ migration process might be incomplete\n''') return dict(result={}, failed={}, enabled=False, compat=True) # connect to DS - ds_ldap = ldap2(self.api, ldap_uri=ldapuri) - cacert = None if options.get('cacertfile') is not None: # store CA cert into file @@ -894,12 +888,13 @@ migration process might be incomplete\n''') cacert = tmp_ca_cert_f.name # start TLS connection - ds_ldap.connect(bind_dn=options['binddn'], bind_pw=bindpw, - cacert=cacert) + ds_ldap = LDAPClient(ldapuri, cacert=cacert) + ds_ldap.simple_bind(options['binddn'], bindpw) tmp_ca_cert_f.close() else: - ds_ldap.connect(bind_dn=options['binddn'], bind_pw=bindpw) + ds_ldap = LDAPClient(ldapuri, cacert=cacert) + ds_ldap.simple_bind(options['binddn'], bindpw) # check whether the compat plugin is enabled if not options.get('compat'): diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py index b714bd2..65c8723 100644 --- a/ipaserver/plugins/user.py +++ b/ipaserver/plugins/user.py @@ -21,7 +21,7 @@ import time from time import gmtime, strftime import posixpath -import os + import six from ipalib import api @@ -63,12 +63,10 @@ from ipalib import _, ngettext from ipalib import output from ipaplatform.paths import paths from ipapython.dn import DN +from ipapython.ipaldap import LDAPClient from ipapython.ipautil import ipa_generate_password, TMP_PWD_ENTROPY_BITS from ipalib.capabilities import client_has_capability -if api.env.in_server: - from ipaserver.plugins.ldap2 import ldap2 - if six.PY3: unicode = str @@ -1119,9 +1117,9 @@ class user_status(LDAPQuery): if host == api.env.host: other_ldap = self.obj.backend else: - other_ldap = ldap2(self.api, ldap_uri='ldap://%s' % host) try: - other_ldap.connect(ccache=os.environ['KRB5CCNAME']) + other_ldap = LDAPClient(ldap_uri='ldap://%s' % host) + other_ldap.gssapi_bind() except Exception as e: self.error("user_status: Connecting to %s failed with %s" % (host, str(e))) newresult = {'dn': dn} @@ -1166,7 +1164,7 @@ class user_status(LDAPQuery): count += 1 if host != api.env.host: - other_ldap.disconnect() + other_ldap.close() return dict(result=entries, count=count,