def ldap_connect(self):
"""Return an LDAPClient authenticated to this host as directory manager
"""
self.log.info('Connecting to LDAP at %s', self.external_hostname)
ldap = IPAdmin(self.external_hostname)
binddn = self.config.dirman_dn
self.log.info('LDAP bind as %s' % binddn)
ldap.do_simple_bind(binddn, self.config.dirman_password)
return ldap
def ldap_connect(self):
"""Return an LDAPClient authenticated to this host as directory manager
"""
self.log.info('Connecting to LDAP at %s', self.external_hostname)
ldap = IPAdmin(self.external_hostname)
binddn = self.config.dirman_dn
self.log.info('LDAP bind as %s' % binddn)
ldap.do_simple_bind(binddn, self.config.dirman_password)
return ldap
def get_base_dn(ldap_uri):
"""
Retrieve LDAP server base DN.
"""
try:
conn = IPAdmin(ldap_uri=ldap_uri)
conn.do_simple_bind(DN(), '')
base_dn = get_ipa_basedn(conn)
except Exception, e:
root_logger.error('migration context search failed: %s' % e)
return ''
def get_base_dn(ldap_uri):
"""
Retrieve LDAP server base DN.
"""
try:
conn = IPAdmin(ldap_uri=ldap_uri)
conn.do_simple_bind(DN(), '')
base_dn = get_ipa_basedn(conn)
except Exception, e:
root_logger.error('migration context search failed: %s' % e)
return ''
def bind(ldap_uri, base_dn, username, password):
if not base_dn:
root_logger.error('migration unable to get base dn')
raise IOError(errno.EIO, 'Cannot get Base DN')
bind_dn = DN(('uid', username), ('cn', 'users'), ('cn', 'accounts'), base_dn)
try:
conn = IPAdmin(ldap_uri=ldap_uri)
conn.do_simple_bind(bind_dn, password)
except (errors.ACIError, errors.DatabaseError, errors.NotFound), e:
root_logger.error(
'migration invalid credentials for %s: %s' % (bind_dn, e))
raise IOError(
errno.EPERM, 'Invalid LDAP credentials for user %s' % username)
def bind(ldap_uri, base_dn, username, password):
if not base_dn:
root_logger.error('migration unable to get base dn')
raise IOError(errno.EIO, 'Cannot get Base DN')
bind_dn = DN(('uid', username), ('cn', 'users'), ('cn', 'accounts'),
base_dn)
try:
conn = IPAdmin(ldap_uri=ldap_uri)
conn.do_simple_bind(bind_dn, password)
except (errors.ACIError, errors.DatabaseError, errors.NotFound), e:
root_logger.error('migration invalid credentials for %s: %s' %
(bind_dn, e))
raise IOError(errno.EPERM,
'Invalid LDAP credentials for user %s' % username)
def __search_in_dc(self, info, host, port, filter, attrs, scope,
basedn=None, quiet=False):
"""
Actual search in AD LDAP server, using SASL GSSAPI authentication
Returns LDAP result or None.
"""
(ccache_name, principal) = self.kinit_as_http(info['dns_domain'])
if ccache_name:
with installutils.private_ccache(path=ccache_name):
entries = None
try:
conn = IPAdmin(host=host,
port=389, # query the AD DC
no_schema=True,
decode_attrs=False,
sasl_nocanon=True)
# sasl_nocanon used to avoid hard requirement for PTR
# records pointing back to the same host name
conn.do_sasl_gssapi_bind()
if basedn is None:
# Use domain root base DN
basedn = ipautil.realm_to_suffix(info['dns_domain'])
entries = conn.get_entries(basedn, scope, filter, attrs)
except Exception, e:
msg = "Search on AD DC {host}:{port} failed with: {err}"\
.format(host=host, port=str(port), err=str(e))
if quiet:
root_logger.debug(msg)
else:
root_logger.warning(msg)
finally:
import ipapython
from pprint import pprint
from ipapython.ipaldap import IPAdmin
from ipapython.dn import DN
dn = DN(('uid', 'jwhite'),
('cn', 'users'),
('cn', 'accounts'),
('dc', 'ipa'),
('dc', 'test'))
print 'DN:', dn
ldap = IPAdmin(host='ipa33.ipa.test')
entry = ldap.get_entry(dn)
#####
print 'DN:', entry.dn
print 'Name:', entry['cn']
print 'All attributes:'
pprint.pprint(dict(entry))
