def __search_in_dc(self, info, host, port, filter, attrs, scope,
basedn=None, quiet=False):
"""
Actual search in AD LDAP server, using SASL GSSAPI authentication
Returns LDAP result or None.
"""
(ccache_name, principal) = self.kinit_as_http(info['dns_domain'])
if ccache_name:
with installutils.private_ccache(path=ccache_name):
entries = None
try:
conn = IPAdmin(host=host,
port=389, # query the AD DC
no_schema=True,
decode_attrs=False,
sasl_nocanon=True)
# sasl_nocanon used to avoid hard requirement for PTR
# records pointing back to the same host name
conn.do_sasl_gssapi_bind()
if basedn is None:
# Use domain root base DN
basedn = ipautil.realm_to_suffix(info['dns_domain'])
entries = conn.get_entries(basedn, scope, filter, attrs)
except Exception, e:
msg = "Search on AD DC {host}:{port} failed with: {err}"\
.format(host=host, port=str(port), err=str(e))
if quiet:
root_logger.debug(msg)
else:
root_logger.warning(msg)
finally:
