def __search_in_dc(self, info, host, port, filter, attrs, scope, basedn=None, quiet=False): """ Actual search in AD LDAP server, using SASL GSSAPI authentication Returns LDAP result or None. """ (ccache_name, principal) = self.kinit_as_http(info['dns_domain']) if ccache_name: with installutils.private_ccache(path=ccache_name): entries = None try: conn = IPAdmin(host=host, port=389, # query the AD DC no_schema=True, decode_attrs=False, sasl_nocanon=True) # sasl_nocanon used to avoid hard requirement for PTR # records pointing back to the same host name conn.do_sasl_gssapi_bind() if basedn is None: # Use domain root base DN basedn = ipautil.realm_to_suffix(info['dns_domain']) entries = conn.get_entries(basedn, scope, filter, attrs) except Exception, e: msg = "Search on AD DC {host}:{port} failed with: {err}"\ .format(host=host, port=str(port), err=str(e)) if quiet: root_logger.debug(msg) else: root_logger.warning(msg) finally: