def ldap_connect(self): """Return an LDAPClient authenticated to this host as directory manager """ self.log.info('Connecting to LDAP at %s', self.external_hostname) ldap = IPAdmin(self.external_hostname) binddn = self.config.dirman_dn self.log.info('LDAP bind as %s' % binddn) ldap.do_simple_bind(binddn, self.config.dirman_password) return ldap
def get_base_dn(ldap_uri): """ Retrieve LDAP server base DN. """ try: conn = IPAdmin(ldap_uri=ldap_uri) conn.do_simple_bind(DN(), '') base_dn = get_ipa_basedn(conn) except Exception, e: root_logger.error('migration context search failed: %s' % e) return ''
def bind(ldap_uri, base_dn, username, password): if not base_dn: root_logger.error('migration unable to get base dn') raise IOError(errno.EIO, 'Cannot get Base DN') bind_dn = DN(('uid', username), ('cn', 'users'), ('cn', 'accounts'), base_dn) try: conn = IPAdmin(ldap_uri=ldap_uri) conn.do_simple_bind(bind_dn, password) except (errors.ACIError, errors.DatabaseError, errors.NotFound), e: root_logger.error( 'migration invalid credentials for %s: %s' % (bind_dn, e)) raise IOError( errno.EPERM, 'Invalid LDAP credentials for user %s' % username)
def bind(ldap_uri, base_dn, username, password): if not base_dn: root_logger.error('migration unable to get base dn') raise IOError(errno.EIO, 'Cannot get Base DN') bind_dn = DN(('uid', username), ('cn', 'users'), ('cn', 'accounts'), base_dn) try: conn = IPAdmin(ldap_uri=ldap_uri) conn.do_simple_bind(bind_dn, password) except (errors.ACIError, errors.DatabaseError, errors.NotFound), e: root_logger.error('migration invalid credentials for %s: %s' % (bind_dn, e)) raise IOError(errno.EPERM, 'Invalid LDAP credentials for user %s' % username)
def __search_in_dc(self, info, host, port, filter, attrs, scope, basedn=None, quiet=False): """ Actual search in AD LDAP server, using SASL GSSAPI authentication Returns LDAP result or None. """ (ccache_name, principal) = self.kinit_as_http(info['dns_domain']) if ccache_name: with installutils.private_ccache(path=ccache_name): entries = None try: conn = IPAdmin(host=host, port=389, # query the AD DC no_schema=True, decode_attrs=False, sasl_nocanon=True) # sasl_nocanon used to avoid hard requirement for PTR # records pointing back to the same host name conn.do_sasl_gssapi_bind() if basedn is None: # Use domain root base DN basedn = ipautil.realm_to_suffix(info['dns_domain']) entries = conn.get_entries(basedn, scope, filter, attrs) except Exception, e: msg = "Search on AD DC {host}:{port} failed with: {err}"\ .format(host=host, port=str(port), err=str(e)) if quiet: root_logger.debug(msg) else: root_logger.warning(msg) finally:
import ipapython from pprint import pprint from ipapython.ipaldap import IPAdmin from ipapython.dn import DN dn = DN(('uid', 'jwhite'), ('cn', 'users'), ('cn', 'accounts'), ('dc', 'ipa'), ('dc', 'test')) print 'DN:', dn ldap = IPAdmin(host='ipa33.ipa.test') entry = ldap.get_entry(dn) ##### print 'DN:', entry.dn print 'Name:', entry['cn'] print 'All attributes:' pprint.pprint(dict(entry))