def bind_sasl(self):
mech = self._config(self.CFG_SASLMECH).upper()
if 'EXTERNAL' in mech:
self.sasl_interactive_bind_s('', sasl.external())
if 'GSSAPI' in mech:
self.sasl_interactive_bind_s('', sasl.gssapi())
def bind_sasl(self):
mech = self._config(self.CFG_SASLMECH).upper()
if 'EXTERNAL' in mech:
self.sasl_interactive_bind_s('', sasl.external())
if 'GSSAPI' in mech:
self.sasl_interactive_bind_s('', sasl.gssapi())
def _bind(self, bindmethod="external",binduser="", cred="", authzid=""):
if bindmethod=="external":
s=sasl.external()
self.lc.sasl_interactive_bind_s("",s)
self.me=self.lc.whoami_s()
if self.me=="":
self.me="(anonymous)"
debug( "bind to ldap server at '%s' as '%s'"%(self.lc.get_option(ldap.OPT_URI), self.me) )
if bindmethod=="simple":
self.lc.simple_bind_s(binduser,cred)
return
def _bind(self, bindmethod="external", binduser="", cred="", authzid=""):
if bindmethod == "external":
s = sasl.external()
self.lc.sasl_interactive_bind_s("", s)
self.me = self.lc.whoami_s()
if self.me == "":
self.me = "(anonymous)"
debug("bind to ldap server at '%s' as '%s'" %
(self.lc.get_option(ldap.OPT_URI), self.me))
if bindmethod == "simple":
self.lc.simple_bind_s(binduser, cred)
return
def sasl_bind(self):
"""
Gain superadmin access to the OpenLDAP server.
This is far more than simple "cn=admin,*" access.
We are going to navigate the configuration and setup
the server if needed.
by the way, fix #133.
"""
assert ltrace_func(TRACE_OPENLDAP)
logging.progress(_(u'{0}: binding in EXTERNAL SASL mode.').format(self.pretty_name))
self.openldap_conn.sasl_interactive_bind_s('', pyldapsasl.external())
def get_conn(self):
conn = self.conn
if conn is None:
import ldap; from ldap import sasl
conn = ldap.initialize(self.ldapuri)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
if self.simpleauth:
conn.simple_bind_s(self.binddn, self.credentials)
else:
saslmech = self.saslmech.lower()
if saslmech == 'cram-md5':
auth = sasl.cram_md5(self.authcid, self.credentials, self.authzid)
elif saslmech == 'digest-md5':
auth = sasl.digest_md5(self.authcid, self.credentials, self.authzid)
elif saslmech == 'gssapi':
auth = sasl.gssapi(self.authzid)
elif saslmech == 'external':
auth = sasl.external(self.authzid)
conn.sasl_interactive_bind_s('', auth)
self.conn = conn
return conn
def get_conn(self):
conn = self.conn
if conn is None:
import ldap
from ldap import sasl
conn = ldap.initialize(self.ldapuri)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
if self.simpleauth:
conn.simple_bind_s(self.binddn, self.credentials)
else:
saslmech = self.saslmech.lower()
if saslmech == 'cram-md5':
auth = sasl.cram_md5(self.authcid, self.credentials,
self.authzid)
elif saslmech == 'digest-md5':
auth = sasl.digest_md5(self.authcid, self.credentials,
self.authzid)
elif saslmech == 'gssapi':
auth = sasl.gssapi(self.authzid)
elif saslmech == 'external':
auth = sasl.external(self.authzid)
conn.sasl_interactive_bind_s('', auth)
self.conn = conn
return conn