exc_obj,exc_value,exc_traceback = sys.exc_info()
sys.stderr.write('Unable to bind as "%s" to "%s":\n%s\n' % (binddn,ldap_host,exc_value))
sys.exit(1)
try:
ldap_msgid = l.search(
basedn,
ldap.SCOPE_SUBTREE,
searchfilter,
['cn','mail','usercertificate','usersmimecertificate','usercertificate;binary','usersmimecertificate;binary'],
0
)
except ldap.NO_SUCH_OBJECT:
result_dnlist = []
except ldap.FILTER_ERROR:
sys.stderr.write('Bad search filter %s.\n' % charset.utf2iso(searchfilter))
sys.exit(1)
except ldap.SIZELIMIT_EXCEEDED:
sys.stderr.write('Sizelimit exceeded. Please refine search.\n')
sys.exit(1)
except ldap.NO_SUCH_OBJECT:
sys.stderr.write('No search results with filter %s.\n' % charset.utf2iso(searchfilter))
sys.exit(1)
except ldap.error:
exc_obj,exc_value,exc_traceback = sys.exc_info()
sys.stderr.write('LDAP exception %(desc)s: %(info)s.\n' % exc_value)
sys.exit(1)
#except:
# exc_obj,exc_value,exc_traceback = sys.exc_info()
# sys.stderr.write('Unhandled exception: %s.\n' % exc_value)
# sys.exit(1)
existing_usercert_attrtype = a
break
old_usercertificate_attr = {}
if existing_usercert_attrtype!=None:
for ldap_cert in entry[1][existing_usercert_attrtype]:
old_usercertificate_attr[ldap_cert] = None
ldap_modlist = []
if cert_entry[openssl.db.DB_type]==openssl.db.DB_TYPE_VAL:
if existing_usercert_attrtype is None:
# Add new certificate attribute
ldap_modlist.append((ldap.MOD_ADD,'userCertificate;binary',[local_cert]))
sys.stdout.write('Adding new certificate attribute usercertificate;binary with certificate serial %s of LDAP entry "%s".\n' % (cert_entry[openssl.db.DB_serial],charset.utf2iso(ldap_dn)))
elif replace:
# Replace existing certificate attribute
ldap_modlist.append((ldap.MOD_DELETE,existing_usercert_attrtype,None))
ldap_modlist.append((ldap.MOD_ADD,existing_usercert_attrtype,[local_cert]))
sys.stdout.write('Replacing attribute %s of entry %s with certificate serial %s.\n' % (
existing_usercert_attrtype,
charset.utf2iso(ldap_dn),
cert_entry[openssl.db.DB_serial]
)
)
elif not old_usercertificate_attr.has_key(local_cert):
# Add new certificate attribute value
ldap_modlist.append((ldap.MOD_DELETE,existing_usercert_attrtype,None))
ldap_modlist.append((ldap.MOD_ADD,existing_usercert_attrtype,old_usercertificate_attr.keys()+[local_cert]))
sys.stdout.write(
old_usercertificate_attr[ldap_cert] = None
ldap_modlist = []
if cert_entry[
openssl.db.DB_type] == openssl.db.DB_TYPE_VAL:
if existing_usercert_attrtype is None:
# Add new certificate attribute
ldap_modlist.append(
(ldap.MOD_ADD, 'userCertificate;binary',
[local_cert]))
sys.stdout.write(
'Adding new certificate attribute usercertificate;binary with certificate serial %s of LDAP entry "%s".\n'
% (cert_entry[openssl.db.DB_serial],
charset.utf2iso(ldap_dn)))
elif replace:
# Replace existing certificate attribute
ldap_modlist.append(
(ldap.MOD_DELETE, existing_usercert_attrtype,
None))
ldap_modlist.append(
(ldap.MOD_ADD, existing_usercert_attrtype,
[local_cert]))
sys.stdout.write(
'Replacing attribute %s of entry %s with certificate serial %s.\n'
% (existing_usercert_attrtype,
charset.utf2iso(ldap_dn),
cert_entry[openssl.db.DB_serial]))
elif not old_usercertificate_attr.has_key(local_cert):
# Add new certificate attribute value