diff options
author | Alexander Sulfrian <alexander.sulfrian@fu-berlin.de> | 2016-07-15 17:26:54 +0200 |
---|---|---|
committer | Alexander Sulfrian <alexander.sulfrian@fu-berlin.de> | 2017-03-21 17:26:08 +0100 |
commit | 5f2daf138aab3a993c182797dc3ca2049f6bd7af (patch) | |
tree | 067d2fae98dbd0df2c999885fd1f64ab117d2b11 | |
parent | 66c272c383c52343b5a201ab59ca2e0e1ee8ee2c (diff) | |
download | bcfg2-5f2daf138aab3a993c182797dc3ca2049f6bd7af.tar.gz bcfg2-5f2daf138aab3a993c182797dc3ca2049f6bd7af.tar.bz2 bcfg2-5f2daf138aab3a993c182797dc3ca2049f6bd7af.zip |
Server/Plugins/Ldap: Support specifying the ldap uri
You can now specify the server to connect by either host (and optionally
port) or by specifying the full ldap uri. If you specify host and port
the connection will use the plain (unencrypted) ldap protocol by default.
Only if you specify the port "636", it will use ldaps now.
-rw-r--r-- | doc/server/plugins/grouping/ldap.txt | 19 | ||||
-rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Ldap.py | 18 |
2 files changed, 22 insertions, 15 deletions
diff --git a/doc/server/plugins/grouping/ldap.txt b/doc/server/plugins/grouping/ldap.txt index 311bab9f5..f9c25dee9 100644 --- a/doc/server/plugins/grouping/ldap.txt +++ b/doc/server/plugins/grouping/ldap.txt @@ -7,7 +7,7 @@ Ldap ==== .. warning:: - This plugin is considered experimental and has known issues (see below). + This plugin is considered experimental. Purpose ------- @@ -115,8 +115,8 @@ LdapConnection .. class:: LdapConnection - This class represents an LDAP connection. Every query must be associated with exactly - one connection. + This class represents an LDAP connection. Every query must be associated + with exactly one connection. .. attribute:: LdapConnection.binddn @@ -132,7 +132,13 @@ LdapConnection .. attribute:: LdapConnection.port - Port where LDAP server is listening (defaults to 389). + Port where LDAP server is listening (defaults to 389). If you use + port 636 this module will use ldaps to connect to the server. + +.. attribute:: LdapConnection.uri + + LDAP URI of the LDAP server to connect to. This is prefered over + :attr:`LdapConnection.host` and :attr:`LdapConnection.port`. You may pass any of these attributes as keyword arguments when creating the connection object. @@ -266,8 +272,3 @@ search below that DN. You do not need to add all LdapQueries to the ``__queries__`` list. Only add those to that list, that should be called automatically and whose results should be added to the client metadata. - -Known Issues ------------- - -* At this point there is no support for SSL/TLS. diff --git a/src/lib/Bcfg2/Server/Plugins/Ldap.py b/src/lib/Bcfg2/Server/Plugins/Ldap.py index f342fba35..0b66f7777 100644 --- a/src/lib/Bcfg2/Server/Plugins/Ldap.py +++ b/src/lib/Bcfg2/Server/Plugins/Ldap.py @@ -169,7 +169,7 @@ class Ldap(Bcfg2.Server.Plugin.Plugin, class LdapConnection(Debuggable): """ Connection to an LDAP server. """ - def __init__(self, host="localhost", port=389, binddn=None, + def __init__(self, host="localhost", port=389, uri=None, binddn=None, bindpw=None): Debuggable.__init__(self) @@ -180,6 +180,7 @@ class LdapConnection(Debuggable): self.host = host self.port = port + self.uri = uri self.binddn = binddn self.bindpw = bindpw self.conn = None @@ -204,7 +205,8 @@ class LdapConnection(Debuggable): """ Open a connection to the configured LDAP server, and do a simple bind ff both binddn and bindpw are set. """ self.disconnect() - self.conn = ldap.initialize(self.url) + self.conn = ldap.initialize(self.get_uri()) + if self.binddn is not None and self.bindpw is not None: self.conn.simple_bind_s(self.binddn, self.bindpw) @@ -228,16 +230,20 @@ class LdapConnection(Debuggable): self.conn = None self.logger.error( "LdapConnection: Server %s down. Retry %d/%d in %.2fs." % - (self.url, attempt + 1, Bcfg2.Options.setup.ldap_retries, + (self.get_uri(), attempt + 1, + Bcfg2.Options.setup.ldap_retries, Bcfg2.Options.setup.ldap_retry_delay)) time.sleep(Bcfg2.Options.setup.ldap_retry_delay) return None - @property - def url(self): + def get_uri(self): """ The URL of the LDAP server. """ - return "ldap://%s:%d" % (self.host, self.port) + if self.uri is None: + if self.port == 636: + return "ldaps://%s" % self.host + return "ldap://%s:%d" % (self.host, self.port) + return self.uri class LdapQuery(object): |