Server/Plugins/Ldap: Support specifying the ldap uri

You can now specify the server to connect by either host (and optionally
port) or by specifying the full ldap uri. If you specify host and port
the connection will use the plain (unencrypted) ldap protocol by default.
Only if you specify the port "636", it will use ldaps now.

2 files changed, 22 insertions, 15 deletions

diff --git a/doc/server/plugins/grouping/ldap.txt b/doc/server/plugins/grouping/ldap.txt
index 311bab9f5..f9c25dee9 100644
--- a/doc/server/plugins/grouping/ldap.txt
+++ b/doc/server/plugins/grouping/ldap.txt
@@ -7,7 +7,7 @@ Ldap
 ====
 
 .. warning::
-    This plugin is considered experimental and has known issues (see below).
+    This plugin is considered experimental.
 
 Purpose
 -------
@@ -115,8 +115,8 @@ LdapConnection
 
 .. class:: LdapConnection
 
-   This class represents an LDAP connection. Every query must be associated with exactly
-   one connection.
+   This class represents an LDAP connection. Every query must be associated
+   with exactly one connection.
 
 .. attribute:: LdapConnection.binddn
 
@@ -132,7 +132,13 @@ LdapConnection
 
 .. attribute:: LdapConnection.port
 
-   Port where LDAP server is listening (defaults to 389).
+   Port where LDAP server is listening (defaults to 389). If you use
+   port 636 this module will use ldaps to connect to the server.
+
+.. attribute:: LdapConnection.uri
+
+   LDAP URI of the LDAP server to connect to. This is prefered over
+   :attr:`LdapConnection.host` and :attr:`LdapConnection.port`.
 
 You may pass any of these attributes as keyword arguments when creating the connection object.
 
@@ -266,8 +272,3 @@ search below that DN.
 You do not need to add all LdapQueries to the ``__queries__`` list. Only add those to
 that list, that should be called automatically and whose results should be added to the
 client metadata.
-
-Known Issues
-------------
-
-* At this point there is no support for SSL/TLS.
diff --git a/src/lib/Bcfg2/Server/Plugins/Ldap.py b/src/lib/Bcfg2/Server/Plugins/Ldap.py
index f342fba35..0b66f7777 100644
--- a/src/lib/Bcfg2/Server/Plugins/Ldap.py
+++ b/src/lib/Bcfg2/Server/Plugins/Ldap.py
@@ -169,7 +169,7 @@ class Ldap(Bcfg2.Server.Plugin.Plugin,
 class LdapConnection(Debuggable):
     """ Connection to an LDAP server. """
 
-    def __init__(self, host="localhost", port=389, binddn=None,
+    def __init__(self, host="localhost", port=389, uri=None, binddn=None,
                  bindpw=None):
         Debuggable.__init__(self)
 
@@ -180,6 +180,7 @@ class LdapConnection(Debuggable):
 
         self.host = host
         self.port = port
+        self.uri = uri
         self.binddn = binddn
         self.bindpw = bindpw
         self.conn = None
@@ -204,7 +205,8 @@ class LdapConnection(Debuggable):
         """ Open a connection to the configured LDAP server, and do a simple
         bind ff both binddn and bindpw are set. """
         self.disconnect()
-        self.conn = ldap.initialize(self.url)
+        self.conn = ldap.initialize(self.get_uri())
+
         if self.binddn is not None and self.bindpw is not None:
             self.conn.simple_bind_s(self.binddn, self.bindpw)
 
@@ -228,16 +230,20 @@ class LdapConnection(Debuggable):
                 self.conn = None
                 self.logger.error(
                     "LdapConnection: Server %s down. Retry %d/%d in %.2fs." %
-                    (self.url, attempt + 1, Bcfg2.Options.setup.ldap_retries,
+                    (self.get_uri(), attempt + 1,
+                     Bcfg2.Options.setup.ldap_retries,
                      Bcfg2.Options.setup.ldap_retry_delay))
                 time.sleep(Bcfg2.Options.setup.ldap_retry_delay)
 
         return None
 
-    @property
-    def url(self):
+    def get_uri(self):
         """ The URL of the LDAP server. """
-        return "ldap://%s:%d" % (self.host, self.port)
+        if self.uri is None:
+            if self.port == 636:
+                return "ldaps://%s" % self.host
+            return "ldap://%s:%d" % (self.host, self.port)
+        return self.uri
 
 
 class LdapQuery(object):