diff options
| -rw-r--r-- | doc/server/plugins/grouping/ldap.txt | 19 | ||||
| -rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Ldap.py | 18 |
2 files changed, 22 insertions, 15 deletions
diff --git a/doc/server/plugins/grouping/ldap.txt b/doc/server/plugins/grouping/ldap.txt index 311bab9f5..f9c25dee9 100644 --- a/doc/server/plugins/grouping/ldap.txt +++ b/doc/server/plugins/grouping/ldap.txt @@ -7,7 +7,7 @@ Ldap ==== .. warning:: - This plugin is considered experimental and has known issues (see below). + This plugin is considered experimental. Purpose ------- @@ -115,8 +115,8 @@ LdapConnection .. class:: LdapConnection - This class represents an LDAP connection. Every query must be associated with exactly - one connection. + This class represents an LDAP connection. Every query must be associated + with exactly one connection. .. attribute:: LdapConnection.binddn @@ -132,7 +132,13 @@ LdapConnection .. attribute:: LdapConnection.port - Port where LDAP server is listening (defaults to 389). + Port where LDAP server is listening (defaults to 389). If you use + port 636 this module will use ldaps to connect to the server. + +.. attribute:: LdapConnection.uri + + LDAP URI of the LDAP server to connect to. This is prefered over + :attr:`LdapConnection.host` and :attr:`LdapConnection.port`. You may pass any of these attributes as keyword arguments when creating the connection object. @@ -266,8 +272,3 @@ search below that DN. You do not need to add all LdapQueries to the ``__queries__`` list. Only add those to that list, that should be called automatically and whose results should be added to the client metadata. - -Known Issues ------------- - -* At this point there is no support for SSL/TLS. diff --git a/src/lib/Bcfg2/Server/Plugins/Ldap.py b/src/lib/Bcfg2/Server/Plugins/Ldap.py index f342fba35..0b66f7777 100644 --- a/src/lib/Bcfg2/Server/Plugins/Ldap.py +++ b/src/lib/Bcfg2/Server/Plugins/Ldap.py @@ -169,7 +169,7 @@ class Ldap(Bcfg2.Server.Plugin.Plugin, class LdapConnection(Debuggable): """ Connection to an LDAP server. """ - def __init__(self, host="localhost", port=389, binddn=None, + def __init__(self, host="localhost", port=389, uri=None, binddn=None, bindpw=None): Debuggable.__init__(self) @@ -180,6 +180,7 @@ class LdapConnection(Debuggable): self.host = host self.port = port + self.uri = uri self.binddn = binddn self.bindpw = bindpw self.conn = None @@ -204,7 +205,8 @@ class LdapConnection(Debuggable): """ Open a connection to the configured LDAP server, and do a simple bind ff both binddn and bindpw are set. """ self.disconnect() - self.conn = ldap.initialize(self.url) + self.conn = ldap.initialize(self.get_uri()) + if self.binddn is not None and self.bindpw is not None: self.conn.simple_bind_s(self.binddn, self.bindpw) @@ -228,16 +230,20 @@ class LdapConnection(Debuggable): self.conn = None self.logger.error( "LdapConnection: Server %s down. Retry %d/%d in %.2fs." % - (self.url, attempt + 1, Bcfg2.Options.setup.ldap_retries, + (self.get_uri(), attempt + 1, + Bcfg2.Options.setup.ldap_retries, Bcfg2.Options.setup.ldap_retry_delay)) time.sleep(Bcfg2.Options.setup.ldap_retry_delay) return None - @property - def url(self): + def get_uri(self): """ The URL of the LDAP server. """ - return "ldap://%s:%d" % (self.host, self.port) + if self.uri is None: + if self.port == 636: + return "ldaps://%s" % self.host + return "ldap://%s:%d" % (self.host, self.port) + return self.uri class LdapQuery(object): |