Make sure that when Directory Manager password is entered,
we directly do a simple bind instead of trying binding via GSSAPI.
Also capture ldap.INVALID_CREDENTIALS exception and provide nice
error message than crash.

https://fedorahosted.org/freeipa/ticket/1927

>From 332f96ea1e4c77d429adaad858a459138c0bfb9d Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Tue, 25 Oct 2011 15:34:45 +0200
Subject: [PATCH] Fix ipa-managed-entries bind procedure

Make sure that when Directory Manager password is entered,
we directly do a simple bind instead of trying binding via GSSAPI.
Also capture ldap.INVALID_CREDENTIALS exception and provide nice
error message than crash.

https://fedorahosted.org/freeipa/ticket/1927
---
 install/tools/ipa-managed-entries |   20 +++++++++++++-------
 1 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries
index 16f0a956cd2b1398dc3385d3f2254cb56cf23c09..649ef80017d7db57ab1efac859c5eb12450168db 100755
--- a/install/tools/ipa-managed-entries
+++ b/install/tools/ipa-managed-entries
@@ -106,15 +106,21 @@ def main():
     try:
         filter = '(objectClass=extensibleObject)'
         conn = ipaldap.IPAdmin(host, 636, cacert=CACERT)
-        conn.do_sasl_gssapi_bind()
-    except ldap.LOCAL_ERROR:
+
         if options.dirman_password:
-            dirman_password = options.dirman_password
+            conn.do_simple_bind(bindpw=options.dirman_password)
         else:
-            dirman_password = get_dirman_password()
-            if dirman_password is None:
-                sys.exit("\nDirectory Manager password required")
-        conn.do_simple_bind(bindpw=dirman_password)
+            conn.do_sasl_gssapi_bind()
+    except ldap.LOCAL_ERROR:
+        dirman_password = get_dirman_password()
+        if dirman_password is None:
+            sys.exit("\nDirectory Manager password required")
+        try:
+            conn.do_simple_bind(bindpw=dirman_password)
+        except ldap.INVALID_CREDENTIALS:
+            sys.exit("Invalid credentials")
+    except ldap.INVALID_CREDENTIALS:
+        sys.exit("Invalid credentials")
     except errors.ExecutionError, lde:
         sys.exit("An error occurred while connecting to the server.\n%s\n" %
             str(lde))
-- 
1.7.6.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to