On Mon, 05 May 2014, Rob Crittenden wrote:
Sumit Bose wrote:
On Fri, May 02, 2014 at 05:06:06PM -0400, Nathaniel McCallum wrote:
I need the DN of the user who is running the current command. This may
be defined as the user who is bound or will bind to execute the LDAP
commands I have prepared.

Does anyone know how to do this in the FreeIPA api?

I guess you are looking for

 ipa user-find --whoami

If you're doing this in your own plugin, you get the current principal with:

getattr(context, 'principal')

Using that you can get the DN of that user with a search like this:

"(&(objectclass=posixaccount)(krbprincipalname=%s))" % getattr(context, 'principal')

We don't currently have a helper for this.

This is rather inefficient in user-find as it searches from the basedn rather than the user container for some reason.
We have whoami plugin enabled by default in 389-ds in FreeIPA. I'd
rather use that extended operation as it will give you proper response
from the dirsrv side for the connection.

I verified that it gives you a user's DN even when S4U2Proxy is in use.

/ Alexander Bokovoy

Freeipa-devel mailing list

Reply via email to