On Tue, 2014-05-06 at 15:56 +0300, Alexander Bokovoy wrote: > On Mon, 05 May 2014, Rob Crittenden wrote: > >Sumit Bose wrote: > >>On Fri, May 02, 2014 at 05:06:06PM -0400, Nathaniel McCallum wrote: > >>>I need the DN of the user who is running the current command. This may > >>>be defined as the user who is bound or will bind to execute the LDAP > >>>commands I have prepared. > >>> > >>>Does anyone know how to do this in the FreeIPA api? > >> > >>I guess you are looking for > >> > >> ipa user-find --whoami > > > >If you're doing this in your own plugin, you get the current principal with: > > > >getattr(context, 'principal') > > > >Using that you can get the DN of that user with a search like this: > > > >"(&(objectclass=posixaccount)(krbprincipalname=%s))" % > >getattr(context, 'principal') > > > >We don't currently have a helper for this. > > > >This is rather inefficient in user-find as it searches from the > >basedn rather than the user container for some reason. > We have whoami plugin enabled by default in 389-ds in FreeIPA. I'd > rather use that extended operation as it will give you proper response > from the dirsrv side for the connection. > > I verified that it gives you a user's DN even when S4U2Proxy is in use.
The context of this question is now my patch 0048. I'm currently calling self.api.Command.user_find(whoami=True) (per the first suggestion). Feel free to make suggestions in that review. Nathaniel _______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel