Re: [Freeipa-devel] [PATCH] 0082 Use EXTERNAL auth mechanism in ldapmodify

2013-11-14 Thread Martin Kosek 
On 11/13/2013 05:45 PM, Tomas Babej wrote:
> On 11/05/2013 06:44 PM, Ana Krivokapic wrote:
>> Hello,
>>
>> This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3895.
>>
>>
>>
>> ___
>> Freeipa-devel mailing list
>> Freeipa-devel@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> 
> ACK
> 

Pushed to master.

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 0082 Use EXTERNAL auth mechanism in ldapmodify

2013-11-13 Thread Tomas Babej 

On 11/05/2013 06:44 PM, Ana Krivokapic wrote:

Hello,

This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3895.



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


ACK

--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 0082 Use EXTERNAL auth mechanism in ldapmodify

2013-11-05 Thread Ana Krivokapic 
Hello,

This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3895.

-- 
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

From 3bd13d7424a05d3900c13c911bf58899baa8d429 Mon Sep 17 00:00:00 2001
From: Ana Krivokapic 
Date: Tue, 5 Nov 2013 18:38:55 +0100
Subject: [PATCH] Use EXTERNAL auth mechanism in ldapmodify

Default to using the EXTERNAL authorization mechanism in calls to ldapmodify

https://fedorahosted.org/freeipa/ticket/3895
---
 ipaserver/install/service.py | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 4a244abb9135ae4c712abcb27456bc2436728215..0d7a664561fdf2b02353dd7284392e250f61a9f2 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -121,17 +121,15 @@ def ldap_connect(self):
 
 self.admin_conn = conn
 
-
 def ldap_disconnect(self):
 self.admin_conn.unbind()
 self.admin_conn = None
 
-def _ldap_mod(self, ldif, sub_dict = None):
-
+def _ldap_mod(self, ldif, sub_dict=None):
 pw_name = None
 fd = None
 path = ipautil.SHARE_DIR + ldif
-nologlist=[]
+nologlist = []
 
 if sub_dict is not None:
 txt = ipautil.template_file(path, sub_dict)
@@ -139,9 +137,9 @@ def _ldap_mod(self, ldif, sub_dict = None):
 path = fd.name
 
 # do not log passwords
-if sub_dict.has_key('PASSWORD'):
+if 'PASSWORD' in sub_dict:
 nologlist.append(sub_dict['PASSWORD'])
-if sub_dict.has_key('RANDOM_PASSWORD'):
+if 'RANDOM_PASSWORD' in sub_dict:
 nologlist.append(sub_dict['RANDOM_PASSWORD'])
 
 args = ["/usr/bin/ldapmodify", "-v", "-f", path]
@@ -152,16 +150,18 @@ def _ldap_mod(self, ldif, sub_dict = None):
 self.ldap_connect()
 args += ["-H", self.admin_conn.ldap_uri]
 
-auth_parms = []
+# If DM password is available, use it
 if self.dm_password:
 [pw_fd, pw_name] = tempfile.mkstemp()
 os.write(pw_fd, self.dm_password)
 os.close(pw_fd)
 auth_parms = ["-x", "-D", "cn=Directory Manager", "-y", pw_name]
+# Use GSSAPI auth when not using DM password or not being root
+elif os.getegid() != 0:
+auth_parms = ["-Y", "GSSAPI"]
+# Default to EXTERNAL auth mechanism
 else:
-# always try GSSAPI auth when not using DM password or not being root
-if os.getegid() != 0:
-auth_parms = ["-Y", "GSSAPI"]
+auth_parms = ["-Y", "EXTERNAL"]
 
 args += auth_parms
 
-- 
1.8.3.1

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel