[Freeipa-devel] [PATCH 0116] Refactoring of service autobind
Jan Cholasta
jcholast at redhat.com
Thu Aug 28 12:01:36 UTC 2014
Hi,
Dne 27.8.2014 v 15:22 Martin Basti napsal(a):
> Patch attached.
>
1) Please rename object_exists to entry_exists.
2) Use empty attribute list in get_entry() in object_exists/entry_exists.
3) Please update LDAPObject.get_dn_if_exists() to use
object_exists/entry_exists.
4) I'm not a fan of how do_bind() is laid out, IMHO something like this
would be better (untested):
+ def do_bind(self, dm_password=None, autobind=AUTOBIND_AUTO,
timeout=DEFAULT_TIMEOUT):
+ if dm_password:
+ self.do_simple_bind(bindpw=dm_password, timeout=timeout)
+ return
+
+ if autobind != AUTOBIND_DISABLED and os.getegid() == 0 and
self.ldapi:
+ try:
+ # autobind
+ pw_name = pwd.getpwuid(os.geteuid()).pw_name
+ self.do_external_bind(pw_name, timeout=timeout)
+ return
+ except errors.NotFound:
+ if autobind == AUTOBIND_ENABLED:
+ # autobind was required and failed, raise
+ # exception that it failed
+ raise
+
+ # Fall back
+ self.do_sasl_gssapi_bind(timeout=timeout)
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list