[Freeipa-devel] right way to connect to DS with Directory Manager creds from the test
Oleg Fayans
ofayans at redhat.com
Fri Jul 17 15:03:05 UTC 2015
Hi everybody,
What is the right way to connect to the Directory Server using Directory
Manager credentials from the autotest?
I need to execute something like
ldapsearch -D "cn=Directory Manager" -w '<directory_manager_password>'
-b "cn=IPA Topology Configuration,cn=plugins,cn=config"
form the python code.
A quick look through the code showed that the following method is
generally used to connect to ldap:
self.ldapuri = 'ldap://%s' % ipautil.format_netloc(api.env.host)
self.conn = ldap2(api, ldap_uri=self.ldapuri)
self.conn.connect()
(See ipatests/test_ipaserver/test_ldap.py)
But this is an anonymous access.
The existing solution to use the kerberos ticket cache to login as admin:
self.ccache = paths.TMP_KRB5CC % os.getuid()
self.conn.connect(ccache='FILE:%s' % self.ccache)
(ipatests/test_ipaserver/test_ldap.py:test_GSSAPI)
has two drawbacks:
1. It would never work if directory manager has different password than
admin
2. It does not work anyway, because kerberos is configured to store the
cache not in the
FILE:/tmp/krb5cc_%{uid}file (as the test expects), but rather in
KEYRING:persistent:%{uid}:%{gid}
Thank you in advance.
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
More information about the Freeipa-devel
mailing list