|
|
0b494d |
From 8b315055de462005b6b3a5893f7131eb8ddd2640 Mon Sep 17 00:00:00 2001
|
|
|
0b494d |
From: Fraser Tweedale <ftweedal@redhat.com>
|
|
|
0b494d |
Date: Wed, 19 Jun 2019 19:11:39 +1000
|
|
|
0b494d |
Subject: [PATCH] CustodiaClient: use ldapi when ldap_uri not specified
|
|
|
0b494d |
|
|
|
0b494d |
Reinstate ldap_uri selection behaviour that was lost during the
|
|
|
0b494d |
refactor in the previous commit. This is required because, on the
|
|
|
0b494d |
ipa-4-7 branch at least, the IPASecStore needs to use LDAPI to set
|
|
|
0b494d |
the Directory Manager passphrase digest. Use LDAPI when the
|
|
|
0b494d |
ldap_uri has not been explicity specified.
|
|
|
0b494d |
|
|
|
0b494d |
Part of: https://pagure.io/freeipa/issue/7964
|
|
|
0b494d |
|
|
|
0b494d |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
0b494d |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
0b494d |
---
|
|
|
0b494d |
ipaserver/secrets/client.py | 3 ++-
|
|
|
0b494d |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
0b494d |
|
|
|
0b494d |
diff --git a/ipaserver/secrets/client.py b/ipaserver/secrets/client.py
|
|
|
0b494d |
index 40df6c4e69cd673dd8e3c36fbf33f2cda8544a67..4c03ef8e4140dd507156d88941600a234b71184e 100644
|
|
|
0b494d |
--- a/ipaserver/secrets/client.py
|
|
|
0b494d |
+++ b/ipaserver/secrets/client.py
|
|
|
0b494d |
@@ -13,6 +13,7 @@ from custodia.message.kem import KEMClient, KEY_USAGE_SIG, KEY_USAGE_ENC
|
|
|
0b494d |
from jwcrypto.common import json_decode
|
|
|
0b494d |
from jwcrypto.jwk import JWK
|
|
|
0b494d |
from ipalib.krb_utils import krb5_format_service_principal_name
|
|
|
0b494d |
+from ipaserver.install.installutils import realm_to_ldapi_uri
|
|
|
0b494d |
from ipaserver.secrets.kem import IPAKEMKeys
|
|
|
0b494d |
from ipaserver.secrets.store import IPASecStore
|
|
|
0b494d |
from ipaplatform.paths import paths
|
|
|
0b494d |
@@ -46,7 +47,7 @@ class CustodiaClient(object):
|
|
|
0b494d |
self.keytab = keytab
|
|
|
0b494d |
self.server = server
|
|
|
0b494d |
self.realm = realm
|
|
|
0b494d |
- self.ldap_uri = ldap_uri
|
|
|
0b494d |
+ self.ldap_uri = ldap_uri or realm_to_ldapi_uri(realm)
|
|
|
0b494d |
self.auth_type = auth_type
|
|
|
0b494d |
self.service_name = gssapi.Name(
|
|
|
0b494d |
'HTTP@{}'.format(server), gssapi.NameType.hostbased_service
|
|
|
0b494d |
--
|
|
|
0b494d |
2.20.1
|
|
|
0b494d |
|