|
 |
ac7d03 |
From fe7778b52ac9bacbedceec641ccb41d5f79f131c Mon Sep 17 00:00:00 2001
|
|
|
ac7d03 |
From: Tomas Krizek <tkrizek@redhat.com>
|
|
|
ac7d03 |
Date: Wed, 3 May 2017 10:01:09 +0200
|
|
|
ac7d03 |
Subject: [PATCH] installutils: add DM password validator
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Add a validator that checks whether provided Directory Manager
|
|
|
ac7d03 |
is valid by attempting to connect to LDAP.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Related https://pagure.io/freeipa/issue/6892
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
|
|
|
ac7d03 |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
ac7d03 |
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
|
|
ac7d03 |
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
|
|
ac7d03 |
---
|
|
|
ac7d03 |
ipaserver/install/installutils.py | 16 ++++++++++++++++
|
|
|
ac7d03 |
1 file changed, 16 insertions(+)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
|
|
|
ac7d03 |
index 9230e70056b1a773246a0d95e6ecb943cada953c..b6f01489ccc65dcbc360929e0a7b315b074df8ce 100644
|
|
|
ac7d03 |
--- a/ipaserver/install/installutils.py
|
|
|
ac7d03 |
+++ b/ipaserver/install/installutils.py
|
|
|
ac7d03 |
@@ -50,6 +50,7 @@ import ipaplatform
|
|
|
ac7d03 |
from ipapython import ipautil, admintool, version
|
|
|
ac7d03 |
from ipapython.admintool import ScriptError
|
|
|
ac7d03 |
from ipapython.ipa_log_manager import root_logger
|
|
|
ac7d03 |
+from ipapython.ipaldap import DIRMAN_DN, LDAPClient
|
|
|
ac7d03 |
from ipalib.util import validate_hostname
|
|
|
ac7d03 |
from ipalib import api, errors, x509
|
|
|
ac7d03 |
from ipapython.dn import DN
|
|
|
ac7d03 |
@@ -329,6 +330,21 @@ def _read_password_default_validator(password):
|
|
|
ac7d03 |
if len(password) < 8:
|
|
|
ac7d03 |
raise ValueError("Password must be at least 8 characters long")
|
|
|
ac7d03 |
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+def validate_dm_password_ldap(password):
|
|
|
ac7d03 |
+ """
|
|
|
ac7d03 |
+ Validate DM password by attempting to connect to LDAP. api.env has to
|
|
|
ac7d03 |
+ contain valid ldap_uri.
|
|
|
ac7d03 |
+ """
|
|
|
ac7d03 |
+ client = LDAPClient(api.env.ldap_uri, cacert=paths.IPA_CA_CRT)
|
|
|
ac7d03 |
+ try:
|
|
|
ac7d03 |
+ client.simple_bind(DIRMAN_DN, password)
|
|
|
ac7d03 |
+ except errors.ACIError:
|
|
|
ac7d03 |
+ raise ValueError("Invalid Directory Manager password")
|
|
|
ac7d03 |
+ else:
|
|
|
ac7d03 |
+ client.unbind()
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
def read_password(user, confirm=True, validate=True, retry=True, validator=_read_password_default_validator):
|
|
|
ac7d03 |
correct = False
|
|
|
ac7d03 |
pwd = None
|
|
|
ac7d03 |
--
|
|
|
ac7d03 |
2.9.4
|
|
|
ac7d03 |
|