Ansgar pushed to branch master at Debian FTP Team / dak
Commits:
-
7842dab8
by Ansgar at 2020-10-31T15:46:04+01:00
2 changed files:
Changes:
... | ... | @@ -918,22 +918,9 @@ class Keyring(object): |
918 | 918 |
raise GpgException("command failed: %s\nstdout: %s\nstderr: %s\n" % (cmd, out, err))
|
919 | 919 |
|
920 | 920 |
def import_users_from_ldap(self, session):
|
921 |
- import ldap
|
|
921 |
+ from .utils import open_ldap_connection
|
|
922 |
+ l = open_ldap_connection()
|
|
922 | 923 |
cnf = Config()
|
923 |
- |
|
924 |
- LDAPDn = cnf["Import-LDAP-Fingerprints::LDAPDn"]
|
|
925 |
- LDAPServer = cnf["Import-LDAP-Fingerprints::LDAPServer"]
|
|
926 |
- ca_cert_file = cnf.get('Import-LDAP-Fingerprints::CACertFile')
|
|
927 |
- |
|
928 |
- l = ldap.initialize(LDAPServer)
|
|
929 |
- |
|
930 |
- if ca_cert_file:
|
|
931 |
- l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_HARD)
|
|
932 |
- l.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_cert_file)
|
|
933 |
- l.set_option(ldap.OPT_X_TLS_NEWCTX, True)
|
|
934 |
- l.start_tls_s()
|
|
935 |
- |
|
936 |
- l.simple_bind_s("", "")
|
|
937 | 924 |
Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL,
|
938 | 925 |
"(&(keyfingerprint=*)(supplementaryGid=%s))" % (cnf["Import-Users-From-Passwd::ValidGID"]),
|
939 | 926 |
["uid", "keyfingerprint", "cn", "mn", "sn"])
|
... | ... | @@ -37,7 +37,6 @@ import apt_pkg |
37 | 37 |
import re
|
38 | 38 |
import email as modemail
|
39 | 39 |
import subprocess
|
40 |
-import ldap
|
|
41 | 40 |
import errno
|
42 | 41 |
import functools
|
43 | 42 |
import six
|
... | ... | @@ -773,13 +772,32 @@ def gpg_get_key_addresses(fingerprint): |
773 | 772 |
################################################################################
|
774 | 773 |
|
775 | 774 |
|
776 |
-def get_logins_from_ldap(fingerprint='*'):
|
|
777 |
- """retrieve login from LDAP linked to a given fingerprint"""
|
|
775 |
+def open_ldap_connection():
|
|
776 |
+ """open connection to the configured LDAP server"""
|
|
777 |
+ import ldap
|
|
778 |
+ |
|
779 |
+ LDAPDn = Cnf["Import-LDAP-Fingerprints::LDAPDn"]
|
|
780 |
+ LDAPServer = Cnf["Import-LDAP-Fingerprints::LDAPServer"]
|
|
781 |
+ ca_cert_file = Cnf.get('Import-LDAP-Fingerprints::CACertFile')
|
|
778 | 782 |
|
779 |
- LDAPDn = Cnf['Import-LDAP-Fingerprints::LDAPDn']
|
|
780 |
- LDAPServer = Cnf['Import-LDAP-Fingerprints::LDAPServer']
|
|
781 | 783 |
l = ldap.initialize(LDAPServer)
|
782 |
- l.simple_bind_s('', '')
|
|
784 |
+ |
|
785 |
+ if ca_cert_file:
|
|
786 |
+ l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_HARD)
|
|
787 |
+ l.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_cert_file)
|
|
788 |
+ l.set_option(ldap.OPT_X_TLS_NEWCTX, True)
|
|
789 |
+ l.start_tls_s()
|
|
790 |
+ |
|
791 |
+ l.simple_bind_s("", "")
|
|
792 |
+ |
|
793 |
+ return l
|
|
794 |
+ |
|
795 |
+################################################################################
|
|
796 |
+ |
|
797 |
+ |
|
798 |
+def get_logins_from_ldap(fingerprint='*'):
|
|
799 |
+ """retrieve login from LDAP linked to a given fingerprint"""
|
|
800 |
+ l = open_ldap_connection()
|
|
783 | 801 |
Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL,
|
784 | 802 |
'(keyfingerprint=%s)' % fingerprint,
|
785 | 803 |
['uid', 'keyfingerprint'])
|
... | ... | @@ -795,11 +813,7 @@ def get_logins_from_ldap(fingerprint='*'): |
795 | 813 |
|
796 | 814 |
def get_users_from_ldap():
|
797 | 815 |
"""retrieve login and user names from LDAP"""
|
798 |
- |
|
799 |
- LDAPDn = Cnf['Import-LDAP-Fingerprints::LDAPDn']
|
|
800 |
- LDAPServer = Cnf['Import-LDAP-Fingerprints::LDAPServer']
|
|
801 |
- l = ldap.initialize(LDAPServer)
|
|
802 |
- l.simple_bind_s('', '')
|
|
816 |
+ l = open_ldap_connection()
|
|
803 | 817 |
Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL,
|
804 | 818 |
'(uid=*)', ['uid', 'cn', 'mn', 'sn'])
|
805 | 819 |
users = {}
|