... |
... |
@@ -37,7 +37,6 @@ import apt_pkg |
37
|
37
|
import re
|
38
|
38
|
import email as modemail
|
39
|
39
|
import subprocess
|
40
|
|
-import ldap
|
41
|
40
|
import errno
|
42
|
41
|
import functools
|
43
|
42
|
import six
|
... |
... |
@@ -773,13 +772,32 @@ def gpg_get_key_addresses(fingerprint): |
773
|
772
|
################################################################################
|
774
|
773
|
|
775
|
774
|
|
776
|
|
-def get_logins_from_ldap(fingerprint='*'):
|
777
|
|
- """retrieve login from LDAP linked to a given fingerprint"""
|
|
775
|
+def open_ldap_connection():
|
|
776
|
+ """open connection to the configured LDAP server"""
|
|
777
|
+ import ldap
|
|
778
|
+
|
|
779
|
+ LDAPDn = Cnf["Import-LDAP-Fingerprints::LDAPDn"]
|
|
780
|
+ LDAPServer = Cnf["Import-LDAP-Fingerprints::LDAPServer"]
|
|
781
|
+ ca_cert_file = Cnf.get('Import-LDAP-Fingerprints::CACertFile')
|
778
|
782
|
|
779
|
|
- LDAPDn = Cnf['Import-LDAP-Fingerprints::LDAPDn']
|
780
|
|
- LDAPServer = Cnf['Import-LDAP-Fingerprints::LDAPServer']
|
781
|
783
|
l = ldap.initialize(LDAPServer)
|
782
|
|
- l.simple_bind_s('', '')
|
|
784
|
+
|
|
785
|
+ if ca_cert_file:
|
|
786
|
+ l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_HARD)
|
|
787
|
+ l.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_cert_file)
|
|
788
|
+ l.set_option(ldap.OPT_X_TLS_NEWCTX, True)
|
|
789
|
+ l.start_tls_s()
|
|
790
|
+
|
|
791
|
+ l.simple_bind_s("", "")
|
|
792
|
+
|
|
793
|
+ return l
|
|
794
|
+
|
|
795
|
+################################################################################
|
|
796
|
+
|
|
797
|
+
|
|
798
|
+def get_logins_from_ldap(fingerprint='*'):
|
|
799
|
+ """retrieve login from LDAP linked to a given fingerprint"""
|
|
800
|
+ l = open_ldap_connection()
|
783
|
801
|
Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL,
|
784
|
802
|
'(keyfingerprint=%s)' % fingerprint,
|
785
|
803
|
['uid', 'keyfingerprint'])
|
... |
... |
@@ -795,11 +813,7 @@ def get_logins_from_ldap(fingerprint='*'): |
795
|
813
|
|
796
|
814
|
def get_users_from_ldap():
|
797
|
815
|
"""retrieve login and user names from LDAP"""
|
798
|
|
-
|
799
|
|
- LDAPDn = Cnf['Import-LDAP-Fingerprints::LDAPDn']
|
800
|
|
- LDAPServer = Cnf['Import-LDAP-Fingerprints::LDAPServer']
|
801
|
|
- l = ldap.initialize(LDAPServer)
|
802
|
|
- l.simple_bind_s('', '')
|
|
816
|
+ l = open_ldap_connection()
|
803
|
817
|
Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL,
|
804
|
818
|
'(uid=*)', ['uid', 'cn', 'mn', 'sn'])
|
805
|
819
|
users = {}
|