Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ldap2: use LDAP whoami operation to retrieve bind DN for current connection #637

Closed
wants to merge 1 commit into from
Closed

ldap2: use LDAP whoami operation to retrieve bind DN for current connection #637

wants to merge 1 commit into from

Conversation

abbra
Copy link
Contributor

@abbra abbra commented Mar 22, 2017
edited by martbab

For external users which are mapped to some DN in LDAP server, we
wouldn't neccesary be able to find a kerberos data in their LDAP entry.
Instead of searching for Kerberos principal use actual DN we are bound
to because for get_effective_rights LDAP control we only need the DN
itself.

Fixes https://pagure.io/freeipa/issue/6797

martbab
martbab suggested changes Mar 22, 2017
View reviewed changes
ipaserver/plugins/ldap2.py Outdated
bind_dn = self.conn.whoami_s()[4:]
finally:
if bind_dn is None:
return None
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need a try:..finally block here? I would rather do bind_dn = self.conn.whoami_s()[4:] and let the exception propagate to the callers if something bad happens. Or you may catch it and re-raise some public and more descriptive error.

@martbab
Copy link
Contributor

martbab commented Mar 22, 2017

LGTM but lint has some complains probably related to my in-line comment.

@pvomacka
Copy link

Hi @abbra, thank you for patch, works for me.

@pvomacka pvomacka self-requested a review March 22, 2017 11:50
@abbra
ldap2: use LDAP whoami operation to retrieve bind DN for current conn…
3f92253 
…ection

For external users which are mapped to some DN in LDAP server, we
wouldn't neccesary be able to find a kerberos data in their LDAP entry.
Instead of searching for Kerberos principal use actual DN we are bound
to because for get_effective_rights LDAP control we only need the DN
itself.

Fixes https://pagure.io/freeipa/issue/6797
@abbra
Copy link
Contributor Author

abbra commented Mar 22, 2017

Removed try: finally: block, I agree that it is better to propagate error up the stack.

@martbab martbab added ack Pull Request approved, can be merged pushed Pull Request has already been pushed labels Mar 22, 2017
@martbab
Copy link
Contributor

martbab commented Mar 22, 2017

ipa-4-5:

  • 7d48fb8 ldap2: use LDAP whoami operation to retrieve bind DN for current connection
    master:

  • 7324451 ldap2: use LDAP whoami operation to retrieve bind DN for current connection

@martbab martbab closed this Mar 22, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martbab martbab martbab approved these changes

@pvomacka pvomacka Awaiting requested review from pvomacka

Assignees
No one assigned
Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
3 participants
@abbra @martbab @pvomacka