Simplify sasl code
authorDavid Bartley <dtbartle@csclub.uwaterloo.ca>
Thu, 6 Dec 2007 07:04:43 +0000 (02:04 -0500)
committerDavid Bartley <dtbartle@csclub.uwaterloo.ca>
Thu, 6 Dec 2007 07:04:43 +0000 (02:04 -0500)
pylib/csc/adm/accounts.py
pylib/csc/adm/members.py
pylib/csc/backends/ldapi.py

index b1c610b..f2a85e5 100644 (file)
@@ -24,7 +24,7 @@ def configure():
             'club_group', 'admin_shell', 'admin_home', 'admin_desc',
             'admin_group', 'group_desc', 'username_regex', 'groupname_regex',
             'shells_file', 'server_url', 'users_base', 'groups_base',
-            'sasl_mech', 'sasl_realm', 'admin_bind_keytab', 'admin_bind_dn',
+            'sasl_mech', 'sasl_realm', 'admin_bind_keytab',
             'admin_bind_userid', 'realm', 'admin_principal', 'admin_keytab' ]
     numeric_fields = [ 'member_min_id', 'member_max_id', 'club_min_id',
             'club_max_id', 'admin_min_id', 'admin_max_id', 'group_min_id',
@@ -92,8 +92,8 @@ def connect():
     configure()
 
     # connect to the LDAP server
-    ldap_connection.connect_sasl(cfg['server_url'], cfg['admin_bind_dn'],
-        cfg['sasl_mech'], cfg['sasl_realm'], cfg['admin_bind_userid'],
+    ldap_connection.connect_sasl(cfg['server_url'], cfg['sasl_mech'],
+        cfg['sasl_realm'], cfg['admin_bind_userid'],
         ('keytab', cfg['admin_bind_keytab']), cfg['users_base'],
         cfg['groups_base'])
 
index 0c1821f..be95c7a 100644 (file)
@@ -26,8 +26,8 @@ def load_configuration():
     """Load Members Configuration"""
 
     string_fields = [ 'realname_regex', 'server_url', 'users_base',
-            'groups_base', 'sasl_mech', 'sasl_realm', 'admin_bind_dn',
-            'admin_bind_keytab', 'admin_bind_userid' ]
+            'groups_base', 'sasl_mech', 'sasl_realm', 'admin_bind_keytab',
+            'admin_bind_userid' ]
 
     # read configuration file
     cfg_tmp = conf.read(CONFIG_FILE)
@@ -79,8 +79,8 @@ def connect():
     """Connect to LDAP."""
 
     load_configuration()
-    ldap_connection.connect_sasl(cfg['server_url'], cfg['admin_bind_dn'],
-        cfg['sasl_mech'], cfg['sasl_realm'], cfg['admin_bind_userid'],
+    ldap_connection.connect_sasl(cfg['server_url'], cfg['sasl_mech'],
+        cfg['sasl_realm'], cfg['admin_bind_userid'],
         ('keytab', cfg['admin_bind_keytab']), cfg['users_base'],
         cfg['groups_base'])
 
index 916fd67..65651f0 100644 (file)
@@ -67,14 +67,14 @@ class LDAPConnection(object):
         self.user_base = user_base
         self.group_base = group_base
 
-    def connect_sasl(self, uri, bind_dn, mech, realm, userid, password, user_base, group_base):
+    def connect_sasl(self, uri, mech, realm, userid, password, user_base, group_base):
 
         # open the connection
         self.ldap = ldap.initialize(uri)
 
         # authenticate
         sasl = Sasl(mech, realm, userid, password)
-        self.ldap.sasl_interactive_bind_s(bind_dn, sasl)
+        self.ldap.sasl_interactive_bind_s('', sasl)
 
         self.user_base = user_base
         self.group_base = group_base
@@ -665,13 +665,8 @@ class LDAPConnection(object):
 
 class Sasl:
 
-    CB_USER = 0x4001
-    bind_dn = 'dn:uid=%s,cn=%s,cn=%s,cn=auth'
-
     def __init__(self, mech, realm, userid, password):
         self.mech = mech
-        self.bind_dn = self.bind_dn % (userid, realm, mech)
-
         if mech == 'GSSAPI':
             type, arg = password
             kinit_args = [ '/usr/bin/kinit', '%s@%s' % (userid, realm) ]
@@ -682,10 +677,7 @@ class Sasl:
             kinit.wait()
 
     def callback(self, id, challenge, prompt, defresult):
-        if id == self.CB_USER:
-            return self.bind_dn
-        else:
-            return None
+        return ''
 
 
 ### Tests ###