+userdir-ldap (0.3.32) unstable; urgency=low
+
+ * Do SSL when connecting to the ldap server.
+
+ -- Peter Palfrader <weasel@debian.org> Fri, 23 May 2008 23:50:03 +0200
+
userdir-ldap (0.3.31) unstable; urgency=low
[ Joerg Jaspert ]
ErrType = EX_TEMPFAIL;
ErrMsg = "An error occured while performing the LDAP lookup";
global l;
- l = ldap.open(LDAPServer);
+ l = connectLDAP(LDAPServer);
l.simple_bind_s("","");
# Search for the matching key fingerprint
ErrType = EX_TEMPFAIL;
ErrMsg = "An error occurred while performing the LDAP lookup:";
global l;
- l = ldap.open(LDAPServer);
+ l = connectLDAP(LDAPServer);
l.simple_bind_s("","");
# Search for the matching key fingerprint
sys.exit(0)
# Main program starts here
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
List = open(arguments[1],"r");
Set = [];
ErrType = EX_TEMPFAIL;
ErrMsg = "An error occured while performing the LDAP lookup";
global l;
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
if Debug == None:
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
AccessPass = F.readline().strip().split(" ")
Args = Args + GPGSearchOptions + [" 2> /dev/null"]
Keys = os.popen(" ".join(Args),"r")
-l = ldap.open(LDAPServer);
-l.simple_bind_s("","");
+l = connectLDAP()
# Fetch the key list and map to email address
PasswdAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyfingerprint=*",\
shutil.copy(k, OutDir)
# Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
Pass = F.readline().strip().split(" ")
F.close();
# Connect to the ldap server
if NoAct == 0:
- l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+ l = passwdAccessLDAP(BaseDn, AdminUser)
else:
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
l.simple_bind_s("","");
# Download the existing key list and put it into a map
if (switch == '-u'):
AdminUser = val;
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
while 1:
Group = raw_input("Group name? ");
FingerPrints = 1
if (BindUser != ""):
- l = passwdAccessLDAP(LDAPServer, BaseDn, BindUser)
+ l = passwdAccessLDAP(BaseDn, BindUser)
else:
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
l.simple_bind_s("","")
if ListMode == 1:
Password = getpass(BindUser + "'s password: ");
# Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
UserDn = "uid=" + BindUser + "," + BaseDn;
if (BindUser != ""):
l.simple_bind_s(UserDn,Password);
print "Connecting to LDAP directory";
# Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
l.simple_bind_s("","");
if arguments[0] == "nokey":
Result = Result + Res + "\n";
# Connect to the ldap server
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
AccessPass = F.readline().strip().split(" ")
F.close();
Reply = Reply + TemplateSubst(Subst,open(TemplatesDir+"passwd-changed","r").read());
# Connect to the ldap server
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
AccessPass = F.readline().strip().split(" ")
F.close();
ErrType = EX_TEMPFAIL;
ErrMsg = "An error occured while performing the LDAP lookup";
global l;
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
l.simple_bind_s("","");
# Search for the matching key fingerprint
print "mismatch",Split[0],Miss;
# Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
l.simple_bind_s("","");
PassCheck(l,sys.argv[1],sys.argv[2]);
if (switch == '-u'):
AdminUser = val
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
while 1:
account = raw_input("Who are you going to add? ")
elif (switch == '-n'):
NoAutomaticIDs = 1;
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
# Locate the key of the user we are adding
SetKeyrings(ConfModule.add_keyrings.split(":"))
# Main program starts here
# Connect to the ldap server
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
if (Passwd != ""):
DoPasswd(l,Passwd);
Anon = 1;
# Connect to the ldap server
-l = passwdAccessLDAP(LDAPServer, BaseDn, User)
+l = passwdAccessLDAP(BaseDn, User)
Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"latitude=*",\
["uid","cn","mn","sn","latitude","longitude"]);
# Basic LDAP configuration
ldaphost = "db.debian.org";
+usessl = True;
basedn = "ou=users,dc=debian,dc=org";
hostbasedn = "ou=hosts,dc=debian,dc=org";
adminuser = "admin";
MultipleSSHFiles = getattr(ConfModule, 'multiplesshfiles', False)
SingleSSHFile = getattr(ConfModule, 'singlesshfile', True)
+try:
+ UseSSL = ConfModule.usessl;
+except AttributeError:
+ UseSSL = False;
+
# Break up the keyring list
userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))
Result = Result + "%s: %s\n" % (x,i);
return Result[:-1];
+def connectLDAP(server = None):
+ if server == None:
+ global LDAPServer
+ server = LDAPServer
+ l = ldap.open(server);
+ global UseSSL
+ if UseSSL:
+ l.start_tls_s();
+ return l;
+
# Function to prompt for a password
def getpass(prompt = "Password: "):
import termios, sys;
print;
return passwd;
-def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser):
+def passwdAccessLDAP(BaseDn, AdminUser):
"""
Ask for the AdminUser's password and connect to the LDAP server.
Returns the connection handle.
if len(Password) == 0:
sys.exit(0)
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
UserDn = "uid=" + AdminUser + "," + BaseDn;
# Connect to the ldap server