Hi all,
We're using two ldap servers (master and slave) for our accounts, so I wrote a patch for cobbler to accept multiple servers separated by spaces, like ldap_server: "ldap1.example.com ldap2.example.com".
I'd love to hear from other people using ldap for authentication what you're thoughts are about this.
diff --git a/cobbler/modules/authn_ldap.py b/cobbler/modules/authn_ldap.py index d30e87d..e4313e0 100644 --- a/cobbler/modules/authn_ldap.py +++ b/cobbler/modules/authn_ldap.py @@ -59,13 +59,24 @@ def authenticate(api_handle,username,password): anon_bind = api_handle.settings().ldap_anonymous_bind prefix = api_handle.settings().ldap_search_prefix
- # form our ldap uri based on connection port - if port == '389': - uri = 'ldap://' + server - elif port == '636': - uri = 'ldaps://' + server + # allow multiple servers split by a space + if server.find(" "): + servers = server.split() else: - uri = 'ldap://' + "%s:%s" % (server,port) + servers = [server] + + uri = "" + for server in servers: + # form our ldap uri based on connection port + if port == '389': + uri += 'ldap://' + server + elif port == '636': + uri += 'ldaps://' + server + else: + uri += 'ldap://' + "%s:%s" % (server,port) + uri += ' ' + + uri = uri.strip()
# connect to LDAP host dir = ldap.initialize(uri)
Ruben Kerkhof wrote:
Hi all,
We're using two ldap servers (master and slave) for our accounts, so I wrote a patch for cobbler to accept multiple servers separated by spaces, like ldap_server: "ldap1.example.com ldap2.example.com".
I'd love to hear from other people using ldap for authentication what you're thoughts are about this.
diff --git a/cobbler/modules/authn_ldap.py b/cobbler/modules/authn_ldap.py index d30e87d..e4313e0 100644 --- a/cobbler/modules/authn_ldap.py +++ b/cobbler/modules/authn_ldap.py @@ -59,13 +59,24 @@ def authenticate(api_handle,username,password): anon_bind = api_handle.settings().ldap_anonymous_bind prefix = api_handle.settings().ldap_search_prefix
- # form our ldap uri based on connection port
- if port == '389':
uri = 'ldap://' + server
- elif port == '636':
uri = 'ldaps://' + server
- # allow multiple servers split by a space
- if server.find(" "):
else:servers = server.split()
uri = 'ldap://' + "%s:%s" % (server,port)
servers = [server]
uri = ""
for server in servers:
# form our ldap uri based on connection port
if port == '389':
uri += 'ldap://' + server
elif port == '636':
uri += 'ldaps://' + server
else:
uri += 'ldap://' + "%s:%s" % (server,port)
uri += ' '
uri = uri.strip()
# connect to LDAP host dir = ldap.initialize(uri)
I've applied this to devel, thanks -- if anyone has further comments, please share.
I've also updated https://fedorahosted.org/cobbler/wiki/CobblerWithLdap to mention this feature.
--Michael
On Nov 18, 2008, at 8:19 PM, Michael DeHaan wrote:
I've applied this to devel, thanks -- if anyone has further comments, please share.
I've also updated https://fedorahosted.org/cobbler/wiki/ CobblerWithLdap to mention this feature.
--Michael
Great, thanks Michael!
Regards, Ruben
cobbler@lists.fedorahosted.org