Closed jvperrin closed 5 years ago
i'm curious, is there no python library thingy that can manipulate ldap than writing a bunch of custom modify ldap stuffs?
There is, but I haven't found anything that works with Python 3, LDAP, and Heimdal Kerberos all in one package. Plus we already do this for account creation, so I figured using it elsewhere would make sense.
ah, bummer :(
This then allows these functions to be used in user-facing scripts where they have potentially already authenticated with their password and have an existing Kerberos ticket. (like in
update-email
andchsh
, the two remaining python2 scripts we have)I also did a pretty major refactor to use
subprocess
instead ofpexpect
for changing LDAP since ldapmodify can just accept input from stdin instead of needing it to be passed in interactively. I also removed a celery task for modifying LDAP attributes that isn't used anywhere outside of ocflib as far as I could tell with sourcegraph.I tested this manually with
./tests-manual/infra/create-ldap-keytab
and that worked fine, along with manually testing in a console that I could change myloginShell
andmail
attributes without a keytab being passed in.