[Freeipa-devel] bind DN of executing command
Alexander Bokovoy
abokovoy at redhat.com
Tue May 6 12:56:56 UTC 2014
On Mon, 05 May 2014, Rob Crittenden wrote:
>Sumit Bose wrote:
>>On Fri, May 02, 2014 at 05:06:06PM -0400, Nathaniel McCallum wrote:
>>>I need the DN of the user who is running the current command. This may
>>>be defined as the user who is bound or will bind to execute the LDAP
>>>commands I have prepared.
>>>
>>>Does anyone know how to do this in the FreeIPA api?
>>
>>I guess you are looking for
>>
>> ipa user-find --whoami
>
>If you're doing this in your own plugin, you get the current principal with:
>
>getattr(context, 'principal')
>
>Using that you can get the DN of that user with a search like this:
>
>"(&(objectclass=posixaccount)(krbprincipalname=%s))" %
>getattr(context, 'principal')
>
>We don't currently have a helper for this.
>
>This is rather inefficient in user-find as it searches from the
>basedn rather than the user container for some reason.
We have whoami plugin enabled by default in 389-ds in FreeIPA. I'd
rather use that extended operation as it will give you proper response
from the dirsrv side for the connection.
I verified that it gives you a user's DN even when S4U2Proxy is in use.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list