[Freeipa-devel] bind DN of executing command
Nathaniel McCallum
npmccallum at redhat.com
Tue May 6 13:21:23 UTC 2014
On Tue, 2014-05-06 at 15:56 +0300, Alexander Bokovoy wrote:
> On Mon, 05 May 2014, Rob Crittenden wrote:
> >Sumit Bose wrote:
> >>On Fri, May 02, 2014 at 05:06:06PM -0400, Nathaniel McCallum wrote:
> >>>I need the DN of the user who is running the current command. This may
> >>>be defined as the user who is bound or will bind to execute the LDAP
> >>>commands I have prepared.
> >>>
> >>>Does anyone know how to do this in the FreeIPA api?
> >>
> >>I guess you are looking for
> >>
> >> ipa user-find --whoami
> >
> >If you're doing this in your own plugin, you get the current principal with:
> >
> >getattr(context, 'principal')
> >
> >Using that you can get the DN of that user with a search like this:
> >
> >"(&(objectclass=posixaccount)(krbprincipalname=%s))" %
> >getattr(context, 'principal')
> >
> >We don't currently have a helper for this.
> >
> >This is rather inefficient in user-find as it searches from the
> >basedn rather than the user container for some reason.
> We have whoami plugin enabled by default in 389-ds in FreeIPA. I'd
> rather use that extended operation as it will give you proper response
> from the dirsrv side for the connection.
>
> I verified that it gives you a user's DN even when S4U2Proxy is in use.
The context of this question is now my patch 0048. I'm currently calling
self.api.Command.user_find(whoami=True) (per the first suggestion). Feel
free to make suggestions in that review.
Nathaniel
More information about the Freeipa-devel
mailing list