Univention Bugzilla – Bug 50638
Provide a getSambaConnection() function
Last modified: 2020-07-15 19:12:53 CEST
We have a lot of code redundancy regarding creating a univention.uldap.access() connection which connects to Samba 4. We should add something similar to getMachineConnection(): For example getSambaConnection().
I often use this snippet: import univention.uldap x = {'binddn': None, 'start_tls': 0, 'uri': 'ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldap_priv%2Fldapi', 'base': 'DC=school,DC=dev', 'bindpw': None, 'host': 'localhost', 'ca_certfile': None, 'port': 389} lo = univention.uldap.access(**x)
The connection via ldapi doesn't use machine credentials, which may result in different (less) ACLs taking effect. So that may be comparable to uldap.getAdminConnection(). I guess in AD terms you would be 'System'. Also, ldapi only works on the local system, unlike uldap.getMachineConnection() If we want/need(?) something like this in uldap, then something like getADConnection() would be a better abstraction IMHO, since we probably also would want to use that in the AD-Connector. It would use python-ldap and could default to machine credentials over LDAP+TLS, but would allow other options (LDAPS, LDAPI, GSSAPI). A complementary/separate approach would be to use samba.Ldb (or samba.samdb.SamDB) instead of python-ldap, but I would not want to inject a dependency on python-samba into uldap.