##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
ldap: enable connection recycling on LDAP plugin.
marcink -
r2575:e09d5d1b default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -22,10 +22,11 b''
22 22 RhodeCode authentication plugin for LDAP
23 23 """
24 24
25
25 import re
26 26 import colander
27 27 import logging
28 28 import traceback
29 import string
29 30
30 31 from rhodecode.translation import _
31 32 from rhodecode.authentication.base import (
@@ -50,6 +51,9 b' except ImportError:'
50 51 ldap = Missing
51 52
52 53
54 class LdapError(Exception):
55 pass
56
53 57 def plugin_factory(plugin_id, *args, **kwds):
54 58 """
55 59 Factory function that is called during plugin discovery.
@@ -226,9 +230,10 b' class AuthLdap(object):'
226 230 self.BASE_DN = safe_str(base_dn)
227 231 self.LDAP_FILTER = safe_str(ldap_filter)
228 232
229 def _get_ldap_server(self):
233 def _get_ldap_conn(self):
230 234 if self.debug:
231 235 ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
236
232 237 if hasattr(ldap, 'OPT_X_TLS_CACERTDIR'):
233 238 ldap.set_option(ldap.OPT_X_TLS_CACERTDIR,
234 239 '/etc/openldap/cacerts')
@@ -239,21 +244,23 b' class AuthLdap(object):'
239 244
240 245 if self.TLS_KIND != 'PLAIN':
241 246 ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT)
242 server = ldap.initialize(self.LDAP_SERVER)
247
248 log.debug('initializing LDAP connection to:%s', self.LDAP_SERVER)
249 ldap_conn = ldap.initialize(self.LDAP_SERVER)
243 250 if self.ldap_version == 2:
244 server.protocol = ldap.VERSION2
251 ldap_conn.protocol = ldap.VERSION2
245 252 else:
246 server.protocol = ldap.VERSION3
253 ldap_conn.protocol = ldap.VERSION3
247 254
248 255 if self.TLS_KIND == 'START_TLS':
249 server.start_tls_s()
256 ldap_conn.start_tls_s()
250 257
251 258 if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
252 259 log.debug('Trying simple_bind with password and given login DN: %s',
253 260 self.LDAP_BIND_DN)
254 server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
261 ldap_conn.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
255 262
256 return server
263 return ldap_conn
257 264
258 265 def get_uid(self, username):
259 266 uid = username
@@ -295,13 +302,14 b' class AuthLdap(object):'
295 302 if "," in username:
296 303 raise LdapUsernameError(
297 304 "invalid character `,` in username: `{}`".format(username))
305 ldap_conn = None
298 306 try:
299 server = self._get_ldap_server()
307 ldap_conn = self._get_ldap_conn()
300 308 filter_ = '(&%s(%s=%s))' % (
301 309 self.LDAP_FILTER, self.attr_login, username)
302 310 log.debug("Authenticating %r filter %s at %s", self.BASE_DN,
303 311 filter_, self.LDAP_SERVER)
304 lobjects = server.search_ext_s(
312 lobjects = ldap_conn.search_ext_s(
305 313 self.BASE_DN, self.SEARCH_SCOPE, filter_)
306 314
307 315 if not lobjects:
@@ -315,7 +323,7 b' class AuthLdap(object):'
315 323 continue
316 324
317 325 user_attrs = self.fetch_attrs_from_simple_bind(
318 server, dn, username, password)
326 ldap_conn, dn, username, password)
319 327 if user_attrs:
320 328 break
321 329
@@ -333,6 +341,15 b' class AuthLdap(object):'
333 341 raise LdapConnectionError(
334 342 "LDAP can't access authentication "
335 343 "server, org_exc:%s" % org_exc)
344 finally:
345 if ldap_conn:
346 log.debug('ldap: connection release')
347 try:
348 ldap_conn.unbind_s()
349 except Exception:
350 # for any reason this can raise exception we must catch it
351 # to not crush the server
352 pass
336 353
337 354 return dn, user_attrs
338 355
General Comments 0
You need to be logged in to leave comments. Login now