def init():
ecloud_db_pool = pools.Pool(
get_conn(CONF.database.db_local),
max_idle_connections=CONF.database.max_idle_connections,
max_recycle_sec=CONF.database.max_recycle_sec)
__DB_POOLS[LOCAL_DB] = ecloud_db_pool
common_db_pool = pools.Pool(
get_conn(CONF.database.db_global),
max_idle_connections=CONF.database.max_idle_connections,
max_recycle_sec=CONF.database.max_recycle_sec)
__DB_POOLS[COMMON_DB] = common_db_pool
nova_db_pool = pools.Pool(
get_conn(CONF.database.db_nova),
max_idle_connections=CONF.database.max_idle_connections,
max_recycle_sec=CONF.database.max_recycle_sec)
__DB_POOLS[NOVA_DB] = nova_db_pool
cinder_db_pool = pools.Pool(
get_conn(CONF.database.db_cinder),
max_idle_connections=CONF.database.max_idle_connections,
max_recycle_sec=CONF.database.max_recycle_sec)
__DB_POOLS[CINDER_DB] = cinder_db_pool
keystone_db_pool = pools.Pool(
get_conn(CONF.database.db_keystone),
max_idle_connections=CONF.database.max_idle_connections,
max_recycle_sec=CONF.database.max_recycle_sec)
__DB_POOLS[KEYSTONE_DB] = keystone_db_pool
glance_db_pool = pools.Pool(
get_conn(CONF.database.db_glance),
max_idle_connections=CONF.database.max_idle_connections,
max_recycle_sec=CONF.database.max_recycle_sec)
__DB_POOLS[GLANCE_DB] = glance_db_pool
neutron_db_pool = pools.Pool(
get_conn(CONF.database.db_neutron),
max_idle_connections=CONF.database.max_idle_connections,
max_recycle_sec=CONF.database.max_recycle_sec)
__DB_POOLS[NEUTRON_DB] = neutron_db_pool
redis_conn = get_conn(CONF.database.db_redis)
redis_db_pool = redis.ConnectionPool(host=redis_conn['host'],
port=redis_conn['port'],
db=redis_conn['db'])
__DB_POOLS[REDIS_DB] = redis_db_pool
if CONF.ldap.enable:
au = "CN=%s,%s" % (CONF.ldap.auth_user, CONF.ldap.base_dn)
url = "ldap://%s:389" % CONF.ldap.auth_domain
e_ldap_pool = ldappool.ConnectionManager(url,
au,
CONF.ldap.auth_pass,
use_pool=True,
size=2)
__DB_POOLS[E_LDAP] = e_ldap_pool
def test_pool_full(self):
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
pool = ldappool.ConnectionManager('ldap://localhost',
dn,
passwd,
size=1,
retry_delay=1.,
retry_max=5,
use_pool=True)
class Worker(threading.Thread):
def __init__(self, pool, duration):
threading.Thread.__init__(self)
self.pool = pool
self.duration = duration
def run(self):
with self.pool.connection() as conn: # NOQA
time.sleep(self.duration)
def tryit():
time.sleep(0.1)
with pool.connection() as conn: # NOQA
pass
# an attempt on a full pool should eventually work
# because the connector is reused
for i in range(10):
tryit()
# we have 1 non-active connector now
self.assertEqual(len(pool), 1)
# an attempt with a full pool should succeed if a
# slot gets freed in less than one second.
worker1 = Worker(pool, .4)
worker1.start()
try:
tryit()
finally:
worker1.join()
# an attempt with a full pool should fail
# if no slot gets freed in less than one second.
worker1 = Worker(pool, 1.1)
worker1.start()
try:
self.assertRaises(ldappool.MaxConnectionReachedError, tryit)
finally:
worker1.join()
# we still have one active connector
self.assertEqual(len(pool), 1)
def test_tls_connection(self):
uri = ''
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
cm = ldappool.ConnectionManager(uri,
dn,
passwd,
use_pool=True,
size=2,
use_tls=True)
with cm.connection():
pass
def test_pool_reuse(self):
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
pool = ldappool.ConnectionManager('ldap://localhost',
dn,
passwd,
use_pool=True)
with pool.connection() as conn:
self.assertTrue(conn.active)
self.assertFalse(conn.active)
self.assertTrue(conn.connected)
with pool.connection() as conn2:
pass
self.assertTrue(conn is conn2)
with pool.connection() as conn:
conn.connected = False
with pool.connection() as conn2:
pass
self.assertTrue(conn is not conn2)
# same bind and password: reuse
with pool.connection('bind', 'passwd') as conn:
self.assertTrue(conn.active)
self.assertFalse(conn.active)
self.assertTrue(conn.connected)
with pool.connection('bind', 'passwd') as conn2:
pass
self.assertTrue(conn is conn2)
# same bind different password: rebind !
with pool.connection('bind', 'passwd') as conn:
self.assertTrue(conn.active)
self.assertFalse(conn.active)
self.assertTrue(conn.connected)
with pool.connection('bind', 'passwd2') as conn2:
pass
self.assertTrue(conn is conn2)
def test_pool(self):
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
pool = ldappool.ConnectionManager('ldap://localhost', dn, passwd)
workers = [LDAPWorker(pool) for i in range(10)]
for worker in workers:
worker.start()
for worker in workers:
worker.join()
self.assertEqual(len(worker.results), 10)
cn = worker.results[0][0][1]['cn']
self.assertEqual(cn, ['admin'])
def test_connection(self):
uri = ''
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
self.assertEqual(len(cm), 0)
with cm.connection('dn', 'pass'):
self.assertEqual(len(cm), 1)
# if we ask a new one the pool will grow
with cm.connection('dn', 'pass'):
self.assertEqual(len(cm), 2)
# every connector is marked active
self.assertTrue(cm._pool[0].active)
self.assertTrue(cm._pool[1].active)
# if we ask a new one the pool is full
try:
with cm.connection('dn', 'pass'):
pass
except ldappool.MaxConnectionReachedError:
pass
else:
raise AssertionError()
# down to one active
self.assertFalse(cm._pool[1].active)
self.assertTrue(cm._pool[0].active)
# if we ask a new one the pool is full
# but we get the inactive one
with cm.connection('dn', 'pass'):
self.assertEqual(len(cm), 2)
self.assertFalse(cm._pool[1].active)
self.assertTrue(cm._pool[0].active)
# if we ask a new one the pool is full
# but we get the inactive one, and rebind it
with cm.connection('dn2', 'pass'):
self.assertEqual(len(cm), 2)
# the pool is still 2
self.assertEqual(len(cm), 2)
# every connector is marked inactive
self.assertFalse(cm._pool[0].active)
self.assertFalse(cm._pool[1].active)
def test_pool_cleanup(self):
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
pool = ldappool.ConnectionManager('ldap://localhost',
dn,
passwd,
size=1,
use_pool=True)
with pool.connection('bind1') as conn: # NOQA
pass
with pool.connection('bind2') as conn: # NOQA
pass
# the second call should have removed the first conn
self.assertEqual(len(pool), 1)
def test_simple_bind_fails(self):
unbinds = []
def _unbind(self):
unbinds.append(1)
# the binding fails with an LDAPError
ldappool.StateConnector.simple_bind_s = _bind_fails2
ldappool.StateConnector.unbind_s = _unbind
uri = ''
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
self.assertEqual(len(cm), 0)
try:
with cm.connection('dn', 'pass'):
pass
except ldap.SERVER_DOWN:
pass
else:
raise AssertionError()
User = collections.namedtuple(
'User', ('dn', 'uid', 'givenName', 'sn', 'userPassword', 'mail', 'mobile',
'createTimestamp', 'modifyTimestamp'))
Group = collections.namedtuple(
'Group', ('dn', 'cn', 'description', 'createTimestamp', 'modifyTimestamp'))
class Connector(ldappool.StateConnector, ldap.resiter.ResultProcessor):
def __init__(self, *args, **kwargs):
ldappool.StateConnector.__init__(self, *args, **kwargs)
self.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
self.set_option(ldap.OPT_DEREF, ldap.DEREF_ALWAYS)
pool = ldappool.ConnectionManager(app.config['LDAP_URI'],
connector_cls=Connector)
class AppUser(User, UserMixin):
pass
@login_manager.request_loader
def load_user(req):
auth = req.authorization
if not auth or not auth.password:
return None
uid = escape_dn_chars(auth.username)
bind_dn = app.config['BIND_DN']
bind_pw = app.config['BIND_PW']
with pool.connection(bind_dn, bind_pw) as conn:
# ldap_authuser='******'
# ldap_authpass='******'
# domainname='ecloud'
# ldappath='ldap://10.10.3.252:389'
baseDN = 'CN=Users,DC=ecloud,DC=com' # ldap_authuser在连接到LDAP的时候不会用到baseDN,在验证其他用户的时候才需要使用
# # username = '******' #要查找/验证的用户
#
# p=ldapc(ldappath,baseDN,domainname,ldap_authuser,ldap_authpass)
#
# print p.search_OU()
# print p.valid_user('test','password') #调用valid_user()方法验证用户是否为合法用户
uri = 'ldap://10.10.3.252:389'
dn = '%s\%s' % ("ecloud", "admin")
passwd = '_123qweasd'
cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
searchScope = ldap.SCOPE_SUBTREE
# searchFiltername = "sAMAccountName" #通过samaccountname查找用户
retrieveAttributes = ['sAMAccountName']
searchFilter = '(&(objectClass=person))'
with cm.connection() as conn:
ldap_result = conn.search_s(baseDN, searchScope, searchFilter,
retrieveAttributes)
if ldap_result is not None:
udict = {}
usersinfor = []
for pinfor in ldap_result:
# pinfor是一个tuple,第一个元素是该用户的CN,第二个元素是一个dict,包含有用户的所有属性
if pinfor[1]:
p = pinfor[1]
def test_ctor_args(self):
pool = ldappool.ConnectionManager('ldap://localhost', use_tls=True)
self.assertEqual(pool.use_tls, True)
related to the request userid exists."""
def effective_principals(self, request):
""" Return a sequence representing the effective principals
including the userid and any groups belonged to by the current
user, including 'system' groups such as
``pyramid.security.Everyone`` and
``pyramid.security.Authenticated``. """
def callback(self, username, request):
pass
import ldap
import ldappool
cm = ldappool.ConnectionManager('ldap://ldap.iplantcollaborative.org')
class _Decoder(object):
"""
Stolen from django-auth-ldap.
Encodes and decodes strings in a nested structure of lists, tuples, and
dicts. This is helpful when interacting with the Unicode-unaware
python-ldap.
"""
ldap = ldap
def __init__(self, encoding='utf-8'):
self.encoding = encoding
