def test_pool_cleanup(self):
        dn = "uid=adminuser,ou=logins,dc=mozilla"
        passwd = "adminuser"
        pool = ConnectionManager("ldap://localhost", dn, passwd, size=1, use_pool=True)
        with pool.connection("bind1") as conn:  # NOQA
            pass

        with pool.connection("bind2") as conn:  # NOQA

            pass

        # the second call should have removed the first conn
        self.assertEqual(len(pool), 1)
Beispiel #2
0
    def test_pool_cleanup(self):
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        pool = ConnectionManager('ldap://localhost', dn, passwd, size=1,
                                 use_pool=True)
        with pool.connection('bind1') as conn:  # NOQA
            pass

        with pool.connection('bind2') as conn:  # NOQA

            pass

        # the second call should have removed the first conn
        self.assertEqual(len(pool), 1)
Beispiel #3
0
    def test_pool_reuse(self):
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        pool = ConnectionManager('ldap://localhost', dn, passwd,
                                 use_pool=True)

        with pool.connection() as conn:
            self.assertTrue(conn.active)

        self.assertFalse(conn.active)
        self.assertTrue(conn.connected)

        with pool.connection() as conn2:
            pass

        self.assertTrue(conn is conn2)

        with pool.connection() as conn:
            conn.connected = False

        with pool.connection() as conn2:
            pass

        self.assertTrue(conn is not conn2)

        # same bind and password: reuse
        with pool.connection('bind', 'passwd') as conn:
            self.assertTrue(conn.active)

        self.assertFalse(conn.active)
        self.assertTrue(conn.connected)

        with pool.connection('bind', 'passwd') as conn2:
            pass

        self.assertTrue(conn is conn2)

        # same bind different password: rebind !
        with pool.connection('bind', 'passwd') as conn:
            self.assertTrue(conn.active)

        self.assertFalse(conn.active)
        self.assertTrue(conn.connected)

        with pool.connection('bind', 'passwd2') as conn2:
            pass

        self.assertTrue(conn is conn2)
Beispiel #4
0
 def __init__(self):
     print("DEBUG: LdapPool init")
     self.connection_manager = ConnectionManager(
         uri=settings.LDAP_HOST,
         bind=settings.LDAP_USERNAME,
         passwd=settings.LDAP_PASSWORD,
         timeout=10,
         use_tls=True,
     )
    def test_pool_reuse(self):
        dn = "uid=adminuser,ou=logins,dc=mozilla"
        passwd = "adminuser"
        pool = ConnectionManager("ldap://localhost", dn, passwd, use_pool=True)

        with pool.connection() as conn:
            self.assertTrue(conn.active)

        self.assertFalse(conn.active)
        self.assertTrue(conn.connected)

        with pool.connection() as conn2:
            pass

        self.assertTrue(conn is conn2)

        with pool.connection() as conn:
            conn.connected = False

        with pool.connection() as conn2:
            pass

        self.assertTrue(conn is not conn2)

        # same bind and password: reuse
        with pool.connection("bind", "passwd") as conn:
            self.assertTrue(conn.active)

        self.assertFalse(conn.active)
        self.assertTrue(conn.connected)

        with pool.connection("bind", "passwd") as conn2:
            pass

        self.assertTrue(conn is conn2)

        # same bind different password: rebind !
        with pool.connection("bind", "passwd") as conn:
            self.assertTrue(conn.active)

        self.assertFalse(conn.active)
        self.assertTrue(conn.connected)

        with pool.connection("bind", "passwd2") as conn2:
            pass

        self.assertTrue(conn is conn2)
Beispiel #6
0
    def test_simple_bind_fails(self):
        unbinds = []

        def _unbind(self):
            unbinds.append(1)

        # the binding fails with an LDAPError
        StateConnector.simple_bind_s = _bind_fails2
        StateConnector.unbind_s = _unbind
        uri = ''
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        cm = ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
        self.assertEqual(len(cm), 0)

        try:
            with cm.connection('dn', 'pass'):
                pass
        except BackendError:
            pass
        else:
            raise AssertionError()
    def test_simple_bind_fails(self):
        unbinds = []

        def _unbind(self):
            unbinds.append(1)

        # the binding fails with an LDAPError
        StateConnector.simple_bind_s = _bind_fails2
        StateConnector.unbind_s = _unbind
        uri = ''
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        cm = ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
        self.assertEqual(len(cm), 0)

        try:
            with cm.connection('dn', 'pass'):
                pass
        except BackendError:
            pass
        else:
            raise AssertionError()
Beispiel #8
0
    def test_pool_full(self):
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        pool = ConnectionManager('ldap://localhost', dn, passwd, size=1,
                                 retry_delay=1., retry_max=5,
                                 use_pool=True)

        class Worker(threading.Thread):

            def __init__(self, pool, duration):
                threading.Thread.__init__(self)
                self.pool = pool
                self.duration = duration

            def run(self):
                with self.pool.connection() as conn:  # NOQA
                    time.sleep(self.duration)

        def tryit():
            with pool.connection() as conn:  # NOQA
                pass

        # an attempt on a full pool should eventually work
        # because the connector is reused
        for i in range(10):
            tryit()

        # we have 1 non-active connector now
        self.assertEqual(len(pool), 1)

        # an attempt with a full pool should succeed if a
        # slot gets freed in less than one second.
        worker1 = Worker(pool, .4)
        worker1.start()

        try:
            tryit()
        finally:
            worker1.join()

        # an attempt with a full pool should fail
        # if no slot gets freed in less than one second.
        worker1 = Worker(pool, 1.1)
        worker1.start()
        try:
            self.assertRaises(MaxConnectionReachedError, tryit)
        finally:
            worker1.join()

        # we still have one active connector
        self.assertEqual(len(pool), 1)
Beispiel #9
0
    def test_pool(self):
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        pool = ConnectionManager('ldap://localhost', dn, passwd)
        workers = [LDAPWorker(pool) for i in range(10)]

        for worker in workers:
            worker.start()

        for worker in workers:
            worker.join()
            self.assertEquals(len(worker.results), 10)
            cn = worker.results[0][0][1]['cn']
            self.assertEquals(cn, ['admin'])
Beispiel #10
0
def includeme(config):
    if not hasattr(config.registry, 'heartbeats'):
        message = ('kinto-ldap should be included once Kinto is initialized'
                   ' . Use setting ``kinto.includes`` instead of '
                   '``pyramid.includes`` or include it manually.')
        raise ConfigurationError(message)

    settings = config.get_settings()

    defaults = {k: v for k, v in DEFAULT_SETTINGS.items() if k not in settings}
    config.add_settings(defaults)

    # Register heartbeat to ping the LDAP server.
    config.registry.heartbeats['ldap'] = ldap_ping
    config.registry.ldap_cm = ConnectionManager(settings['ldap.endpoint'])
Beispiel #11
0
def ldap_setup(config,
               uri,
               bind=None,
               passwd=None,
               pool_size=10,
               retry_max=3,
               retry_delay=.1,
               use_tls=False,
               timeout=-1,
               use_pool=True,
               connector_cls=StateConnector):
    """ Configurator method to set up an LDAP connection pool.

    - **uri**: ldap server uri **[mandatory]**
    - **bind**: default bind that will be used to bind a connector.
      **default: None**
    - **passwd**: default password that will be used to bind a connector.
      **default: None**
    - **size**: pool size. **default: 10**
    - **retry_max**: number of attempts when a server is down. **default: 3**
    - **retry_delay**: delay in seconds before a retry. **default: .1**
    - **use_tls**: activate TLS when connecting. **default: False**
    - **timeout**: connector timeout. **default: -1**
    - **use_pool**: activates the pool. If False, will recreate a connector
       each time. **default: True**
    """
    vals = dict(uri=uri,
                bind=bind,
                passwd=passwd,
                size=pool_size,
                retry_max=retry_max,
                retry_delay=retry_delay,
                use_tls=use_tls,
                timeout=timeout,
                use_pool=use_pool,
                connector_cls=connector_cls)

    manager = ConnectionManager(**vals)

    def get_connector(request):
        registry = request.registry
        return Connector(registry, manager)

    config.set_request_property(get_connector, 'ldap_connector', reify=True)

    intr = config.introspectable('pyramid_ldap setup', None,
                                 pprint.pformat(vals), 'pyramid_ldap setup')
    config.action('ldap-setup', None, introspectables=(intr, ))
Beispiel #12
0
    def test_connection(self):
        uri = ''
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        cm = ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
        self.assertEqual(len(cm), 0)

        with cm.connection('dn', 'pass'):
            self.assertEqual(len(cm), 1)

            # if we ask a new one the pool will grow
            with cm.connection('dn', 'pass'):
                self.assertEqual(len(cm), 2)

                # every connector is marked active
                self.assertTrue(cm._pool[0].active)
                self.assertTrue(cm._pool[1].active)

                # if we ask a new one the pool is full
                try:
                    with cm.connection('dn', 'pass'):
                        pass
                except MaxConnectionReachedError:
                    pass
                else:
                    raise AssertionError()

            # down to one active
            self.assertFalse(cm._pool[1].active)
            self.assertTrue(cm._pool[0].active)

            # if we ask a new one the pool is full
            # but we get the inactive one
            with cm.connection('dn', 'pass'):
                self.assertEqual(len(cm), 2)

            self.assertFalse(cm._pool[1].active)
            self.assertTrue(cm._pool[0].active)

            # if we ask a new one the pool is full
            # but we get the inactive one, and rebind it
            with cm.connection('dn2', 'pass'):
                self.assertEqual(len(cm), 2)

        # the pool is still 2
        self.assertEqual(len(cm), 2)

        # every connector is marked inactive
        self.assertFalse(cm._pool[0].active)
        self.assertFalse(cm._pool[1].active)
    def test_connection(self):
        uri = ''
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        cm = ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
        self.assertEqual(len(cm), 0)

        with cm.connection('dn', 'pass'):
            self.assertEqual(len(cm), 1)

            # if we ask a new one the pool will grow
            with cm.connection('dn', 'pass'):
                self.assertEqual(len(cm), 2)

                # every connector is marked active
                self.assertTrue(cm._pool[0].active)
                self.assertTrue(cm._pool[1].active)

                # if we ask a new one the pool is full
                try:
                    with cm.connection('dn', 'pass'):
                        pass
                except MaxConnectionReachedError:
                    pass
                else:
                    raise AssertionError()

            # down to one active
            self.assertFalse(cm._pool[1].active)
            self.assertTrue(cm._pool[0].active)

            # if we ask a new one the pool is full
            # but we get the inactive one
            with cm.connection('dn', 'pass'):
                self.assertEqual(len(cm), 2)

            self.assertFalse(cm._pool[1].active)
            self.assertTrue(cm._pool[0].active)

            # if we ask a new one the pool is full
            # but we get the inactive one, and rebind it
            with cm.connection('dn2', 'pass'):
                self.assertEqual(len(cm), 2)

        # the pool is still 2
        self.assertEqual(len(cm), 2)

        # every connector is marked inactive
        self.assertFalse(cm._pool[0].active)
        self.assertFalse(cm._pool[1].active)
from ldappool import ConnectionManager
from getpass import getpass

LDAP_ENDPOINT = "ldap://ldap.db.scl3.mozilla.com"
USERNAME = "******"
FQN = "mail={mail},o=com,dc=mozilla"

password = getpass('Please enter a password for %s: ' % USERNAME)

cm = ConnectionManager(LDAP_ENDPOINT)

with cm.connection() as conn:
    conn.bind(FQN.format(mail=USERNAME), password)
    print("Connected as %s" % USERNAME)
Beispiel #15
0
        for op, vals in mods:
            if not isinstance(vals, (tuple, list)):
                vals = [vals]
            vals = [v.encode() if isinstance(v, str) else v for v in vals]
            result.append((op, attr, vals))
    return result


# Begin the Config section:
Config.load('py-fortress-cfg.json')
LDAP = 'ldap'
_service_uid = Config.get(LDAP)['dn']
_service_pw = Config.get(LDAP)['password']
_ldap_timeout = int(Config.get(LDAP)['timeout'])
_pool_size = int(Config.get(LDAP)['pool_size'])
_ldap_use_tls = Config.get(LDAP)['use_tls']
_uri = Config.get(LDAP)['uri']
_ldap_debug = Config.get(LDAP)['debug']

_srv_pool = ConnectionManager(_uri,
                              size=_pool_size,
                              bind=_service_uid,
                              passwd=_service_pw,
                              timeout=_ldap_timeout,
                              use_tls=_ldap_use_tls)
_usr_pool = ConnectionManager(_uri,
                              size=_pool_size,
                              timeout=_ldap_timeout,
                              use_tls=_ldap_use_tls)
__SUFX_DN = Config.get('dit')['suffix']
Beispiel #16
0
import logging, json, time, copy
import ldap
from ldap import modlist
from datetime import datetime
from pprint import pprint as pp

from fum.common.util import to_json, ldap_log

log = logging.getLogger(__name__)

TOTAL_CONNECTIONS = 0
from ldappool import ConnectionManager

cm = ConnectionManager(
    uri=settings.LDAP_CONNECTION.get('uri'),
    use_tls=settings.USE_TLS,
)


def open_ldap(bind_dn=None, bind_pwd=None):
    return LDAPBridge(parent=None, BIND_DN=bind_dn, BIND_PASSWORD=bind_pwd)


def fetch(self,
          dn,
          filters='',
          attrs=[],
          scope=ldap.SCOPE_BASE,
          connection=None):
    specials = []
    normals = []
Beispiel #17
0
 def test_ctor_args(self):
     pool = ConnectionManager('ldap://localhost', use_tls=True)
     self.assertEqual(pool.use_tls, True)
Beispiel #18
0
from flask import Flask, g
from flask.ext.redis import FlaskRedis
from flask.ext.login import LoginManager
from flask.sessions import SecureCookieSessionInterface
from ldappool import ConnectionManager

from cosign import CoSign
from ldaptools import LDAPTools

app = Flask(__name__)
app.config.from_object('config')

flask_redis = FlaskRedis(app, 'REDIS')
ldap = LDAPTools(
    ConnectionManager(app.config["LDAP_SERVER"])
)

cosign = CoSign(app)

lm = LoginManager(app)
lm.login_view = "login"


class CustomSessionInterface(SecureCookieSessionInterface):
    """Prevent creating session from API requests."""
    def save_session(self, *args, **kwargs):
        return

app.session_interface = CustomSessionInterface()

@lm.request_loader
Beispiel #19
0
from ldappool import ConnectionManager
import ldap
import redis
import json
from flask import request, redirect, url_for
from flask_login import login_user

# own stuff
import auth.auth
import settings

# Connection Manager
cm = ConnectionManager(settings.data['auth']['ldap']['server'],
                       settings.data['auth']['ldap']['binddn'],
                       settings.data['auth']['ldap']['bindpw'])

# Redis
red = redis.Redis(**settings.data['redis'])


class AuthMechanism(auth.auth.AuthMechanism):
    @staticmethod
    def login(User, userprefix=""):
        if request.method == 'GET':
            return auth.auth.render_login(showUsername=True, showPassword=True)

        # Check if there is data to login the user
        if 'username' in request.form.keys(
        ) and 'password' in request.form.keys():
            username = request.form['username']