def connect(self, bind_dn='', bind_pwd=''):
""" initialize an ldap server connection """
conn = None
conn_string = ''
if bind_dn != '':
user_dn = bind_dn
user_pwd = bind_pwd or '~'
elif self.binduid_usage == 1:
user_dn = self.bind_dn
user_pwd = self.bind_pwd
else:
user = getSecurityManager().getUser()
if isinstance(user, LDAPUser):
user_dn = user.getUserDN()
user_pwd = user._getPassword()
else:
user_dn = user_pwd = ''
conn = getResource('%s-connection' % self._hash, str, ())
if not isinstance(conn._type(), str):
try:
conn.simple_bind_s(user_dn, user_pwd)
conn.search_s(self.u_base, self.BASE, '(objectClass=*)')
return conn
except ( AttributeError
, ldap.SERVER_DOWN
, ldap.NO_SUCH_OBJECT
, ldap.TIMEOUT
, ldap.INVALID_CREDENTIALS
):
pass
e = None
for server in self._servers:
conn_string = self._createConnectionString(server)
try:
newconn = self._connect( conn_string
, user_dn
, user_pwd
, conn_timeout=server['conn_timeout']
, op_timeout=server['op_timeout']
)
return newconn
except ( ldap.SERVER_DOWN
, ldap.TIMEOUT
, ldap.INVALID_CREDENTIALS
), e:
continue
def connect(self, bind_dn='', bind_pwd=''):
""" initialize an ldap server connection """
conn = None
conn_string = ''
if bind_dn != '':
user_dn = bind_dn
user_pwd = bind_pwd or '~'
elif self.binduid_usage == 1:
user_dn = self.bind_dn
user_pwd = self.bind_pwd
else:
user = getSecurityManager().getUser()
if isinstance(user, LDAPUser):
user_dn = user.getUserDN()
user_pwd = user._getPassword()
if not user_pwd or user_pwd == 'undef':
# This user object did not result from a login
user_dn = user_pwd = ''
else:
user_dn = user_pwd = ''
conn = getResource('%s-connection' % self._hash, str, ())
if conn._type() is not str:
try:
conn.simple_bind_s(user_dn, user_pwd)
conn.search_s(self.u_base, self.BASE, '(objectClass=*)')
return conn
except ( AttributeError
, ldap.SERVER_DOWN
, ldap.NO_SUCH_OBJECT
, ldap.TIMEOUT
, ldap.INVALID_CREDENTIALS
), e:
logger.exception(
'LDAPDEBUG bind error %s; bind_dn: %s, len(bind_pwd): %s,'
' self.binduid_usage: %s, self.bind_dn: %s, '
'len(self.bind_pwd): %s, user: %s, '
'is user instance of LDAPUser?: %s, '
'user_dn: %s, len(user_pwd): %s, '
'self.u_base: %s, self.BASE: %s' % (
e,
bind_dn, len(bind_pwd), self.binduid_usage,
self.bind_dn, len(self.bind_pwd),
getSecurityManager().getUser(),
isinstance(getSecurityManager().getUser(), LDAPUser),
user_dn, len(user_pwd),
self.u_base, self.BASE
))
pass
def _connect( self
, connection_string
, user_dn
, user_pwd
, conn_timeout=5
, op_timeout=-1
):
""" Factored out to allow usage by other pieces """
# Connect to the server to get a raw connection object
connection = getResource( '%s-connection' % self._hash
, c_factory
, (connection_string,)
)
if not connection._type is c_factory:
connection = c_factory(connection_string)
connection_strings = [self._createConnectionString(s)
for s in self._servers]
if connection_string in connection_strings:
# We only reuse a connection if it is in our own configuration
# in order to prevent getting "stuck" on a connection created
# while dealing with a ldap.REFERRAL exception
setResource('%s-connection' % self._hash, connection)
# Set the protocol version - version 3 is preferred
try:
connection.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
except ldap.LDAPError: # Invalid protocol version, fall back safely
connection.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION2)
# Deny auto-chasing of referrals to be safe, we handle them instead
try:
connection.set_option(ldap.OPT_REFERRALS, 0)
except ldap.LDAPError: # Cannot set referrals, so do nothing
pass
# Set the connection timeout
if conn_timeout > 0:
connection.set_option(ldap.OPT_NETWORK_TIMEOUT, conn_timeout)
# Set the operations timeout
if op_timeout > 0:
connection.timeout = op_timeout
# Now bind with the credentials given. Let exceptions propagate out.
connection.simple_bind_s(user_dn, user_pwd)
return connection
def connect(self, bind_dn='', bind_pwd=''):
""" initialize an ldap server connection """
conn = None
conn_string = ''
if bind_dn != '':
user_dn = bind_dn
user_pwd = bind_pwd or '~'
elif self.binduid_usage == 1:
user_dn = self.bind_dn
user_pwd = self.bind_pwd
else:
user = getSecurityManager().getUser()
if isinstance(user, LDAPUser):
user_dn = user.getUserDN()
user_pwd = user._getPassword()
if not user_pwd or user_pwd == 'undef':
# This user object did not result from a login
user_dn = user_pwd = ''
else:
user_dn = user_pwd = ''
e = None
conn = getResource('%s-connection' % self._hash, str, ())
if (conn._type() != str):
try:
# Mensajes para calcular tiempos LDAP
# logger.error('Consulta a LDAP')
# msg = 'Consulta LDAP user_dn: "%s" user_pwd: "%s" search self.u_base: "%s"' % (user_dn, user_pwd, self.u_base)
# logger.error(msg)
# start_time = time()
conn.simple_bind_s(user_dn, user_pwd)
conn.search_s(self.u_base, self.BASE, '(objectClass=*)')
# elapsed_time = time() - start_time
# logger.error('Tiempo consulta: "%s"' %(elapsed_time))
return conn
except ( AttributeError
, ldap.SERVER_DOWN
, ldap.NO_SUCH_OBJECT
, ldap.TIMEOUT
, ldap.INVALID_CREDENTIALS
), e:
pass
def connect(self, bind_dn='', bind_pwd=''):
""" initialize an ldap server connection """
conn = None
conn_string = ''
if bind_dn != '':
user_dn = bind_dn
user_pwd = bind_pwd or '~'
elif self.binduid_usage == 1:
user_dn = self.bind_dn
user_pwd = self.bind_pwd
else:
user = getSecurityManager().getUser()
if isinstance(user, LDAPUser):
user_dn = user.getUserDN()
user_pwd = user._getPassword()
if not user_pwd or user_pwd == 'undef':
# This user object did not result from a login
user_dn = user_pwd = ''
else:
user_dn = user_pwd = ''
conn = getResource('%s-connection' % self._hash, str, ())
if conn._type() is not str:
try:
conn.simple_bind_s(user_dn, user_pwd)
conn.search_s(self.u_base, self.BASE, '(objectClass=*)')
return conn
except (AttributeError, ldap.SERVER_DOWN, ldap.NO_SUCH_OBJECT,
ldap.TIMEOUT, ldap.INVALID_CREDENTIALS), e:
logger.exception(
'LDAPDEBUG bind error %s; bind_dn: %s, len(bind_pwd): %s,'
' self.binduid_usage: %s, self.bind_dn: %s, '
'len(self.bind_pwd): %s, user: %s, '
'is user instance of LDAPUser?: %s, '
'user_dn: %s, len(user_pwd): %s, '
'self.u_base: %s, self.BASE: %s' %
(e, bind_dn, len(bind_pwd), self.binduid_usage,
self.bind_dn, len(
self.bind_pwd), getSecurityManager().getUser(),
isinstance(getSecurityManager().getUser(), LDAPUser),
user_dn, len(user_pwd), self.u_base, self.BASE))
pass
def _cache(self, cache_type='users'):
""" Get the specified user cache """
return getResource('%s-%scache' % (self._hash, cache_type), dict, ())
def _cache(self, cache_type='users'):
""" Get the specified user cache """
return getResource( '%s-%scache' % (self._hash, cache_type)
, dict
, ()
)
