Ejemplo n.º 1
0
def init():
    ecloud_db_pool = pools.Pool(
        get_conn(CONF.database.db_local),
        max_idle_connections=CONF.database.max_idle_connections,
        max_recycle_sec=CONF.database.max_recycle_sec)
    __DB_POOLS[LOCAL_DB] = ecloud_db_pool

    common_db_pool = pools.Pool(
        get_conn(CONF.database.db_global),
        max_idle_connections=CONF.database.max_idle_connections,
        max_recycle_sec=CONF.database.max_recycle_sec)
    __DB_POOLS[COMMON_DB] = common_db_pool

    nova_db_pool = pools.Pool(
        get_conn(CONF.database.db_nova),
        max_idle_connections=CONF.database.max_idle_connections,
        max_recycle_sec=CONF.database.max_recycle_sec)
    __DB_POOLS[NOVA_DB] = nova_db_pool

    cinder_db_pool = pools.Pool(
        get_conn(CONF.database.db_cinder),
        max_idle_connections=CONF.database.max_idle_connections,
        max_recycle_sec=CONF.database.max_recycle_sec)
    __DB_POOLS[CINDER_DB] = cinder_db_pool

    keystone_db_pool = pools.Pool(
        get_conn(CONF.database.db_keystone),
        max_idle_connections=CONF.database.max_idle_connections,
        max_recycle_sec=CONF.database.max_recycle_sec)
    __DB_POOLS[KEYSTONE_DB] = keystone_db_pool

    glance_db_pool = pools.Pool(
        get_conn(CONF.database.db_glance),
        max_idle_connections=CONF.database.max_idle_connections,
        max_recycle_sec=CONF.database.max_recycle_sec)
    __DB_POOLS[GLANCE_DB] = glance_db_pool

    neutron_db_pool = pools.Pool(
        get_conn(CONF.database.db_neutron),
        max_idle_connections=CONF.database.max_idle_connections,
        max_recycle_sec=CONF.database.max_recycle_sec)
    __DB_POOLS[NEUTRON_DB] = neutron_db_pool

    redis_conn = get_conn(CONF.database.db_redis)
    redis_db_pool = redis.ConnectionPool(host=redis_conn['host'],
                                         port=redis_conn['port'],
                                         db=redis_conn['db'])

    __DB_POOLS[REDIS_DB] = redis_db_pool

    if CONF.ldap.enable:
        au = "CN=%s,%s" % (CONF.ldap.auth_user, CONF.ldap.base_dn)
        url = "ldap://%s:389" % CONF.ldap.auth_domain
        e_ldap_pool = ldappool.ConnectionManager(url,
                                                 au,
                                                 CONF.ldap.auth_pass,
                                                 use_pool=True,
                                                 size=2)
        __DB_POOLS[E_LDAP] = e_ldap_pool
    def test_pool_full(self):
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        pool = ldappool.ConnectionManager('ldap://localhost',
                                          dn,
                                          passwd,
                                          size=1,
                                          retry_delay=1.,
                                          retry_max=5,
                                          use_pool=True)

        class Worker(threading.Thread):
            def __init__(self, pool, duration):
                threading.Thread.__init__(self)
                self.pool = pool
                self.duration = duration

            def run(self):
                with self.pool.connection() as conn:  # NOQA
                    time.sleep(self.duration)

        def tryit():
            time.sleep(0.1)
            with pool.connection() as conn:  # NOQA
                pass

        # an attempt on a full pool should eventually work
        # because the connector is reused
        for i in range(10):
            tryit()

        # we have 1 non-active connector now
        self.assertEqual(len(pool), 1)

        # an attempt with a full pool should succeed if a
        # slot gets freed in less than one second.
        worker1 = Worker(pool, .4)
        worker1.start()

        try:
            tryit()
        finally:
            worker1.join()

        # an attempt with a full pool should fail
        # if no slot gets freed in less than one second.
        worker1 = Worker(pool, 1.1)
        worker1.start()
        try:
            self.assertRaises(ldappool.MaxConnectionReachedError, tryit)
        finally:
            worker1.join()

        # we still have one active connector
        self.assertEqual(len(pool), 1)
Ejemplo n.º 3
0
 def test_tls_connection(self):
     uri = ''
     dn = 'uid=adminuser,ou=logins,dc=mozilla'
     passwd = 'adminuser'
     cm = ldappool.ConnectionManager(uri,
                                     dn,
                                     passwd,
                                     use_pool=True,
                                     size=2,
                                     use_tls=True)
     with cm.connection():
         pass
    def test_pool_reuse(self):
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        pool = ldappool.ConnectionManager('ldap://localhost',
                                          dn,
                                          passwd,
                                          use_pool=True)

        with pool.connection() as conn:
            self.assertTrue(conn.active)

        self.assertFalse(conn.active)
        self.assertTrue(conn.connected)

        with pool.connection() as conn2:
            pass

        self.assertTrue(conn is conn2)

        with pool.connection() as conn:
            conn.connected = False

        with pool.connection() as conn2:
            pass

        self.assertTrue(conn is not conn2)

        # same bind and password: reuse
        with pool.connection('bind', 'passwd') as conn:
            self.assertTrue(conn.active)

        self.assertFalse(conn.active)
        self.assertTrue(conn.connected)

        with pool.connection('bind', 'passwd') as conn2:
            pass

        self.assertTrue(conn is conn2)

        # same bind different password: rebind !
        with pool.connection('bind', 'passwd') as conn:
            self.assertTrue(conn.active)

        self.assertFalse(conn.active)
        self.assertTrue(conn.connected)

        with pool.connection('bind', 'passwd2') as conn2:
            pass

        self.assertTrue(conn is conn2)
    def test_pool(self):
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        pool = ldappool.ConnectionManager('ldap://localhost', dn, passwd)
        workers = [LDAPWorker(pool) for i in range(10)]

        for worker in workers:
            worker.start()

        for worker in workers:
            worker.join()
            self.assertEqual(len(worker.results), 10)
            cn = worker.results[0][0][1]['cn']
            self.assertEqual(cn, ['admin'])
Ejemplo n.º 6
0
    def test_connection(self):
        uri = ''
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
        self.assertEqual(len(cm), 0)

        with cm.connection('dn', 'pass'):
            self.assertEqual(len(cm), 1)

            # if we ask a new one the pool will grow
            with cm.connection('dn', 'pass'):
                self.assertEqual(len(cm), 2)

                # every connector is marked active
                self.assertTrue(cm._pool[0].active)
                self.assertTrue(cm._pool[1].active)

                # if we ask a new one the pool is full
                try:
                    with cm.connection('dn', 'pass'):
                        pass
                except ldappool.MaxConnectionReachedError:
                    pass
                else:
                    raise AssertionError()

            # down to one active
            self.assertFalse(cm._pool[1].active)
            self.assertTrue(cm._pool[0].active)

            # if we ask a new one the pool is full
            # but we get the inactive one
            with cm.connection('dn', 'pass'):
                self.assertEqual(len(cm), 2)

            self.assertFalse(cm._pool[1].active)
            self.assertTrue(cm._pool[0].active)

            # if we ask a new one the pool is full
            # but we get the inactive one, and rebind it
            with cm.connection('dn2', 'pass'):
                self.assertEqual(len(cm), 2)

        # the pool is still 2
        self.assertEqual(len(cm), 2)

        # every connector is marked inactive
        self.assertFalse(cm._pool[0].active)
        self.assertFalse(cm._pool[1].active)
    def test_pool_cleanup(self):
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        pool = ldappool.ConnectionManager('ldap://localhost',
                                          dn,
                                          passwd,
                                          size=1,
                                          use_pool=True)
        with pool.connection('bind1') as conn:  # NOQA
            pass

        with pool.connection('bind2') as conn:  # NOQA

            pass

        # the second call should have removed the first conn
        self.assertEqual(len(pool), 1)
Ejemplo n.º 8
0
    def test_simple_bind_fails(self):
        unbinds = []

        def _unbind(self):
            unbinds.append(1)

        # the binding fails with an LDAPError
        ldappool.StateConnector.simple_bind_s = _bind_fails2
        ldappool.StateConnector.unbind_s = _unbind
        uri = ''
        dn = 'uid=adminuser,ou=logins,dc=mozilla'
        passwd = 'adminuser'
        cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
        self.assertEqual(len(cm), 0)

        try:
            with cm.connection('dn', 'pass'):
                pass
        except ldap.SERVER_DOWN:
            pass
        else:
            raise AssertionError()
Ejemplo n.º 9
0
User = collections.namedtuple(
    'User', ('dn', 'uid', 'givenName', 'sn', 'userPassword', 'mail', 'mobile',
             'createTimestamp', 'modifyTimestamp'))

Group = collections.namedtuple(
    'Group', ('dn', 'cn', 'description', 'createTimestamp', 'modifyTimestamp'))


class Connector(ldappool.StateConnector, ldap.resiter.ResultProcessor):
    def __init__(self, *args, **kwargs):
        ldappool.StateConnector.__init__(self, *args, **kwargs)
        self.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
        self.set_option(ldap.OPT_DEREF, ldap.DEREF_ALWAYS)


pool = ldappool.ConnectionManager(app.config['LDAP_URI'],
                                  connector_cls=Connector)


class AppUser(User, UserMixin):
    pass


@login_manager.request_loader
def load_user(req):
    auth = req.authorization
    if not auth or not auth.password:
        return None
    uid = escape_dn_chars(auth.username)
    bind_dn = app.config['BIND_DN']
    bind_pw = app.config['BIND_PW']
    with pool.connection(bind_dn, bind_pw) as conn:
Ejemplo n.º 10
0
    # ldap_authuser='******'
    # ldap_authpass='******'
    # domainname='ecloud'
    # ldappath='ldap://10.10.3.252:389'
    baseDN = 'CN=Users,DC=ecloud,DC=com'  # ldap_authuser在连接到LDAP的时候不会用到baseDN,在验证其他用户的时候才需要使用
    # # username = '******' #要查找/验证的用户
    #
    # p=ldapc(ldappath,baseDN,domainname,ldap_authuser,ldap_authpass)
    #
    # print p.search_OU()
    # print p.valid_user('test','password') #调用valid_user()方法验证用户是否为合法用户

    uri = 'ldap://10.10.3.252:389'
    dn = '%s\%s' % ("ecloud", "admin")
    passwd = '_123qweasd'
    cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
    searchScope = ldap.SCOPE_SUBTREE
    # searchFiltername = "sAMAccountName" #通过samaccountname查找用户
    retrieveAttributes = ['sAMAccountName']
    searchFilter = '(&(objectClass=person))'

    with cm.connection() as conn:
        ldap_result = conn.search_s(baseDN, searchScope, searchFilter,
                                    retrieveAttributes)
        if ldap_result is not None:
            udict = {}
            usersinfor = []
            for pinfor in ldap_result:
                # pinfor是一个tuple,第一个元素是该用户的CN,第二个元素是一个dict,包含有用户的所有属性
                if pinfor[1]:
                    p = pinfor[1]
 def test_ctor_args(self):
     pool = ldappool.ConnectionManager('ldap://localhost', use_tls=True)
     self.assertEqual(pool.use_tls, True)
Ejemplo n.º 12
0
        related to the request userid exists."""

    def effective_principals(self, request):
        """ Return a sequence representing the effective principals
        including the userid and any groups belonged to by the current
        user, including 'system' groups such as
        ``pyramid.security.Everyone`` and
        ``pyramid.security.Authenticated``. """


    def callback(self, username, request):
        pass

import ldap
import ldappool 
cm = ldappool.ConnectionManager('ldap://ldap.iplantcollaborative.org')


class _Decoder(object):
    """
    Stolen from django-auth-ldap.

    Encodes and decodes strings in a nested structure of lists, tuples, and
    dicts. This is helpful when interacting with the Unicode-unaware
    python-ldap.
    """

    ldap = ldap

    def __init__(self, encoding='utf-8'):
        self.encoding = encoding