def init(): ecloud_db_pool = pools.Pool( get_conn(CONF.database.db_local), max_idle_connections=CONF.database.max_idle_connections, max_recycle_sec=CONF.database.max_recycle_sec) __DB_POOLS[LOCAL_DB] = ecloud_db_pool common_db_pool = pools.Pool( get_conn(CONF.database.db_global), max_idle_connections=CONF.database.max_idle_connections, max_recycle_sec=CONF.database.max_recycle_sec) __DB_POOLS[COMMON_DB] = common_db_pool nova_db_pool = pools.Pool( get_conn(CONF.database.db_nova), max_idle_connections=CONF.database.max_idle_connections, max_recycle_sec=CONF.database.max_recycle_sec) __DB_POOLS[NOVA_DB] = nova_db_pool cinder_db_pool = pools.Pool( get_conn(CONF.database.db_cinder), max_idle_connections=CONF.database.max_idle_connections, max_recycle_sec=CONF.database.max_recycle_sec) __DB_POOLS[CINDER_DB] = cinder_db_pool keystone_db_pool = pools.Pool( get_conn(CONF.database.db_keystone), max_idle_connections=CONF.database.max_idle_connections, max_recycle_sec=CONF.database.max_recycle_sec) __DB_POOLS[KEYSTONE_DB] = keystone_db_pool glance_db_pool = pools.Pool( get_conn(CONF.database.db_glance), max_idle_connections=CONF.database.max_idle_connections, max_recycle_sec=CONF.database.max_recycle_sec) __DB_POOLS[GLANCE_DB] = glance_db_pool neutron_db_pool = pools.Pool( get_conn(CONF.database.db_neutron), max_idle_connections=CONF.database.max_idle_connections, max_recycle_sec=CONF.database.max_recycle_sec) __DB_POOLS[NEUTRON_DB] = neutron_db_pool redis_conn = get_conn(CONF.database.db_redis) redis_db_pool = redis.ConnectionPool(host=redis_conn['host'], port=redis_conn['port'], db=redis_conn['db']) __DB_POOLS[REDIS_DB] = redis_db_pool if CONF.ldap.enable: au = "CN=%s,%s" % (CONF.ldap.auth_user, CONF.ldap.base_dn) url = "ldap://%s:389" % CONF.ldap.auth_domain e_ldap_pool = ldappool.ConnectionManager(url, au, CONF.ldap.auth_pass, use_pool=True, size=2) __DB_POOLS[E_LDAP] = e_ldap_pool
def test_pool_full(self): dn = 'uid=adminuser,ou=logins,dc=mozilla' passwd = 'adminuser' pool = ldappool.ConnectionManager('ldap://localhost', dn, passwd, size=1, retry_delay=1., retry_max=5, use_pool=True) class Worker(threading.Thread): def __init__(self, pool, duration): threading.Thread.__init__(self) self.pool = pool self.duration = duration def run(self): with self.pool.connection() as conn: # NOQA time.sleep(self.duration) def tryit(): time.sleep(0.1) with pool.connection() as conn: # NOQA pass # an attempt on a full pool should eventually work # because the connector is reused for i in range(10): tryit() # we have 1 non-active connector now self.assertEqual(len(pool), 1) # an attempt with a full pool should succeed if a # slot gets freed in less than one second. worker1 = Worker(pool, .4) worker1.start() try: tryit() finally: worker1.join() # an attempt with a full pool should fail # if no slot gets freed in less than one second. worker1 = Worker(pool, 1.1) worker1.start() try: self.assertRaises(ldappool.MaxConnectionReachedError, tryit) finally: worker1.join() # we still have one active connector self.assertEqual(len(pool), 1)
def test_tls_connection(self): uri = '' dn = 'uid=adminuser,ou=logins,dc=mozilla' passwd = 'adminuser' cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True, size=2, use_tls=True) with cm.connection(): pass
def test_pool_reuse(self): dn = 'uid=adminuser,ou=logins,dc=mozilla' passwd = 'adminuser' pool = ldappool.ConnectionManager('ldap://localhost', dn, passwd, use_pool=True) with pool.connection() as conn: self.assertTrue(conn.active) self.assertFalse(conn.active) self.assertTrue(conn.connected) with pool.connection() as conn2: pass self.assertTrue(conn is conn2) with pool.connection() as conn: conn.connected = False with pool.connection() as conn2: pass self.assertTrue(conn is not conn2) # same bind and password: reuse with pool.connection('bind', 'passwd') as conn: self.assertTrue(conn.active) self.assertFalse(conn.active) self.assertTrue(conn.connected) with pool.connection('bind', 'passwd') as conn2: pass self.assertTrue(conn is conn2) # same bind different password: rebind ! with pool.connection('bind', 'passwd') as conn: self.assertTrue(conn.active) self.assertFalse(conn.active) self.assertTrue(conn.connected) with pool.connection('bind', 'passwd2') as conn2: pass self.assertTrue(conn is conn2)
def test_pool(self): dn = 'uid=adminuser,ou=logins,dc=mozilla' passwd = 'adminuser' pool = ldappool.ConnectionManager('ldap://localhost', dn, passwd) workers = [LDAPWorker(pool) for i in range(10)] for worker in workers: worker.start() for worker in workers: worker.join() self.assertEqual(len(worker.results), 10) cn = worker.results[0][0][1]['cn'] self.assertEqual(cn, ['admin'])
def test_connection(self): uri = '' dn = 'uid=adminuser,ou=logins,dc=mozilla' passwd = 'adminuser' cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True, size=2) self.assertEqual(len(cm), 0) with cm.connection('dn', 'pass'): self.assertEqual(len(cm), 1) # if we ask a new one the pool will grow with cm.connection('dn', 'pass'): self.assertEqual(len(cm), 2) # every connector is marked active self.assertTrue(cm._pool[0].active) self.assertTrue(cm._pool[1].active) # if we ask a new one the pool is full try: with cm.connection('dn', 'pass'): pass except ldappool.MaxConnectionReachedError: pass else: raise AssertionError() # down to one active self.assertFalse(cm._pool[1].active) self.assertTrue(cm._pool[0].active) # if we ask a new one the pool is full # but we get the inactive one with cm.connection('dn', 'pass'): self.assertEqual(len(cm), 2) self.assertFalse(cm._pool[1].active) self.assertTrue(cm._pool[0].active) # if we ask a new one the pool is full # but we get the inactive one, and rebind it with cm.connection('dn2', 'pass'): self.assertEqual(len(cm), 2) # the pool is still 2 self.assertEqual(len(cm), 2) # every connector is marked inactive self.assertFalse(cm._pool[0].active) self.assertFalse(cm._pool[1].active)
def test_pool_cleanup(self): dn = 'uid=adminuser,ou=logins,dc=mozilla' passwd = 'adminuser' pool = ldappool.ConnectionManager('ldap://localhost', dn, passwd, size=1, use_pool=True) with pool.connection('bind1') as conn: # NOQA pass with pool.connection('bind2') as conn: # NOQA pass # the second call should have removed the first conn self.assertEqual(len(pool), 1)
def test_simple_bind_fails(self): unbinds = [] def _unbind(self): unbinds.append(1) # the binding fails with an LDAPError ldappool.StateConnector.simple_bind_s = _bind_fails2 ldappool.StateConnector.unbind_s = _unbind uri = '' dn = 'uid=adminuser,ou=logins,dc=mozilla' passwd = 'adminuser' cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True, size=2) self.assertEqual(len(cm), 0) try: with cm.connection('dn', 'pass'): pass except ldap.SERVER_DOWN: pass else: raise AssertionError()
User = collections.namedtuple( 'User', ('dn', 'uid', 'givenName', 'sn', 'userPassword', 'mail', 'mobile', 'createTimestamp', 'modifyTimestamp')) Group = collections.namedtuple( 'Group', ('dn', 'cn', 'description', 'createTimestamp', 'modifyTimestamp')) class Connector(ldappool.StateConnector, ldap.resiter.ResultProcessor): def __init__(self, *args, **kwargs): ldappool.StateConnector.__init__(self, *args, **kwargs) self.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) self.set_option(ldap.OPT_DEREF, ldap.DEREF_ALWAYS) pool = ldappool.ConnectionManager(app.config['LDAP_URI'], connector_cls=Connector) class AppUser(User, UserMixin): pass @login_manager.request_loader def load_user(req): auth = req.authorization if not auth or not auth.password: return None uid = escape_dn_chars(auth.username) bind_dn = app.config['BIND_DN'] bind_pw = app.config['BIND_PW'] with pool.connection(bind_dn, bind_pw) as conn:
# ldap_authuser='******' # ldap_authpass='******' # domainname='ecloud' # ldappath='ldap://10.10.3.252:389' baseDN = 'CN=Users,DC=ecloud,DC=com' # ldap_authuser在连接到LDAP的时候不会用到baseDN,在验证其他用户的时候才需要使用 # # username = '******' #要查找/验证的用户 # # p=ldapc(ldappath,baseDN,domainname,ldap_authuser,ldap_authpass) # # print p.search_OU() # print p.valid_user('test','password') #调用valid_user()方法验证用户是否为合法用户 uri = 'ldap://10.10.3.252:389' dn = '%s\%s' % ("ecloud", "admin") passwd = '_123qweasd' cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True, size=2) searchScope = ldap.SCOPE_SUBTREE # searchFiltername = "sAMAccountName" #通过samaccountname查找用户 retrieveAttributes = ['sAMAccountName'] searchFilter = '(&(objectClass=person))' with cm.connection() as conn: ldap_result = conn.search_s(baseDN, searchScope, searchFilter, retrieveAttributes) if ldap_result is not None: udict = {} usersinfor = [] for pinfor in ldap_result: # pinfor是一个tuple,第一个元素是该用户的CN,第二个元素是一个dict,包含有用户的所有属性 if pinfor[1]: p = pinfor[1]
def test_ctor_args(self): pool = ldappool.ConnectionManager('ldap://localhost', use_tls=True) self.assertEqual(pool.use_tls, True)
related to the request userid exists.""" def effective_principals(self, request): """ Return a sequence representing the effective principals including the userid and any groups belonged to by the current user, including 'system' groups such as ``pyramid.security.Everyone`` and ``pyramid.security.Authenticated``. """ def callback(self, username, request): pass import ldap import ldappool cm = ldappool.ConnectionManager('ldap://ldap.iplantcollaborative.org') class _Decoder(object): """ Stolen from django-auth-ldap. Encodes and decodes strings in a nested structure of lists, tuples, and dicts. This is helpful when interacting with the Unicode-unaware python-ldap. """ ldap = ldap def __init__(self, encoding='utf-8'): self.encoding = encoding