예제 #1
0
    def _connect( self
                , connection_string
                , user_dn
                , user_pwd
                , conn_timeout=5
                , op_timeout=-1
                ):
        """ Factored out to allow usage by other pieces """
        # Connect to the server to get a raw connection object
        connection = getResource( '%s-connection' % self._hash
                                , c_factory
                                , (connection_string,)
                                )
        if not connection._type is c_factory:
            connection = c_factory(connection_string)
            setResource('%s-connection' % self._hash, connection)

        # Set the protocol version - version 3 is preferred
        try:
            connection.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
        except ldap.LDAPError: # Invalid protocol version, fall back safely
            connection.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION2)

        # Deny auto-chasing of referrals to be safe, we handle them instead
        try:
            connection.set_option(ldap.OPT_REFERRALS, 0)
        except ldap.LDAPError: # Cannot set referrals, so do nothing
            pass

        # Set the connection timeout
        if conn_timeout > 0:
            connection.set_option(ldap.OPT_NETWORK_TIMEOUT, conn_timeout)

        # Set the operations timeout
        if op_timeout > 0:
            connection.timeout = op_timeout

        # Now bind with the credentials given. Let exceptions propagate out.
        connection.simple_bind_s(user_dn, user_pwd)

        return connection
예제 #2
0
 def _cache(self, cache_type='users'):
     """ Get the specified user cache """
     return getResource( '%s-%scache' % (self._hash, cache_type)
                       , dict
                       , ()
                       )
예제 #3
-1
    def connect(self, bind_dn='', bind_pwd=''):
        """ initialize an ldap server connection """
        conn = None

        if bind_dn != '':
            user_dn = bind_dn
            user_pwd = bind_pwd or '~'
        elif self.binduid_usage == 1:
            user_dn = self.bind_dn
            user_pwd = self.bind_pwd
        else:
            user = getSecurityManager().getUser()
            try:
                user_dn = user.getUserDN()
                user_pwd = user._getPassword()
            except AttributeError:  # User object is not a LDAPUser
                user_dn = user_pwd = ''

        conn = getResource('%s-connection' % self._hash, str, ())
        if conn._type() is not StringType:
            try:
                conn.simple_bind_s(user_dn, user_pwd)
                conn.search_s(self.u_base, self.BASE, '(objectClass=*)')
                return conn
            except ( AttributeError
                   , ldap.SERVER_DOWN
                   , ldap.NO_SUCH_OBJECT
                   , ldap.TIMEOUT
                   , ldap.INVALID_CREDENTIALS
                   ):
                pass

        e = None

        for server in self._servers:
            getter = server.get
            protocol = getter('protocol')
            if protocol == 'ldapi':
                hostport = getter('host')
            else:
                hostport = '%s:%s' % (getter('host'), getter('port'))
            ldap_url = LDAPUrl(urlscheme=protocol, hostport=hostport)

            try:
                newconn = self._connect( ldap_url.initializeUrl()
                                       , user_dn
                                       , user_pwd
                                       , conn_timeout=getter('conn_timeout')
                                       , op_timeout=getter('op_timeout')
                                       )
                return newconn
            except ( ldap.SERVER_DOWN
                   , ldap.TIMEOUT
                   , ldap.INVALID_CREDENTIALS
                   ), e:
                continue