def test_pool_cleanup(self):
dn = "uid=adminuser,ou=logins,dc=mozilla"
passwd = "adminuser"
pool = ConnectionManager("ldap://localhost", dn, passwd, size=1, use_pool=True)
with pool.connection("bind1") as conn: # NOQA
pass
with pool.connection("bind2") as conn: # NOQA
pass
# the second call should have removed the first conn
self.assertEqual(len(pool), 1)
def test_pool_cleanup(self):
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
pool = ConnectionManager('ldap://localhost', dn, passwd, size=1,
use_pool=True)
with pool.connection('bind1') as conn: # NOQA
pass
with pool.connection('bind2') as conn: # NOQA
pass
# the second call should have removed the first conn
self.assertEqual(len(pool), 1)
def test_pool_reuse(self):
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
pool = ConnectionManager('ldap://localhost', dn, passwd,
use_pool=True)
with pool.connection() as conn:
self.assertTrue(conn.active)
self.assertFalse(conn.active)
self.assertTrue(conn.connected)
with pool.connection() as conn2:
pass
self.assertTrue(conn is conn2)
with pool.connection() as conn:
conn.connected = False
with pool.connection() as conn2:
pass
self.assertTrue(conn is not conn2)
# same bind and password: reuse
with pool.connection('bind', 'passwd') as conn:
self.assertTrue(conn.active)
self.assertFalse(conn.active)
self.assertTrue(conn.connected)
with pool.connection('bind', 'passwd') as conn2:
pass
self.assertTrue(conn is conn2)
# same bind different password: rebind !
with pool.connection('bind', 'passwd') as conn:
self.assertTrue(conn.active)
self.assertFalse(conn.active)
self.assertTrue(conn.connected)
with pool.connection('bind', 'passwd2') as conn2:
pass
self.assertTrue(conn is conn2)
def __init__(self):
print("DEBUG: LdapPool init")
self.connection_manager = ConnectionManager(
uri=settings.LDAP_HOST,
bind=settings.LDAP_USERNAME,
passwd=settings.LDAP_PASSWORD,
timeout=10,
use_tls=True,
)
def test_pool_reuse(self):
dn = "uid=adminuser,ou=logins,dc=mozilla"
passwd = "adminuser"
pool = ConnectionManager("ldap://localhost", dn, passwd, use_pool=True)
with pool.connection() as conn:
self.assertTrue(conn.active)
self.assertFalse(conn.active)
self.assertTrue(conn.connected)
with pool.connection() as conn2:
pass
self.assertTrue(conn is conn2)
with pool.connection() as conn:
conn.connected = False
with pool.connection() as conn2:
pass
self.assertTrue(conn is not conn2)
# same bind and password: reuse
with pool.connection("bind", "passwd") as conn:
self.assertTrue(conn.active)
self.assertFalse(conn.active)
self.assertTrue(conn.connected)
with pool.connection("bind", "passwd") as conn2:
pass
self.assertTrue(conn is conn2)
# same bind different password: rebind !
with pool.connection("bind", "passwd") as conn:
self.assertTrue(conn.active)
self.assertFalse(conn.active)
self.assertTrue(conn.connected)
with pool.connection("bind", "passwd2") as conn2:
pass
self.assertTrue(conn is conn2)
def test_simple_bind_fails(self):
unbinds = []
def _unbind(self):
unbinds.append(1)
# the binding fails with an LDAPError
StateConnector.simple_bind_s = _bind_fails2
StateConnector.unbind_s = _unbind
uri = ''
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
cm = ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
self.assertEqual(len(cm), 0)
try:
with cm.connection('dn', 'pass'):
pass
except BackendError:
pass
else:
raise AssertionError()
def test_simple_bind_fails(self):
unbinds = []
def _unbind(self):
unbinds.append(1)
# the binding fails with an LDAPError
StateConnector.simple_bind_s = _bind_fails2
StateConnector.unbind_s = _unbind
uri = ''
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
cm = ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
self.assertEqual(len(cm), 0)
try:
with cm.connection('dn', 'pass'):
pass
except BackendError:
pass
else:
raise AssertionError()
def test_pool_full(self):
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
pool = ConnectionManager('ldap://localhost', dn, passwd, size=1,
retry_delay=1., retry_max=5,
use_pool=True)
class Worker(threading.Thread):
def __init__(self, pool, duration):
threading.Thread.__init__(self)
self.pool = pool
self.duration = duration
def run(self):
with self.pool.connection() as conn: # NOQA
time.sleep(self.duration)
def tryit():
with pool.connection() as conn: # NOQA
pass
# an attempt on a full pool should eventually work
# because the connector is reused
for i in range(10):
tryit()
# we have 1 non-active connector now
self.assertEqual(len(pool), 1)
# an attempt with a full pool should succeed if a
# slot gets freed in less than one second.
worker1 = Worker(pool, .4)
worker1.start()
try:
tryit()
finally:
worker1.join()
# an attempt with a full pool should fail
# if no slot gets freed in less than one second.
worker1 = Worker(pool, 1.1)
worker1.start()
try:
self.assertRaises(MaxConnectionReachedError, tryit)
finally:
worker1.join()
# we still have one active connector
self.assertEqual(len(pool), 1)
def test_pool(self):
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
pool = ConnectionManager('ldap://localhost', dn, passwd)
workers = [LDAPWorker(pool) for i in range(10)]
for worker in workers:
worker.start()
for worker in workers:
worker.join()
self.assertEquals(len(worker.results), 10)
cn = worker.results[0][0][1]['cn']
self.assertEquals(cn, ['admin'])
def includeme(config):
if not hasattr(config.registry, 'heartbeats'):
message = ('kinto-ldap should be included once Kinto is initialized'
' . Use setting ``kinto.includes`` instead of '
'``pyramid.includes`` or include it manually.')
raise ConfigurationError(message)
settings = config.get_settings()
defaults = {k: v for k, v in DEFAULT_SETTINGS.items() if k not in settings}
config.add_settings(defaults)
# Register heartbeat to ping the LDAP server.
config.registry.heartbeats['ldap'] = ldap_ping
config.registry.ldap_cm = ConnectionManager(settings['ldap.endpoint'])
def ldap_setup(config,
uri,
bind=None,
passwd=None,
pool_size=10,
retry_max=3,
retry_delay=.1,
use_tls=False,
timeout=-1,
use_pool=True,
connector_cls=StateConnector):
""" Configurator method to set up an LDAP connection pool.
- **uri**: ldap server uri **[mandatory]**
- **bind**: default bind that will be used to bind a connector.
**default: None**
- **passwd**: default password that will be used to bind a connector.
**default: None**
- **size**: pool size. **default: 10**
- **retry_max**: number of attempts when a server is down. **default: 3**
- **retry_delay**: delay in seconds before a retry. **default: .1**
- **use_tls**: activate TLS when connecting. **default: False**
- **timeout**: connector timeout. **default: -1**
- **use_pool**: activates the pool. If False, will recreate a connector
each time. **default: True**
"""
vals = dict(uri=uri,
bind=bind,
passwd=passwd,
size=pool_size,
retry_max=retry_max,
retry_delay=retry_delay,
use_tls=use_tls,
timeout=timeout,
use_pool=use_pool,
connector_cls=connector_cls)
manager = ConnectionManager(**vals)
def get_connector(request):
registry = request.registry
return Connector(registry, manager)
config.set_request_property(get_connector, 'ldap_connector', reify=True)
intr = config.introspectable('pyramid_ldap setup', None,
pprint.pformat(vals), 'pyramid_ldap setup')
config.action('ldap-setup', None, introspectables=(intr, ))
def test_connection(self):
uri = ''
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
cm = ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
self.assertEqual(len(cm), 0)
with cm.connection('dn', 'pass'):
self.assertEqual(len(cm), 1)
# if we ask a new one the pool will grow
with cm.connection('dn', 'pass'):
self.assertEqual(len(cm), 2)
# every connector is marked active
self.assertTrue(cm._pool[0].active)
self.assertTrue(cm._pool[1].active)
# if we ask a new one the pool is full
try:
with cm.connection('dn', 'pass'):
pass
except MaxConnectionReachedError:
pass
else:
raise AssertionError()
# down to one active
self.assertFalse(cm._pool[1].active)
self.assertTrue(cm._pool[0].active)
# if we ask a new one the pool is full
# but we get the inactive one
with cm.connection('dn', 'pass'):
self.assertEqual(len(cm), 2)
self.assertFalse(cm._pool[1].active)
self.assertTrue(cm._pool[0].active)
# if we ask a new one the pool is full
# but we get the inactive one, and rebind it
with cm.connection('dn2', 'pass'):
self.assertEqual(len(cm), 2)
# the pool is still 2
self.assertEqual(len(cm), 2)
# every connector is marked inactive
self.assertFalse(cm._pool[0].active)
self.assertFalse(cm._pool[1].active)
def test_connection(self):
uri = ''
dn = 'uid=adminuser,ou=logins,dc=mozilla'
passwd = 'adminuser'
cm = ConnectionManager(uri, dn, passwd, use_pool=True, size=2)
self.assertEqual(len(cm), 0)
with cm.connection('dn', 'pass'):
self.assertEqual(len(cm), 1)
# if we ask a new one the pool will grow
with cm.connection('dn', 'pass'):
self.assertEqual(len(cm), 2)
# every connector is marked active
self.assertTrue(cm._pool[0].active)
self.assertTrue(cm._pool[1].active)
# if we ask a new one the pool is full
try:
with cm.connection('dn', 'pass'):
pass
except MaxConnectionReachedError:
pass
else:
raise AssertionError()
# down to one active
self.assertFalse(cm._pool[1].active)
self.assertTrue(cm._pool[0].active)
# if we ask a new one the pool is full
# but we get the inactive one
with cm.connection('dn', 'pass'):
self.assertEqual(len(cm), 2)
self.assertFalse(cm._pool[1].active)
self.assertTrue(cm._pool[0].active)
# if we ask a new one the pool is full
# but we get the inactive one, and rebind it
with cm.connection('dn2', 'pass'):
self.assertEqual(len(cm), 2)
# the pool is still 2
self.assertEqual(len(cm), 2)
# every connector is marked inactive
self.assertFalse(cm._pool[0].active)
self.assertFalse(cm._pool[1].active)
from ldappool import ConnectionManager
from getpass import getpass
LDAP_ENDPOINT = "ldap://ldap.db.scl3.mozilla.com"
USERNAME = "******"
FQN = "mail={mail},o=com,dc=mozilla"
password = getpass('Please enter a password for %s: ' % USERNAME)
cm = ConnectionManager(LDAP_ENDPOINT)
with cm.connection() as conn:
conn.bind(FQN.format(mail=USERNAME), password)
print("Connected as %s" % USERNAME)
for op, vals in mods:
if not isinstance(vals, (tuple, list)):
vals = [vals]
vals = [v.encode() if isinstance(v, str) else v for v in vals]
result.append((op, attr, vals))
return result
# Begin the Config section:
Config.load('py-fortress-cfg.json')
LDAP = 'ldap'
_service_uid = Config.get(LDAP)['dn']
_service_pw = Config.get(LDAP)['password']
_ldap_timeout = int(Config.get(LDAP)['timeout'])
_pool_size = int(Config.get(LDAP)['pool_size'])
_ldap_use_tls = Config.get(LDAP)['use_tls']
_uri = Config.get(LDAP)['uri']
_ldap_debug = Config.get(LDAP)['debug']
_srv_pool = ConnectionManager(_uri,
size=_pool_size,
bind=_service_uid,
passwd=_service_pw,
timeout=_ldap_timeout,
use_tls=_ldap_use_tls)
_usr_pool = ConnectionManager(_uri,
size=_pool_size,
timeout=_ldap_timeout,
use_tls=_ldap_use_tls)
__SUFX_DN = Config.get('dit')['suffix']
import logging, json, time, copy
import ldap
from ldap import modlist
from datetime import datetime
from pprint import pprint as pp
from fum.common.util import to_json, ldap_log
log = logging.getLogger(__name__)
TOTAL_CONNECTIONS = 0
from ldappool import ConnectionManager
cm = ConnectionManager(
uri=settings.LDAP_CONNECTION.get('uri'),
use_tls=settings.USE_TLS,
)
def open_ldap(bind_dn=None, bind_pwd=None):
return LDAPBridge(parent=None, BIND_DN=bind_dn, BIND_PASSWORD=bind_pwd)
def fetch(self,
dn,
filters='',
attrs=[],
scope=ldap.SCOPE_BASE,
connection=None):
specials = []
normals = []
def test_ctor_args(self):
pool = ConnectionManager('ldap://localhost', use_tls=True)
self.assertEqual(pool.use_tls, True)
from flask import Flask, g
from flask.ext.redis import FlaskRedis
from flask.ext.login import LoginManager
from flask.sessions import SecureCookieSessionInterface
from ldappool import ConnectionManager
from cosign import CoSign
from ldaptools import LDAPTools
app = Flask(__name__)
app.config.from_object('config')
flask_redis = FlaskRedis(app, 'REDIS')
ldap = LDAPTools(
ConnectionManager(app.config["LDAP_SERVER"])
)
cosign = CoSign(app)
lm = LoginManager(app)
lm.login_view = "login"
class CustomSessionInterface(SecureCookieSessionInterface):
"""Prevent creating session from API requests."""
def save_session(self, *args, **kwargs):
return
app.session_interface = CustomSessionInterface()
@lm.request_loader
from ldappool import ConnectionManager
import ldap
import redis
import json
from flask import request, redirect, url_for
from flask_login import login_user
# own stuff
import auth.auth
import settings
# Connection Manager
cm = ConnectionManager(settings.data['auth']['ldap']['server'],
settings.data['auth']['ldap']['binddn'],
settings.data['auth']['ldap']['bindpw'])
# Redis
red = redis.Redis(**settings.data['redis'])
class AuthMechanism(auth.auth.AuthMechanism):
@staticmethod
def login(User, userprefix=""):
if request.method == 'GET':
return auth.auth.render_login(showUsername=True, showPassword=True)
# Check if there is data to login the user
if 'username' in request.form.keys(
) and 'password' in request.form.keys():
username = request.form['username']
