def test_pool_cleanup(self): dn = "uid=adminuser,ou=logins,dc=mozilla" passwd = "adminuser" pool = ConnectionManager("ldap://localhost", dn, passwd, size=1, use_pool=True) with pool.connection("bind1") as conn: # NOQA pass with pool.connection("bind2") as conn: # NOQA pass # the second call should have removed the first conn self.assertEqual(len(pool), 1)
def test_pool_cleanup(self): dn = 'uid=adminuser,ou=logins,dc=mozilla' passwd = 'adminuser' pool = ConnectionManager('ldap://localhost', dn, passwd, size=1, use_pool=True) with pool.connection('bind1') as conn: # NOQA pass with pool.connection('bind2') as conn: # NOQA pass # the second call should have removed the first conn self.assertEqual(len(pool), 1)
def test_pool_reuse(self): dn = 'uid=adminuser,ou=logins,dc=mozilla' passwd = 'adminuser' pool = ConnectionManager('ldap://localhost', dn, passwd, use_pool=True) with pool.connection() as conn: self.assertTrue(conn.active) self.assertFalse(conn.active) self.assertTrue(conn.connected) with pool.connection() as conn2: pass self.assertTrue(conn is conn2) with pool.connection() as conn: conn.connected = False with pool.connection() as conn2: pass self.assertTrue(conn is not conn2) # same bind and password: reuse with pool.connection('bind', 'passwd') as conn: self.assertTrue(conn.active) self.assertFalse(conn.active) self.assertTrue(conn.connected) with pool.connection('bind', 'passwd') as conn2: pass self.assertTrue(conn is conn2) # same bind different password: rebind ! with pool.connection('bind', 'passwd') as conn: self.assertTrue(conn.active) self.assertFalse(conn.active) self.assertTrue(conn.connected) with pool.connection('bind', 'passwd2') as conn2: pass self.assertTrue(conn is conn2)
def __init__(self): print("DEBUG: LdapPool init") self.connection_manager = ConnectionManager( uri=settings.LDAP_HOST, bind=settings.LDAP_USERNAME, passwd=settings.LDAP_PASSWORD, timeout=10, use_tls=True, )
def test_pool_reuse(self): dn = "uid=adminuser,ou=logins,dc=mozilla" passwd = "adminuser" pool = ConnectionManager("ldap://localhost", dn, passwd, use_pool=True) with pool.connection() as conn: self.assertTrue(conn.active) self.assertFalse(conn.active) self.assertTrue(conn.connected) with pool.connection() as conn2: pass self.assertTrue(conn is conn2) with pool.connection() as conn: conn.connected = False with pool.connection() as conn2: pass self.assertTrue(conn is not conn2) # same bind and password: reuse with pool.connection("bind", "passwd") as conn: self.assertTrue(conn.active) self.assertFalse(conn.active) self.assertTrue(conn.connected) with pool.connection("bind", "passwd") as conn2: pass self.assertTrue(conn is conn2) # same bind different password: rebind ! with pool.connection("bind", "passwd") as conn: self.assertTrue(conn.active) self.assertFalse(conn.active) self.assertTrue(conn.connected) with pool.connection("bind", "passwd2") as conn2: pass self.assertTrue(conn is conn2)
def test_simple_bind_fails(self): unbinds = [] def _unbind(self): unbinds.append(1) # the binding fails with an LDAPError StateConnector.simple_bind_s = _bind_fails2 StateConnector.unbind_s = _unbind uri = '' dn = 'uid=adminuser,ou=logins,dc=mozilla' passwd = 'adminuser' cm = ConnectionManager(uri, dn, passwd, use_pool=True, size=2) self.assertEqual(len(cm), 0) try: with cm.connection('dn', 'pass'): pass except BackendError: pass else: raise AssertionError()
def test_pool_full(self): dn = 'uid=adminuser,ou=logins,dc=mozilla' passwd = 'adminuser' pool = ConnectionManager('ldap://localhost', dn, passwd, size=1, retry_delay=1., retry_max=5, use_pool=True) class Worker(threading.Thread): def __init__(self, pool, duration): threading.Thread.__init__(self) self.pool = pool self.duration = duration def run(self): with self.pool.connection() as conn: # NOQA time.sleep(self.duration) def tryit(): with pool.connection() as conn: # NOQA pass # an attempt on a full pool should eventually work # because the connector is reused for i in range(10): tryit() # we have 1 non-active connector now self.assertEqual(len(pool), 1) # an attempt with a full pool should succeed if a # slot gets freed in less than one second. worker1 = Worker(pool, .4) worker1.start() try: tryit() finally: worker1.join() # an attempt with a full pool should fail # if no slot gets freed in less than one second. worker1 = Worker(pool, 1.1) worker1.start() try: self.assertRaises(MaxConnectionReachedError, tryit) finally: worker1.join() # we still have one active connector self.assertEqual(len(pool), 1)
def test_pool(self): dn = 'uid=adminuser,ou=logins,dc=mozilla' passwd = 'adminuser' pool = ConnectionManager('ldap://localhost', dn, passwd) workers = [LDAPWorker(pool) for i in range(10)] for worker in workers: worker.start() for worker in workers: worker.join() self.assertEquals(len(worker.results), 10) cn = worker.results[0][0][1]['cn'] self.assertEquals(cn, ['admin'])
def includeme(config): if not hasattr(config.registry, 'heartbeats'): message = ('kinto-ldap should be included once Kinto is initialized' ' . Use setting ``kinto.includes`` instead of ' '``pyramid.includes`` or include it manually.') raise ConfigurationError(message) settings = config.get_settings() defaults = {k: v for k, v in DEFAULT_SETTINGS.items() if k not in settings} config.add_settings(defaults) # Register heartbeat to ping the LDAP server. config.registry.heartbeats['ldap'] = ldap_ping config.registry.ldap_cm = ConnectionManager(settings['ldap.endpoint'])
def ldap_setup(config, uri, bind=None, passwd=None, pool_size=10, retry_max=3, retry_delay=.1, use_tls=False, timeout=-1, use_pool=True, connector_cls=StateConnector): """ Configurator method to set up an LDAP connection pool. - **uri**: ldap server uri **[mandatory]** - **bind**: default bind that will be used to bind a connector. **default: None** - **passwd**: default password that will be used to bind a connector. **default: None** - **size**: pool size. **default: 10** - **retry_max**: number of attempts when a server is down. **default: 3** - **retry_delay**: delay in seconds before a retry. **default: .1** - **use_tls**: activate TLS when connecting. **default: False** - **timeout**: connector timeout. **default: -1** - **use_pool**: activates the pool. If False, will recreate a connector each time. **default: True** """ vals = dict(uri=uri, bind=bind, passwd=passwd, size=pool_size, retry_max=retry_max, retry_delay=retry_delay, use_tls=use_tls, timeout=timeout, use_pool=use_pool, connector_cls=connector_cls) manager = ConnectionManager(**vals) def get_connector(request): registry = request.registry return Connector(registry, manager) config.set_request_property(get_connector, 'ldap_connector', reify=True) intr = config.introspectable('pyramid_ldap setup', None, pprint.pformat(vals), 'pyramid_ldap setup') config.action('ldap-setup', None, introspectables=(intr, ))
def test_connection(self): uri = '' dn = 'uid=adminuser,ou=logins,dc=mozilla' passwd = 'adminuser' cm = ConnectionManager(uri, dn, passwd, use_pool=True, size=2) self.assertEqual(len(cm), 0) with cm.connection('dn', 'pass'): self.assertEqual(len(cm), 1) # if we ask a new one the pool will grow with cm.connection('dn', 'pass'): self.assertEqual(len(cm), 2) # every connector is marked active self.assertTrue(cm._pool[0].active) self.assertTrue(cm._pool[1].active) # if we ask a new one the pool is full try: with cm.connection('dn', 'pass'): pass except MaxConnectionReachedError: pass else: raise AssertionError() # down to one active self.assertFalse(cm._pool[1].active) self.assertTrue(cm._pool[0].active) # if we ask a new one the pool is full # but we get the inactive one with cm.connection('dn', 'pass'): self.assertEqual(len(cm), 2) self.assertFalse(cm._pool[1].active) self.assertTrue(cm._pool[0].active) # if we ask a new one the pool is full # but we get the inactive one, and rebind it with cm.connection('dn2', 'pass'): self.assertEqual(len(cm), 2) # the pool is still 2 self.assertEqual(len(cm), 2) # every connector is marked inactive self.assertFalse(cm._pool[0].active) self.assertFalse(cm._pool[1].active)
from ldappool import ConnectionManager from getpass import getpass LDAP_ENDPOINT = "ldap://ldap.db.scl3.mozilla.com" USERNAME = "******" FQN = "mail={mail},o=com,dc=mozilla" password = getpass('Please enter a password for %s: ' % USERNAME) cm = ConnectionManager(LDAP_ENDPOINT) with cm.connection() as conn: conn.bind(FQN.format(mail=USERNAME), password) print("Connected as %s" % USERNAME)
for op, vals in mods: if not isinstance(vals, (tuple, list)): vals = [vals] vals = [v.encode() if isinstance(v, str) else v for v in vals] result.append((op, attr, vals)) return result # Begin the Config section: Config.load('py-fortress-cfg.json') LDAP = 'ldap' _service_uid = Config.get(LDAP)['dn'] _service_pw = Config.get(LDAP)['password'] _ldap_timeout = int(Config.get(LDAP)['timeout']) _pool_size = int(Config.get(LDAP)['pool_size']) _ldap_use_tls = Config.get(LDAP)['use_tls'] _uri = Config.get(LDAP)['uri'] _ldap_debug = Config.get(LDAP)['debug'] _srv_pool = ConnectionManager(_uri, size=_pool_size, bind=_service_uid, passwd=_service_pw, timeout=_ldap_timeout, use_tls=_ldap_use_tls) _usr_pool = ConnectionManager(_uri, size=_pool_size, timeout=_ldap_timeout, use_tls=_ldap_use_tls) __SUFX_DN = Config.get('dit')['suffix']
import logging, json, time, copy import ldap from ldap import modlist from datetime import datetime from pprint import pprint as pp from fum.common.util import to_json, ldap_log log = logging.getLogger(__name__) TOTAL_CONNECTIONS = 0 from ldappool import ConnectionManager cm = ConnectionManager( uri=settings.LDAP_CONNECTION.get('uri'), use_tls=settings.USE_TLS, ) def open_ldap(bind_dn=None, bind_pwd=None): return LDAPBridge(parent=None, BIND_DN=bind_dn, BIND_PASSWORD=bind_pwd) def fetch(self, dn, filters='', attrs=[], scope=ldap.SCOPE_BASE, connection=None): specials = [] normals = []
def test_ctor_args(self): pool = ConnectionManager('ldap://localhost', use_tls=True) self.assertEqual(pool.use_tls, True)
from flask import Flask, g from flask.ext.redis import FlaskRedis from flask.ext.login import LoginManager from flask.sessions import SecureCookieSessionInterface from ldappool import ConnectionManager from cosign import CoSign from ldaptools import LDAPTools app = Flask(__name__) app.config.from_object('config') flask_redis = FlaskRedis(app, 'REDIS') ldap = LDAPTools( ConnectionManager(app.config["LDAP_SERVER"]) ) cosign = CoSign(app) lm = LoginManager(app) lm.login_view = "login" class CustomSessionInterface(SecureCookieSessionInterface): """Prevent creating session from API requests.""" def save_session(self, *args, **kwargs): return app.session_interface = CustomSessionInterface() @lm.request_loader
from ldappool import ConnectionManager import ldap import redis import json from flask import request, redirect, url_for from flask_login import login_user # own stuff import auth.auth import settings # Connection Manager cm = ConnectionManager(settings.data['auth']['ldap']['server'], settings.data['auth']['ldap']['binddn'], settings.data['auth']['ldap']['bindpw']) # Redis red = redis.Redis(**settings.data['redis']) class AuthMechanism(auth.auth.AuthMechanism): @staticmethod def login(User, userprefix=""): if request.method == 'GET': return auth.auth.render_login(showUsername=True, showPassword=True) # Check if there is data to login the user if 'username' in request.form.keys( ) and 'password' in request.form.keys(): username = request.form['username']