def connect(self, bind_dn='', bind_pwd=''): """ initialize an ldap server connection """ conn = None conn_string = '' if bind_dn != '': user_dn = bind_dn user_pwd = bind_pwd or '~' elif self.binduid_usage == 1: user_dn = self.bind_dn user_pwd = self.bind_pwd else: user = getSecurityManager().getUser() if isinstance(user, LDAPUser): user_dn = user.getUserDN() user_pwd = user._getPassword() else: user_dn = user_pwd = '' conn = getResource('%s-connection' % self._hash, str, ()) if not isinstance(conn._type(), str): try: conn.simple_bind_s(user_dn, user_pwd) conn.search_s(self.u_base, self.BASE, '(objectClass=*)') return conn except ( AttributeError , ldap.SERVER_DOWN , ldap.NO_SUCH_OBJECT , ldap.TIMEOUT , ldap.INVALID_CREDENTIALS ): pass e = None for server in self._servers: conn_string = self._createConnectionString(server) try: newconn = self._connect( conn_string , user_dn , user_pwd , conn_timeout=server['conn_timeout'] , op_timeout=server['op_timeout'] ) return newconn except ( ldap.SERVER_DOWN , ldap.TIMEOUT , ldap.INVALID_CREDENTIALS ), e: continue
def connect(self, bind_dn='', bind_pwd=''): """ initialize an ldap server connection """ conn = None conn_string = '' if bind_dn != '': user_dn = bind_dn user_pwd = bind_pwd or '~' elif self.binduid_usage == 1: user_dn = self.bind_dn user_pwd = self.bind_pwd else: user = getSecurityManager().getUser() if isinstance(user, LDAPUser): user_dn = user.getUserDN() user_pwd = user._getPassword() if not user_pwd or user_pwd == 'undef': # This user object did not result from a login user_dn = user_pwd = '' else: user_dn = user_pwd = '' conn = getResource('%s-connection' % self._hash, str, ()) if conn._type() is not str: try: conn.simple_bind_s(user_dn, user_pwd) conn.search_s(self.u_base, self.BASE, '(objectClass=*)') return conn except ( AttributeError , ldap.SERVER_DOWN , ldap.NO_SUCH_OBJECT , ldap.TIMEOUT , ldap.INVALID_CREDENTIALS ), e: logger.exception( 'LDAPDEBUG bind error %s; bind_dn: %s, len(bind_pwd): %s,' ' self.binduid_usage: %s, self.bind_dn: %s, ' 'len(self.bind_pwd): %s, user: %s, ' 'is user instance of LDAPUser?: %s, ' 'user_dn: %s, len(user_pwd): %s, ' 'self.u_base: %s, self.BASE: %s' % ( e, bind_dn, len(bind_pwd), self.binduid_usage, self.bind_dn, len(self.bind_pwd), getSecurityManager().getUser(), isinstance(getSecurityManager().getUser(), LDAPUser), user_dn, len(user_pwd), self.u_base, self.BASE )) pass
def _connect( self , connection_string , user_dn , user_pwd , conn_timeout=5 , op_timeout=-1 ): """ Factored out to allow usage by other pieces """ # Connect to the server to get a raw connection object connection = getResource( '%s-connection' % self._hash , c_factory , (connection_string,) ) if not connection._type is c_factory: connection = c_factory(connection_string) connection_strings = [self._createConnectionString(s) for s in self._servers] if connection_string in connection_strings: # We only reuse a connection if it is in our own configuration # in order to prevent getting "stuck" on a connection created # while dealing with a ldap.REFERRAL exception setResource('%s-connection' % self._hash, connection) # Set the protocol version - version 3 is preferred try: connection.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) except ldap.LDAPError: # Invalid protocol version, fall back safely connection.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION2) # Deny auto-chasing of referrals to be safe, we handle them instead try: connection.set_option(ldap.OPT_REFERRALS, 0) except ldap.LDAPError: # Cannot set referrals, so do nothing pass # Set the connection timeout if conn_timeout > 0: connection.set_option(ldap.OPT_NETWORK_TIMEOUT, conn_timeout) # Set the operations timeout if op_timeout > 0: connection.timeout = op_timeout # Now bind with the credentials given. Let exceptions propagate out. connection.simple_bind_s(user_dn, user_pwd) return connection
def connect(self, bind_dn='', bind_pwd=''): """ initialize an ldap server connection """ conn = None conn_string = '' if bind_dn != '': user_dn = bind_dn user_pwd = bind_pwd or '~' elif self.binduid_usage == 1: user_dn = self.bind_dn user_pwd = self.bind_pwd else: user = getSecurityManager().getUser() if isinstance(user, LDAPUser): user_dn = user.getUserDN() user_pwd = user._getPassword() if not user_pwd or user_pwd == 'undef': # This user object did not result from a login user_dn = user_pwd = '' else: user_dn = user_pwd = '' e = None conn = getResource('%s-connection' % self._hash, str, ()) if (conn._type() != str): try: # Mensajes para calcular tiempos LDAP # logger.error('Consulta a LDAP') # msg = 'Consulta LDAP user_dn: "%s" user_pwd: "%s" search self.u_base: "%s"' % (user_dn, user_pwd, self.u_base) # logger.error(msg) # start_time = time() conn.simple_bind_s(user_dn, user_pwd) conn.search_s(self.u_base, self.BASE, '(objectClass=*)') # elapsed_time = time() - start_time # logger.error('Tiempo consulta: "%s"' %(elapsed_time)) return conn except ( AttributeError , ldap.SERVER_DOWN , ldap.NO_SUCH_OBJECT , ldap.TIMEOUT , ldap.INVALID_CREDENTIALS ), e: pass
def connect(self, bind_dn='', bind_pwd=''): """ initialize an ldap server connection """ conn = None conn_string = '' if bind_dn != '': user_dn = bind_dn user_pwd = bind_pwd or '~' elif self.binduid_usage == 1: user_dn = self.bind_dn user_pwd = self.bind_pwd else: user = getSecurityManager().getUser() if isinstance(user, LDAPUser): user_dn = user.getUserDN() user_pwd = user._getPassword() if not user_pwd or user_pwd == 'undef': # This user object did not result from a login user_dn = user_pwd = '' else: user_dn = user_pwd = '' conn = getResource('%s-connection' % self._hash, str, ()) if conn._type() is not str: try: conn.simple_bind_s(user_dn, user_pwd) conn.search_s(self.u_base, self.BASE, '(objectClass=*)') return conn except (AttributeError, ldap.SERVER_DOWN, ldap.NO_SUCH_OBJECT, ldap.TIMEOUT, ldap.INVALID_CREDENTIALS), e: logger.exception( 'LDAPDEBUG bind error %s; bind_dn: %s, len(bind_pwd): %s,' ' self.binduid_usage: %s, self.bind_dn: %s, ' 'len(self.bind_pwd): %s, user: %s, ' 'is user instance of LDAPUser?: %s, ' 'user_dn: %s, len(user_pwd): %s, ' 'self.u_base: %s, self.BASE: %s' % (e, bind_dn, len(bind_pwd), self.binduid_usage, self.bind_dn, len( self.bind_pwd), getSecurityManager().getUser(), isinstance(getSecurityManager().getUser(), LDAPUser), user_dn, len(user_pwd), self.u_base, self.BASE)) pass
def _cache(self, cache_type='users'): """ Get the specified user cache """ return getResource('%s-%scache' % (self._hash, cache_type), dict, ())
def _cache(self, cache_type='users'): """ Get the specified user cache """ return getResource( '%s-%scache' % (self._hash, cache_type) , dict , () )