do not use a global LDAP connection, open it for each request

2016-04-22 11:01:56 +02:00 · 2016-04-22 11:01:56 +02:00 · c136f67de6
parent 3677cd0c19
commit c136f67de6
1 changed files with 18 additions and 11 deletions
--- a/mandaye/backends/ldap_back.py
+++ b/mandaye/backends/ldap_back.py
@ -8,7 +8,6 @@ from datetime import datetime

 from mandaye import config
 from mandaye.log import logger
-from mandaye.backends.default import storage_conn

 def cmp_reverse_last_connection_date(x, y):
        return -cmp(x[1]['lastConnectionDate'][0], y[1]['lastConnectionDate'][0])
@ -28,6 +27,14 @@ class Association(object):
    }
    """

+    @staticmethod
+    def get_conn():
+        import ldap
+        storage_conn = ldap.initialize(config.ldap_url)
+        storage_conn.protocol_version = ldap.VERSION3
+        storage_conn.simple_bind(config.ldap_bind_dn, config.ldap_bind_password)
+        return storage_conn
+
    @staticmethod
    def ldap2association(ldap_object):
        return {
@ -49,7 +56,7 @@ class Association(object):
    def get(sp_name, idp_unique_id, idp_name='default'):
        """ return a list of dict with associations matching all of this options """
        associations = []
-        results = storage_conn.search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
+        results = Association.get_conn().search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
                filterstr='(&(objectClass=MandayeUser)(spName=%s)(idpUniqueID=%s)(idpName=%s))' % (sp_name, idp_unique_id, idp_name))
        for result in results:
            associations.append(Association.ldap2association(result[1]))
@ -59,7 +66,7 @@ class Association(object):
    @staticmethod
    def get_by_id(asso_id):
        """ return a dict of the association with the id or None if it doesn't exist """
-        results = storage_conn.search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
+        results = Association.get_conn().search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
                filterstr='(&(objectClass=MandayeUser)(uniqueID=%s))' %\
                        (asso_id))
        if results:
@ -69,7 +76,7 @@ class Association(object):
    @staticmethod
    def has_id(asso_id):
        """ check the given user is present in the directory """
-        results = storage_conn.search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
+        results = Association.get_conn().search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
                filterstr='(&(objectClass=MandayeUser)(uniqueID=%s))' %\
                        (asso_id))
        if results:
@ -82,7 +89,7 @@ class Association(object):
        """ update or create an associtaion which match the following values
        return the association id
        """
-        results = storage_conn.search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
+        results = Association.get_conn().search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
                filterstr='(&(objectClass=MandayeUser)(spName=%s)(spLogin=%s)(idpUniqueID=%s)(idpName=%s))' %\
                        (sp_name, sp_login, idp_unique_id, idp_name))
        if not results:
@ -102,7 +109,7 @@ class Association(object):
                unique_id = random.randint(1, 5000000)
                dn = "uniqueID=%s,%s" % (unique_id, config.ldap_base_dn)
                try:
-                    result = storage_conn.add_s(dn, mod_list)
+                    result = Association.get_conn().add_s(dn, mod_list)
                except ldap.ALREADY_EXISTS:
                    continue
                break
@ -112,7 +119,7 @@ class Association(object):
            results.sort(cmp_reverse_last_connection_date)
            dn = results[0][0]
            mod_list = [(ldap.MOD_REPLACE, 'spPostValues', json.dumps(sp_post_values))]
-            storage_conn.modify_s(dn, mod_list)
+            Association.get_conn().modify_s(dn, mod_list)
            logger.info("Update post values for %r (%r)", sp_login, idp_unique_id)
            return results[0][1]['uniqueID'][0]

@ -120,7 +127,7 @@ class Association(object):
    def delete(asso_id):
        """ delete the association which has the following asso_id """
        dn = "uniqueID=%s,%s" % (asso_id, config.ldap_base_dn)
-        storage_conn.delete_s(dn)
+        Association.get_conn().delete_s(dn)
        logger.info('Delete %r association', dn)

    @staticmethod
@ -128,7 +135,7 @@ class Association(object):
        """ get the last connecting association which match the parameters
        return a dict of the association
        """
-        results = storage_conn.search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
+        results = Association.get_conn().search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
                filterstr='(&(objectClass=MandayeUser)(spName=%s)(idpUniqueID=%s)(idpName=%s))' % (sp_name, idp_unique_id, idp_name))
        if results:
            results.sort(cmp_reverse_last_connection_date)
@ -143,11 +150,11 @@ class Association(object):
        last_connection = datetime.utcnow().strftime("%Y%m%d%H%M%SZ")
        dn = "uniqueID=%s,%s" % (asso_id, config.ldap_base_dn)
        mod_list = [(ldap.MOD_REPLACE, 'lastConnectionDate', last_connection)]
-        storage_conn.modify_s(dn, mod_list)
+        Association.get_conn().modify_s(dn, mod_list)

    @staticmethod
    def has_sp_login(sp_login, sp_name):
-        results = storage_conn.search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
+        results = Association.get_conn().search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
                filterstr='(&(objectClass=MandayeUser)(spName=%s)(spLogin=%s))' %\
                        (sp_name, sp_login))
        if results: