From c136f67de69a69f0e161931825512bc1c3cc6ebe Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Fri, 22 Apr 2016 11:01:56 +0200
Subject: [PATCH] do not use a global LDAP connection, open it for each request

---
 mandaye/backends/ldap_back.py | 29 ++++++++++++++++++-----------
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/mandaye/backends/ldap_back.py b/mandaye/backends/ldap_back.py
index de6c6d1..42afed4 100644
--- a/mandaye/backends/ldap_back.py
+++ b/mandaye/backends/ldap_back.py
@@ -8,7 +8,6 @@ from datetime import datetime
 
 from mandaye import config
 from mandaye.log import logger
-from mandaye.backends.default import storage_conn
 
 def cmp_reverse_last_connection_date(x, y):
         return -cmp(x[1]['lastConnectionDate'][0], y[1]['lastConnectionDate'][0])
@@ -28,6 +27,14 @@ class Association(object):
     }
     """
 
+    @staticmethod
+    def get_conn():
+        import ldap
+        storage_conn = ldap.initialize(config.ldap_url)
+        storage_conn.protocol_version = ldap.VERSION3
+        storage_conn.simple_bind(config.ldap_bind_dn, config.ldap_bind_password)
+        return storage_conn
+
     @staticmethod
     def ldap2association(ldap_object):
         return {
@@ -49,7 +56,7 @@ class Association(object):
     def get(sp_name, idp_unique_id, idp_name='default'):
         """ return a list of dict with associations matching all of this options """
         associations = []
-        results = storage_conn.search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
+        results = Association.get_conn().search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
                 filterstr='(&(objectClass=MandayeUser)(spName=%s)(idpUniqueID=%s)(idpName=%s))' % (sp_name, idp_unique_id, idp_name))
         for result in results:
             associations.append(Association.ldap2association(result[1]))
@@ -59,7 +66,7 @@ class Association(object):
     @staticmethod
     def get_by_id(asso_id):
         """ return a dict of the association with the id or None if it doesn't exist """
-        results = storage_conn.search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
+        results = Association.get_conn().search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
                 filterstr='(&(objectClass=MandayeUser)(uniqueID=%s))' %\
                         (asso_id))
         if results:
@@ -69,7 +76,7 @@ class Association(object):
     @staticmethod
     def has_id(asso_id):
         """ check the given user is present in the directory """
-        results = storage_conn.search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
+        results = Association.get_conn().search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
                 filterstr='(&(objectClass=MandayeUser)(uniqueID=%s))' %\
                         (asso_id))
         if results:
@@ -82,7 +89,7 @@ class Association(object):
         """ update or create an associtaion which match the following values
         return the association id
         """
-        results = storage_conn.search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
+        results = Association.get_conn().search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
                 filterstr='(&(objectClass=MandayeUser)(spName=%s)(spLogin=%s)(idpUniqueID=%s)(idpName=%s))' %\
                         (sp_name, sp_login, idp_unique_id, idp_name))
         if not results:
@@ -102,7 +109,7 @@ class Association(object):
                 unique_id = random.randint(1, 5000000)
                 dn = "uniqueID=%s,%s" % (unique_id, config.ldap_base_dn)
                 try:
-                    result = storage_conn.add_s(dn, mod_list)
+                    result = Association.get_conn().add_s(dn, mod_list)
                 except ldap.ALREADY_EXISTS:
                     continue
                 break
@@ -112,7 +119,7 @@ class Association(object):
             results.sort(cmp_reverse_last_connection_date)
             dn = results[0][0]
             mod_list = [(ldap.MOD_REPLACE, 'spPostValues', json.dumps(sp_post_values))]
-            storage_conn.modify_s(dn, mod_list)
+            Association.get_conn().modify_s(dn, mod_list)
             logger.info("Update post values for %r (%r)", sp_login, idp_unique_id)
             return results[0][1]['uniqueID'][0]
 
@@ -120,7 +127,7 @@ class Association(object):
     def delete(asso_id):
         """ delete the association which has the following asso_id """
         dn = "uniqueID=%s,%s" % (asso_id, config.ldap_base_dn)
-        storage_conn.delete_s(dn)
+        Association.get_conn().delete_s(dn)
         logger.info('Delete %r association', dn)
 
     @staticmethod
@@ -128,7 +135,7 @@ class Association(object):
         """ get the last connecting association which match the parameters
         return a dict of the association
         """
-        results = storage_conn.search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
+        results = Association.get_conn().search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
                 filterstr='(&(objectClass=MandayeUser)(spName=%s)(idpUniqueID=%s)(idpName=%s))' % (sp_name, idp_unique_id, idp_name))
         if results:
             results.sort(cmp_reverse_last_connection_date)
@@ -143,11 +150,11 @@ class Association(object):
         last_connection = datetime.utcnow().strftime("%Y%m%d%H%M%SZ")
         dn = "uniqueID=%s,%s" % (asso_id, config.ldap_base_dn)
         mod_list = [(ldap.MOD_REPLACE, 'lastConnectionDate', last_connection)]
-        storage_conn.modify_s(dn, mod_list)
+        Association.get_conn().modify_s(dn, mod_list)
 
     @staticmethod
     def has_sp_login(sp_login, sp_name):
-        results = storage_conn.search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
+        results = Association.get_conn().search_s(config.ldap_base_dn, ldap.SCOPE_ONELEVEL,
                 filterstr='(&(objectClass=MandayeUser)(spName=%s)(spLogin=%s))' %\
                         (sp_name, sp_login))
         if results: