mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
ipaldap: remove wait/timeout during binds
Testing whether it is possible to connect to directory server is already done in RedHatDirectoryService.restart(). https://fedorahosted.org/freeipa/ticket/6461 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Tomas Krizek
Martin Basti
parent
f12abfb852
commit
5760b7e983
@ -81,7 +81,7 @@ class KDCProxyConfig(object):
|
|||||||
self.con = IPAdmin(ldap_uri=self.ldap_uri)
|
self.con = IPAdmin(ldap_uri=self.ldap_uri)
|
||||||
# EXTERNAL bind as root user
|
# EXTERNAL bind as root user
|
||||||
self.con.ldapi = True
|
self.con.ldapi = True
|
||||||
self.con.do_bind(timeout=self.time_limit)
|
self.con.do_bind()
|
||||||
except (errors.NetworkError, socket.timeout) as e:
|
except (errors.NetworkError, socket.timeout) as e:
|
||||||
msg = 'Unable to connect to dirsrv: %s' % e
|
msg = 'Unable to connect to dirsrv: %s' % e
|
||||||
raise CheckError(msg)
|
raise CheckError(msg)
|
||||||
|
|||||||
@ -32,13 +32,11 @@ import ldap
|
|||||||
import ldap.sasl
|
import ldap.sasl
|
||||||
import ldap.filter
|
import ldap.filter
|
||||||
from ldap.controls import SimplePagedResultsControl
|
from ldap.controls import SimplePagedResultsControl
|
||||||
import ldapurl
|
|
||||||
import six
|
import six
|
||||||
|
|
||||||
from ipalib import errors, _
|
from ipalib import errors, _
|
||||||
from ipalib.constants import LDAP_GENERALIZED_TIME_FORMAT
|
from ipalib.constants import LDAP_GENERALIZED_TIME_FORMAT
|
||||||
from ipapython.ipautil import (
|
from ipapython.ipautil import format_netloc, CIDict
|
||||||
format_netloc, wait_for_open_socket, wait_for_open_ports, CIDict)
|
|
||||||
from ipapython.ipa_log_manager import log_mgr
|
from ipapython.ipa_log_manager import log_mgr
|
||||||
from ipapython.dn import DN
|
from ipapython.dn import DN
|
||||||
from ipapython.dnsutil import DNSName
|
from ipapython.dnsutil import DNSName
|
||||||
@ -50,7 +48,6 @@ if six.PY3:
|
|||||||
# Global variable to define SASL auth
|
# Global variable to define SASL auth
|
||||||
SASL_GSSAPI = ldap.sasl.sasl({}, 'GSSAPI')
|
SASL_GSSAPI = ldap.sasl.sasl({}, 'GSSAPI')
|
||||||
|
|
||||||
DEFAULT_TIMEOUT = 10
|
|
||||||
_debug_log_ldap = False
|
_debug_log_ldap = False
|
||||||
|
|
||||||
_missing = object()
|
_missing = object()
|
||||||
@ -1633,48 +1630,25 @@ class IPAdmin(LDAPClient):
|
|||||||
def __str__(self):
|
def __str__(self):
|
||||||
return self.host + ":" + str(self.port)
|
return self.host + ":" + str(self.port)
|
||||||
|
|
||||||
def __wait_for_connection(self, timeout):
|
def do_simple_bind(self, binddn=DN(('cn', 'directory manager')),
|
||||||
lurl = ldapurl.LDAPUrl(self.ldap_uri)
|
bindpw=""):
|
||||||
if lurl.urlscheme == 'ldapi':
|
self.simple_bind(binddn, bindpw)
|
||||||
wait_for_open_socket(lurl.hostport, timeout)
|
|
||||||
else:
|
|
||||||
(host,port) = lurl.hostport.split(':')
|
|
||||||
wait_for_open_ports(host, int(port), timeout)
|
|
||||||
|
|
||||||
def __bind_with_wait(self, bind_func, timeout, *args, **kwargs):
|
def do_sasl_gssapi_bind(self):
|
||||||
try:
|
self.gssapi_bind()
|
||||||
bind_func(*args, **kwargs)
|
|
||||||
except errors.NetworkError as e:
|
|
||||||
if not timeout and 'TLS' in e.error:
|
|
||||||
# No connection to continue on if we have a TLS failure
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=784989
|
|
||||||
raise
|
|
||||||
except errors.DatabaseError:
|
|
||||||
pass
|
|
||||||
else:
|
|
||||||
return
|
|
||||||
self.__wait_for_connection(timeout)
|
|
||||||
bind_func(*args, **kwargs)
|
|
||||||
|
|
||||||
def do_simple_bind(self, binddn=DN(('cn', 'directory manager')), bindpw="",
|
def do_external_bind(self, user_name=None):
|
||||||
timeout=DEFAULT_TIMEOUT):
|
self.external_bind(user_name)
|
||||||
self.__bind_with_wait(self.simple_bind, timeout, binddn, bindpw)
|
|
||||||
|
|
||||||
def do_sasl_gssapi_bind(self, timeout=DEFAULT_TIMEOUT):
|
def do_bind(self, dm_password="", autobind=AUTOBIND_AUTO):
|
||||||
self.__bind_with_wait(self.gssapi_bind, timeout)
|
|
||||||
|
|
||||||
def do_external_bind(self, user_name=None, timeout=DEFAULT_TIMEOUT):
|
|
||||||
self.__bind_with_wait(self.external_bind, timeout, user_name)
|
|
||||||
|
|
||||||
def do_bind(self, dm_password="", autobind=AUTOBIND_AUTO, timeout=DEFAULT_TIMEOUT):
|
|
||||||
if dm_password:
|
if dm_password:
|
||||||
self.do_simple_bind(bindpw=dm_password, timeout=timeout)
|
self.do_simple_bind(bindpw=dm_password)
|
||||||
return
|
return
|
||||||
if autobind != AUTOBIND_DISABLED and os.getegid() == 0 and self.ldapi:
|
if autobind != AUTOBIND_DISABLED and os.getegid() == 0 and self.ldapi:
|
||||||
try:
|
try:
|
||||||
# autobind
|
# autobind
|
||||||
pw_name = pwd.getpwuid(os.geteuid()).pw_name
|
pw_name = pwd.getpwuid(os.geteuid()).pw_name
|
||||||
self.do_external_bind(pw_name, timeout=timeout)
|
self.do_external_bind(pw_name)
|
||||||
return
|
return
|
||||||
except errors.NotFound:
|
except errors.NotFound:
|
||||||
if autobind == AUTOBIND_ENABLED:
|
if autobind == AUTOBIND_ENABLED:
|
||||||
@ -1683,7 +1657,7 @@ class IPAdmin(LDAPClient):
|
|||||||
raise
|
raise
|
||||||
|
|
||||||
#fall back
|
#fall back
|
||||||
self.do_sasl_gssapi_bind(timeout=timeout)
|
self.do_sasl_gssapi_bind()
|
||||||
|
|
||||||
def modify_s(self, dn, modlist):
|
def modify_s(self, dn, modlist):
|
||||||
# FIXME: for backwards compatibility only
|
# FIXME: for backwards compatibility only
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user