fixup! Throw away previous async model implementation
This commit is contained in:
parent
2932957afb
commit
c0d835d8d1
|
@ -1,59 +0,0 @@
|
|||
from threading import Lock
|
||||
from ldap3.utils.log import set_library_log_detail_level, PROTOCOL
|
||||
|
||||
from phi.logging import get_logger
|
||||
from phi.ldap.connection import make_connection
|
||||
from phi.ldap.connection import open_connection, close_connection
|
||||
|
||||
log = get_logger(__name__)
|
||||
set_library_log_detail_level(PROTOCOL)
|
||||
|
||||
|
||||
class Client:
|
||||
def __init__(self,
|
||||
host=None, port=389,
|
||||
encryption=None, ciphers=None, validate=False, ca_certs=None,
|
||||
username=None, password=None,
|
||||
base_dn=None,
|
||||
attribute_id='uid', attribute_mail='mail'):
|
||||
log.info("Initializing LDAP Client.")
|
||||
|
||||
self.host = host
|
||||
self.port = port
|
||||
|
||||
self.encryption = encryption
|
||||
self.ciphers = ciphers
|
||||
self.validate = validate
|
||||
self.ca_certs = ca_certs
|
||||
|
||||
self.username = username
|
||||
self.password = password
|
||||
|
||||
self.base_dn = base_dn
|
||||
|
||||
self.attribute_id = attribute_id
|
||||
self.attribute_mail = attribute_mail
|
||||
|
||||
self.connection_lock = Lock()
|
||||
self.connection = make_connection(host=self.host, port=self.port,
|
||||
encryption=self.encryption,
|
||||
ciphers=self.ciphers,
|
||||
validate=self.validate,
|
||||
ca_certs=self.ca_certs,
|
||||
username=self.username,
|
||||
password=self.password)
|
||||
|
||||
def open(self):
|
||||
self.connection_lock.acquire()
|
||||
if self.connection.closed is True:
|
||||
open_connection(self.connection)
|
||||
self.connection_lock.release()
|
||||
else:
|
||||
self.connection_lock.release()
|
||||
raise Exception("Trying to open a connection, "
|
||||
"but it is already open.")
|
||||
|
||||
def close(self):
|
||||
self.connection_lock.acquire()
|
||||
close_connection(self.connection)
|
||||
self.connection_lock.release()
|
|
@ -1,59 +0,0 @@
|
|||
from ssl import CERT_REQUIRED, PROTOCOL_TLSv1_2
|
||||
from ldap3 import Tls, Server, Connection, ASYNC
|
||||
|
||||
from phi.logging import get_logger
|
||||
|
||||
log = get_logger(__name__)
|
||||
|
||||
|
||||
def make_connection(host=None, port=389,
|
||||
encryption=None, ciphers=None, validate=False,
|
||||
ca_certs=None, username=None, password=None):
|
||||
# TLSv1.2 is supported since Python 3.4
|
||||
if encryption is None:
|
||||
log.warning("The connection to the LDAP server will not be encrypted.")
|
||||
tls = None
|
||||
elif encryption == "TLSv1.2":
|
||||
log.info("The connection to the LDAP server will use TLSv1.2.")
|
||||
tls = Tls(version=PROTOCOL_TLSv1_2)
|
||||
else:
|
||||
raise NotImplementedError("Sorry, use TLSv1.2.")
|
||||
|
||||
if encryption is not None and ciphers is not None:
|
||||
log.info("The connection to the LDAP server will use the "
|
||||
"following ciphers: {}".format(ciphers))
|
||||
tls.ciphers = ciphers
|
||||
|
||||
if encryption is not None and validate is True:
|
||||
log.info("The certificate hostname will be checked to match the "
|
||||
"remote hostname.")
|
||||
tls.validate = CERT_REQUIRED
|
||||
|
||||
if encryption is not None and validate is True and ca_certs is not None:
|
||||
log.info("Using the following CA certificates: {}"
|
||||
.format(ca_certs))
|
||||
tls.ca_certs_file = ca_certs
|
||||
|
||||
server = Server(host=host, port=port, tls=tls)
|
||||
connection = Connection(server, user=username, password=password,
|
||||
client_strategy=ASYNC)
|
||||
|
||||
return connection
|
||||
|
||||
|
||||
def open_connection(connection):
|
||||
log.info("Opening connection to LDAP server.")
|
||||
connection.open()
|
||||
|
||||
if connection.server.tls is not None and connection.server.ssl is False:
|
||||
log.info("Issuing StartTLS command.")
|
||||
connection.start_tls()
|
||||
|
||||
log.info("Issuing BIND command.")
|
||||
connection.bind()
|
||||
|
||||
|
||||
def close_connection(connection):
|
||||
log.info("Closing connection to LDAP server.")
|
||||
log.info("Issuing UNBIND command.")
|
||||
connection.unbind()
|
|
@ -1,36 +0,0 @@
|
|||
from ldap3 import ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES
|
||||
|
||||
from phi.logging import get_logger
|
||||
|
||||
log = get_logger(__name__)
|
||||
|
||||
|
||||
def get_entry_by_uid(client, uid):
|
||||
log.info("Searching entry with identifier: {}".format(uid))
|
||||
|
||||
filter_ = "({}={})".format(client.attribute_id, uid)
|
||||
log.debug("Search filter: {}".format(filter_))
|
||||
|
||||
response_id = client.connection.search(
|
||||
client.base_dn, filter_,
|
||||
search_scope='SUBTREE',
|
||||
attributes=[ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES]
|
||||
)
|
||||
|
||||
response, result, request = client.connection.get_response(
|
||||
response_id, get_request=True
|
||||
)
|
||||
|
||||
log.debug("Request: {}".format(request))
|
||||
log.debug("Response: {}".format(response))
|
||||
log.debug("Result: {}".format(result))
|
||||
|
||||
if not response:
|
||||
return None
|
||||
|
||||
if response[1:]:
|
||||
log.error("Looking for exactly one result but server gave {}. "
|
||||
"Taking the first and ignoring the rest."
|
||||
.format(len(response)))
|
||||
|
||||
return response[0]
|
|
@ -1,26 +0,0 @@
|
|||
from phi.ldap.entry import get_entry_by_uid
|
||||
from phi.ldap.utils import flatten_attributes
|
||||
|
||||
|
||||
def user_attributes_mapping(client):
|
||||
return {
|
||||
client.attribute_id: "uid",
|
||||
client.attribute_mail: "mail",
|
||||
"createTimestamp": "created_at",
|
||||
"modifyTimestamp": "modified_at",
|
||||
}
|
||||
|
||||
|
||||
def get_user_by_uid(client, uid):
|
||||
entry = get_entry_by_uid(client, uid)
|
||||
|
||||
if not entry:
|
||||
return None
|
||||
|
||||
mapping = user_attributes_mapping(client)
|
||||
|
||||
user = {
|
||||
mapping[k]: v for k, v in entry["attributes"].items() if k in mapping.keys()
|
||||
}
|
||||
|
||||
return flatten_attributes(user)
|
|
@ -1,3 +0,0 @@
|
|||
def flatten_attributes(d):
|
||||
return {k: (v[0] if isinstance(v, list) else v)
|
||||
for k, v in d.items()}
|
Loading…
Reference in New Issue
Block a user