Don't call start_tls_s() twice

pyldap's start_tls_s function calls ldap_start_tls_s[1] which, if called twice, returns LDAP_LOCAL_ERROR which causes a LDAP queries to fail with the traceback: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 258, in _create_connector self._bind(conn, bind, passwd) File "/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 227, in _bind conn.start_tls_s() File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 1095, in start_tls_s res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs) File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 1071, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 780, in start_tls_s return self._ldap_call(self._l.start_tls_s) File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 263, in _ldap_call result = func(*args,**kwargs) LOCAL_ERROR: {'desc': u'Local error'} This means that currently keystone's [ldap]/use_pool and [ldap]/use_tls options are incompatible. This patch fixes the problem by removing the unnecessary call. [1] https://linux.die.net/man/3/ldap_start_tls_s Change-Id: I6baff12bcbd3b110e62f4bcdfb97c561d7ee5fe9
2017-03-08 19:15:02 +01:00 · 2017-03-08 19:15:02 +01:00 · 53565dfd97
parent 0016814c3d
commit 53565dfd97
2 changed files with 20 additions and 1 deletions
--- a/ldappool/init.py
+++ b/ldappool/init.py
@ -221,7 +221,6 @@ class ConnectionManager(object):
                raise BackendError('Could not activate TLS on established '
                                   'connection with %s' % self.uri,
                                   backend=conn)
-            conn.start_tls_s()

        if bind is not None:
            conn.simple_bind_s(bind, passwd)
--- a/ldappool/tests/test_ldapconnection.py
+++ b/ldappool/tests/test_ldapconnection.py
@ -55,14 +55,25 @@ def _bind_fails2(self, who='', cred='', **kw):
    raise ldap.SERVER_DOWN('LDAP connection invalid')


+def _start_tls_s(self):
+    if self.start_tls_already_called_flag:
+        raise ldap.LOCAL_ERROR
+    else:
+        self.start_tls_already_called_flag = True
+
+
 class TestLDAPConnection(unittest.TestCase):

    def setUp(self):
        self.old = ldappool.StateConnector.simple_bind_s
        ldappool.StateConnector.simple_bind_s = _bind
+        self.old_start_tls_s = ldappool.StateConnector.start_tls_s
+        ldappool.StateConnector.start_tls_s = _start_tls_s
+        ldappool.StateConnector.start_tls_already_called_flag = False

    def tearDown(self):
        ldappool.StateConnector.simple_bind_s = self.old
+        ldappool.StateConnector.start_tls_s = self.old_start_tls_s

    def test_connection(self):
        uri = ''
@ -115,6 +126,15 @@ class TestLDAPConnection(unittest.TestCase):
        self.assertFalse(cm._pool[0].active)
        self.assertFalse(cm._pool[1].active)

+    def test_tls_connection(self):
+        uri = ''
+        dn = 'uid=adminuser,ou=logins,dc=mozilla'
+        passwd = 'adminuser'
+        cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True,
+                                        size=2, use_tls=True)
+        with cm.connection():
+            pass
+
    def test_simple_bind_fails(self):
        unbinds = []