Don't call start_tls_s() twice
pyldap's start_tls_s function calls ldap_start_tls_s[1] which, if called twice, returns LDAP_LOCAL_ERROR which causes a LDAP queries to fail with the traceback: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 258, in _create_connector self._bind(conn, bind, passwd) File "/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 227, in _bind conn.start_tls_s() File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 1095, in start_tls_s res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs) File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 1071, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 780, in start_tls_s return self._ldap_call(self._l.start_tls_s) File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 263, in _ldap_call result = func(*args,**kwargs) LOCAL_ERROR: {'desc': u'Local error'} This means that currently keystone's [ldap]/use_pool and [ldap]/use_tls options are incompatible. This patch fixes the problem by removing the unnecessary call. [1] https://linux.die.net/man/3/ldap_start_tls_s Change-Id: I6baff12bcbd3b110e62f4bcdfb97c561d7ee5fe9
This commit is contained in:
parent
0016814c3d
commit
53565dfd97
|
@ -221,7 +221,6 @@ class ConnectionManager(object):
|
|||
raise BackendError('Could not activate TLS on established '
|
||||
'connection with %s' % self.uri,
|
||||
backend=conn)
|
||||
conn.start_tls_s()
|
||||
|
||||
if bind is not None:
|
||||
conn.simple_bind_s(bind, passwd)
|
||||
|
|
|
@ -55,14 +55,25 @@ def _bind_fails2(self, who='', cred='', **kw):
|
|||
raise ldap.SERVER_DOWN('LDAP connection invalid')
|
||||
|
||||
|
||||
def _start_tls_s(self):
|
||||
if self.start_tls_already_called_flag:
|
||||
raise ldap.LOCAL_ERROR
|
||||
else:
|
||||
self.start_tls_already_called_flag = True
|
||||
|
||||
|
||||
class TestLDAPConnection(unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
self.old = ldappool.StateConnector.simple_bind_s
|
||||
ldappool.StateConnector.simple_bind_s = _bind
|
||||
self.old_start_tls_s = ldappool.StateConnector.start_tls_s
|
||||
ldappool.StateConnector.start_tls_s = _start_tls_s
|
||||
ldappool.StateConnector.start_tls_already_called_flag = False
|
||||
|
||||
def tearDown(self):
|
||||
ldappool.StateConnector.simple_bind_s = self.old
|
||||
ldappool.StateConnector.start_tls_s = self.old_start_tls_s
|
||||
|
||||
def test_connection(self):
|
||||
uri = ''
|
||||
|
@ -115,6 +126,15 @@ class TestLDAPConnection(unittest.TestCase):
|
|||
self.assertFalse(cm._pool[0].active)
|
||||
self.assertFalse(cm._pool[1].active)
|
||||
|
||||
def test_tls_connection(self):
|
||||
uri = ''
|
||||
dn = 'uid=adminuser,ou=logins,dc=mozilla'
|
||||
passwd = 'adminuser'
|
||||
cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True,
|
||||
size=2, use_tls=True)
|
||||
with cm.connection():
|
||||
pass
|
||||
|
||||
def test_simple_bind_fails(self):
|
||||
unbinds = []
|
||||
|
||||
|
|
Loading…
Reference in New Issue