53565dfd97
pyldap's start_tls_s function calls ldap_start_tls_s[1] which, if called
twice, returns LDAP_LOCAL_ERROR which causes a LDAP queries to fail with
the traceback:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 258, in _create_connector
self._bind(conn, bind, passwd)
File "/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 227, in _bind
conn.start_tls_s()
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 1095, in start_tls_s
res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 1071, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 780, in start_tls_s
return self._ldap_call(self._l.start_tls_s)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 263, in _ldap_call
result = func(*args,**kwargs)
LOCAL_ERROR: {'desc': u'Local error'}
This means that currently keystone's [ldap]/use_pool and [ldap]/use_tls
options are incompatible. This patch fixes the problem by removing the
unnecessary call.
[1] https://linux.die.net/man/3/ldap_start_tls_s
Change-Id: I6baff12bcbd3b110e62f4bcdfb97c561d7ee5fe9
|
||
|---|---|---|
| doc | ||
| ldappool | ||
| tools | ||
| .gitignore | ||
| .gitreview | ||
| .testr.conf | ||
| CHANGES.rst | ||
| CONTRIBUTORS | ||
| MANIFEST.in | ||
| README.rst | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
README.rst
ldappool
A simple connector pool for pyldap.
The pool keeps LDAP connectors alive and let you reuse them, drastically reducing the time spent to initiate a ldap connection.
The pool has useful features like:
- transparent reconnection on failures or server restarts
- configurable pool size and connectors timeouts
- configurable max lifetime for connectors
- a context manager to simplify acquiring and releasing a connector
You need pyldap in order to use this library
Quickstart
To work with the pool, you just need to create it, then use it as a context manager with the connection method:
from ldappool import ConnectionManager
cm = ConnectionManager('ldap://localhost')
with cm.connection('uid=adminuser,ou=logins,dc=mozilla', 'password') as conn:
.. do something with conn ..The connector returned by connection is a LDAPObject, that's binded to the server. See https://github.com/pyldap/pyldap/ for details on how to use a connector.
ConnectionManager options
Here are the options you can use when instanciating the pool:
- uri: ldap server uri [mandatory]
- bind: default bind that will be used to bind a connector. default: None
- passwd: default password that will be used to bind a connector. default: None
- size: pool size. default: 10
- retry_max: number of attempts when a server is down. default: 3
- retry_delay: delay in seconds before a retry. default: .1
- use_tls: activate TLS when connecting. default: False
- timeout: connector timeout. default: -1
- use_pool: activates the pool. If False, will recreate a connector each time. default: True
The connection method takes two options:
- bind: bind used to connect. If None, uses the pool default's. default: None
- passwd: password used to connect. If None, uses the pool default's. default: None
History
Prior to v2.0.0 ldappool required
python-ldap. As of v2.0.0 this library now required
pyldap, a python 3 compatible fork of
python-ldap.