1783 |
1783 |
return new_results
|
1784 |
1784 |
|
1785 |
1785 |
@classmethod
|
1786 |
|
def get_connections(cls, block, credentials=()):
|
|
1786 |
def get_connections(cls, block, credentials=(), raises=False):
|
1787 |
1787 |
'''Try each replicas, and yield successfull connections'''
|
1788 |
1788 |
if not block['url']:
|
1789 |
1789 |
raise ImproperlyConfigured("block['url'] must contain at least one url")
|
... | ... | |
1810 |
1810 |
conn.set_option(ldap.OPT_REFERRALS, 1 if block['referrals'] else 0)
|
1811 |
1811 |
# allow TLS options to be applied
|
1812 |
1812 |
conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
|
|
1813 |
errmsg = None
|
1813 |
1814 |
try:
|
1814 |
1815 |
if not url.startswith('ldaps://') and block['use_tls']:
|
1815 |
1816 |
try:
|
1816 |
1817 |
conn.start_tls_s()
|
1817 |
1818 |
except ldap.CONNECT_ERROR:
|
1818 |
|
log.error(
|
1819 |
|
'connection to %r failed when activating TLS, did you forget to declare the TLS'
|
1820 |
|
' certificate in /etc/ldap/ldap.conf ?',
|
1821 |
|
url,
|
1822 |
|
)
|
1823 |
|
continue
|
|
1819 |
error = (
|
|
1820 |
'connection to %r failed when activating TLS, did you forget to '
|
|
1821 |
'declare the TLS certificate in /etc/ldap/ldap.conf ?'
|
|
1822 |
) % url
|
|
1823 |
log.error(errmsg)
|
1824 |
1824 |
except ldap.TIMEOUT:
|
1825 |
|
log.error('connection to %r timed out', url)
|
1826 |
|
continue
|
|
1825 |
errmsg = 'connection to %r timed out' % url
|
|
1826 |
log.error(errmsg)
|
1827 |
1827 |
except ldap.CONNECT_ERROR:
|
1828 |
|
log.error(
|
1829 |
|
'connection to %r failed when activating TLS, did you forget to declare the TLS'
|
1830 |
|
' certificate in /etc/ldap/ldap.conf ?',
|
1831 |
|
url,
|
1832 |
|
)
|
1833 |
|
continue
|
|
1828 |
errmsg = (
|
|
1829 |
'connection to %r failed when activating TLS, did you forget to declare '
|
|
1830 |
'the TLS certificate in /etc/ldap/ldap.conf ?'
|
|
1831 |
) % url
|
|
1832 |
log.error(errmsg)
|
1834 |
1833 |
except ldap.SERVER_DOWN:
|
|
1834 |
errmsg = 'ldap %r is down' % url
|
1835 |
1835 |
if block['replicas']:
|
1836 |
|
log.warning('ldap %r is down', url)
|
|
1836 |
log.warning(errmsg)
|
1837 |
1837 |
else:
|
1838 |
|
log.error('ldap %r is down', url)
|
1839 |
|
continue
|
|
1838 |
log.error(errmsg)
|
|
1839 |
if errmsg:
|
|
1840 |
if raises:
|
|
1841 |
raise ldap.LDAPError(errmsg)
|
|
1842 |
else:
|
|
1843 |
continue
|
1840 |
1844 |
user_credentials = block['connect_with_user_credentials'] and credentials
|
1841 |
1845 |
success, error = cls.bind(block, conn, credentials=user_credentials)
|
1842 |
1846 |
if success:
|
1843 |
1847 |
yield conn
|
1844 |
1848 |
else:
|
|
1849 |
errmsg = 'admin bind failed on %s: %s' % (url, error)
|
1845 |
1850 |
if block['replicas']:
|
1846 |
|
log.warning('admin bind failed on %s: %s', url, error)
|
|
1851 |
log.warning(errmsg)
|
1847 |
1852 |
else:
|
1848 |
|
log.error('admin bind failed on %s: %s', url, error)
|
|
1853 |
log.error(errmsg)
|
|
1854 |
if raises:
|
|
1855 |
raise ldap.LDAPError(errmsg)
|
1849 |
1856 |
|
1850 |
1857 |
@classmethod
|
1851 |
1858 |
def bind(cls, block, conn, credentials=()):
|
... | ... | |
1901 |
1908 |
return False, 'ldap is down'
|
1902 |
1909 |
|
1903 |
1910 |
@classmethod
|
1904 |
|
def get_connection(cls, block, credentials=()):
|
|
1911 |
def get_connection(cls, block, credentials=(), raises=False):
|
1905 |
1912 |
'''Try to get at least one connection'''
|
1906 |
|
for conn in cls.get_connections(block, credentials=credentials):
|
|
1913 |
errors = []
|
|
1914 |
conn = None
|
|
1915 |
while True:
|
|
1916 |
try:
|
|
1917 |
conn = next(cls.get_connections(block, credentials=credentials, raises=raises))
|
|
1918 |
except ldap.LDAPError as e:
|
|
1919 |
errors.append(e)
|
|
1920 |
except StopIteration:
|
|
1921 |
break
|
|
1922 |
else:
|
|
1923 |
if conn:
|
|
1924 |
break
|
|
1925 |
if conn:
|
1907 |
1926 |
return conn
|
|
1927 |
elif raises:
|
|
1928 |
raise ldap.LDAPError(' – '.join(errors))
|
1908 |
1929 |
return None
|
1909 |
1930 |
|
1910 |
1931 |
@classmethod
|
1911 |
|
-
|