sources/ldap: set connect/receive timeout (default to 15s)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
8003d67844
commit
4a773b2b4f
|
@ -7,7 +7,7 @@ from structlog.stdlib import get_logger
|
|||
|
||||
from authentik.core.auth import InbuiltBackend
|
||||
from authentik.core.models import User
|
||||
from authentik.sources.ldap.models import LDAPSource
|
||||
from authentik.sources.ldap.models import LDAP_TIMEOUT, LDAPSource
|
||||
|
||||
LOGGER = get_logger()
|
||||
LDAP_DISTINGUISHED_NAME = "distinguishedName"
|
||||
|
@ -62,6 +62,7 @@ class LDAPBackend(InbuiltBackend):
|
|||
user=user.attributes.get(LDAP_DISTINGUISHED_NAME),
|
||||
password=password,
|
||||
raise_exceptions=True,
|
||||
receive_timeout=LDAP_TIMEOUT,
|
||||
)
|
||||
temp_connection.bind()
|
||||
return user
|
||||
|
|
|
@ -9,6 +9,8 @@ from rest_framework.serializers import Serializer
|
|||
from authentik.core.models import Group, PropertyMapping, Source
|
||||
from authentik.lib.models import DomainlessURLValidator
|
||||
|
||||
LDAP_TIMEOUT = 15
|
||||
|
||||
|
||||
class LDAPSource(Source):
|
||||
"""Federate LDAP Directory with authentik, or create new accounts in LDAP."""
|
||||
|
@ -86,12 +88,13 @@ class LDAPSource(Source):
|
|||
def connection(self) -> Connection:
|
||||
"""Get a fully connected and bound LDAP Connection"""
|
||||
if not self._connection:
|
||||
server = Server(self.server_uri, get_info=ALL)
|
||||
server = Server(self.server_uri, get_info=ALL, connect_timeout=LDAP_TIMEOUT)
|
||||
self._connection = Connection(
|
||||
server,
|
||||
raise_exceptions=True,
|
||||
user=self.bind_cn,
|
||||
password=self.bind_password,
|
||||
receive_timeout=LDAP_TIMEOUT,
|
||||
)
|
||||
|
||||
self._connection.bind()
|
||||
|
|
Reference in New Issue