sources/ldap: set connect/receive timeout (default to 15s)

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-09 22:27:58 +01:00 · 2021-11-09 22:27:58 +01:00 · 4a773b2b4f
parent 8003d67844
commit 4a773b2b4f
2 changed files with 6 additions and 2 deletions
--- a/authentik/sources/ldap/auth.py
+++ b/authentik/sources/ldap/auth.py
@ -7,7 +7,7 @@ from structlog.stdlib import get_logger

 from authentik.core.auth import InbuiltBackend
 from authentik.core.models import User
-from authentik.sources.ldap.models import LDAPSource
+from authentik.sources.ldap.models import LDAP_TIMEOUT, LDAPSource

 LOGGER = get_logger()
 LDAP_DISTINGUISHED_NAME = "distinguishedName"
@ -62,6 +62,7 @@ class LDAPBackend(InbuiltBackend):
                user=user.attributes.get(LDAP_DISTINGUISHED_NAME),
                password=password,
                raise_exceptions=True,
+                receive_timeout=LDAP_TIMEOUT,
            )
            temp_connection.bind()
            return user
--- a/authentik/sources/ldap/models.py
+++ b/authentik/sources/ldap/models.py
@ -9,6 +9,8 @@ from rest_framework.serializers import Serializer
 from authentik.core.models import Group, PropertyMapping, Source
 from authentik.lib.models import DomainlessURLValidator

+LDAP_TIMEOUT = 15
+

 class LDAPSource(Source):
    """Federate LDAP Directory with authentik, or create new accounts in LDAP."""
@ -86,12 +88,13 @@ class LDAPSource(Source):
    def connection(self) -> Connection:
        """Get a fully connected and bound LDAP Connection"""
        if not self._connection:
-            server = Server(self.server_uri, get_info=ALL)
+            server = Server(self.server_uri, get_info=ALL, connect_timeout=LDAP_TIMEOUT)
            self._connection = Connection(
                server,
                raise_exceptions=True,
                user=self.bind_cn,
                password=self.bind_password,
+                receive_timeout=LDAP_TIMEOUT,
            )

            self._connection.bind()