sources/ldap: don't cache LDAP Connection, use random server
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
83ac42ac43
commit
ac432e78e2
|
@ -58,7 +58,7 @@ class LDAPBackend(InbuiltBackend):
|
||||||
LOGGER.debug("Attempting Binding as user", user=user)
|
LOGGER.debug("Attempting Binding as user", user=user)
|
||||||
try:
|
try:
|
||||||
temp_connection = ldap3.Connection(
|
temp_connection = ldap3.Connection(
|
||||||
source.connection.server,
|
source.server,
|
||||||
user=user.attributes.get(LDAP_DISTINGUISHED_NAME),
|
user=user.attributes.get(LDAP_DISTINGUISHED_NAME),
|
||||||
password=password,
|
password=password,
|
||||||
raise_exceptions=True,
|
raise_exceptions=True,
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
"""authentik LDAP Models"""
|
"""authentik LDAP Models"""
|
||||||
from typing import Optional, Type
|
from typing import Type
|
||||||
|
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from ldap3 import ALL, ROUND_ROBIN, Connection, Server, ServerPool
|
from ldap3 import ALL, RANDOM, Connection, Server, ServerPool
|
||||||
from rest_framework.serializers import Serializer
|
from rest_framework.serializers import Serializer
|
||||||
|
|
||||||
from authentik.core.models import Group, PropertyMapping, Source
|
from authentik.core.models import Group, PropertyMapping, Source
|
||||||
|
@ -93,31 +93,32 @@ class LDAPSource(Source):
|
||||||
|
|
||||||
return LDAPSourceSerializer
|
return LDAPSourceSerializer
|
||||||
|
|
||||||
_connection: Optional[Connection] = None
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def connection(self) -> Connection:
|
def server(self) -> Server:
|
||||||
"""Get a fully connected and bound LDAP Connection"""
|
"""Get LDAP Server/ServerPool"""
|
||||||
if not self._connection:
|
|
||||||
servers = []
|
servers = []
|
||||||
if "," in self.server_uri:
|
if "," in self.server_uri:
|
||||||
for server in self.server_uri.split(","):
|
for server in self.server_uri.split(","):
|
||||||
servers.append(Server(server, get_info=ALL, connect_timeout=LDAP_TIMEOUT))
|
servers.append(Server(server, get_info=ALL, connect_timeout=LDAP_TIMEOUT))
|
||||||
else:
|
else:
|
||||||
servers = [Server(self.server_uri, get_info=ALL, connect_timeout=LDAP_TIMEOUT)]
|
servers = [Server(self.server_uri, get_info=ALL, connect_timeout=LDAP_TIMEOUT)]
|
||||||
pool = ServerPool(servers, ROUND_ROBIN, active=True, exhaust=True)
|
return ServerPool(servers, RANDOM, active=True, exhaust=True)
|
||||||
self._connection = Connection(
|
|
||||||
pool,
|
@property
|
||||||
|
def connection(self) -> Connection:
|
||||||
|
"""Get a fully connected and bound LDAP Connection"""
|
||||||
|
connection = Connection(
|
||||||
|
self.server,
|
||||||
raise_exceptions=True,
|
raise_exceptions=True,
|
||||||
user=self.bind_cn,
|
user=self.bind_cn,
|
||||||
password=self.bind_password,
|
password=self.bind_password,
|
||||||
receive_timeout=LDAP_TIMEOUT,
|
receive_timeout=LDAP_TIMEOUT,
|
||||||
)
|
)
|
||||||
|
|
||||||
self._connection.bind()
|
connection.bind()
|
||||||
if self.start_tls:
|
if self.start_tls:
|
||||||
self._connection.start_tls()
|
connection.start_tls()
|
||||||
return self._connection
|
return connection
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
|
|
Reference in New Issue