sources/ldap: don't cache LDAP Connection, use random server

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-02 21:11:55 +01:00
parent 83ac42ac43
commit ac432e78e2
2 changed files with 24 additions and 23 deletions

View File

@ -58,7 +58,7 @@ class LDAPBackend(InbuiltBackend):
LOGGER.debug("Attempting Binding as user", user=user) LOGGER.debug("Attempting Binding as user", user=user)
try: try:
temp_connection = ldap3.Connection( temp_connection = ldap3.Connection(
source.connection.server, source.server,
user=user.attributes.get(LDAP_DISTINGUISHED_NAME), user=user.attributes.get(LDAP_DISTINGUISHED_NAME),
password=password, password=password,
raise_exceptions=True, raise_exceptions=True,

View File

@ -1,9 +1,9 @@
"""authentik LDAP Models""" """authentik LDAP Models"""
from typing import Optional, Type from typing import Type
from django.db import models from django.db import models
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from ldap3 import ALL, ROUND_ROBIN, Connection, Server, ServerPool from ldap3 import ALL, RANDOM, Connection, Server, ServerPool
from rest_framework.serializers import Serializer from rest_framework.serializers import Serializer
from authentik.core.models import Group, PropertyMapping, Source from authentik.core.models import Group, PropertyMapping, Source
@ -93,31 +93,32 @@ class LDAPSource(Source):
return LDAPSourceSerializer return LDAPSourceSerializer
_connection: Optional[Connection] = None @property
def server(self) -> Server:
"""Get LDAP Server/ServerPool"""
servers = []
if "," in self.server_uri:
for server in self.server_uri.split(","):
servers.append(Server(server, get_info=ALL, connect_timeout=LDAP_TIMEOUT))
else:
servers = [Server(self.server_uri, get_info=ALL, connect_timeout=LDAP_TIMEOUT)]
return ServerPool(servers, RANDOM, active=True, exhaust=True)
@property @property
def connection(self) -> Connection: def connection(self) -> Connection:
"""Get a fully connected and bound LDAP Connection""" """Get a fully connected and bound LDAP Connection"""
if not self._connection: connection = Connection(
servers = [] self.server,
if "," in self.server_uri: raise_exceptions=True,
for server in self.server_uri.split(","): user=self.bind_cn,
servers.append(Server(server, get_info=ALL, connect_timeout=LDAP_TIMEOUT)) password=self.bind_password,
else: receive_timeout=LDAP_TIMEOUT,
servers = [Server(self.server_uri, get_info=ALL, connect_timeout=LDAP_TIMEOUT)] )
pool = ServerPool(servers, ROUND_ROBIN, active=True, exhaust=True)
self._connection = Connection(
pool,
raise_exceptions=True,
user=self.bind_cn,
password=self.bind_password,
receive_timeout=LDAP_TIMEOUT,
)
self._connection.bind() connection.bind()
if self.start_tls: if self.start_tls:
self._connection.start_tls() connection.start_tls()
return self._connection return connection
class Meta: class Meta: