sources/ldap: don't cache LDAP Connection, use random server

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 21:11:55 +01:00 · 2021-12-02 21:11:55 +01:00 · ac432e78e2
parent 83ac42ac43
commit ac432e78e2
2 changed files with 24 additions and 23 deletions
--- a/authentik/sources/ldap/auth.py
+++ b/authentik/sources/ldap/auth.py
@ -58,7 +58,7 @@ class LDAPBackend(InbuiltBackend):
        LOGGER.debug("Attempting Binding as user", user=user)
        try:
            temp_connection = ldap3.Connection(
-                source.connection.server,
+                source.server,
                user=user.attributes.get(LDAP_DISTINGUISHED_NAME),
                password=password,
                raise_exceptions=True,
--- a/authentik/sources/ldap/models.py
+++ b/authentik/sources/ldap/models.py
@ -1,9 +1,9 @@
 """authentik LDAP Models"""
-from typing import Optional, Type
+from typing import Type

 from django.db import models
 from django.utils.translation import gettext_lazy as _
-from ldap3 import ALL, ROUND_ROBIN, Connection, Server, ServerPool
+from ldap3 import ALL, RANDOM, Connection, Server, ServerPool
 from rest_framework.serializers import Serializer

 from authentik.core.models import Group, PropertyMapping, Source
@ -93,31 +93,32 @@ class LDAPSource(Source):

        return LDAPSourceSerializer

-    _connection: Optional[Connection] = None
-
    @property
-    def connection(self) -> Connection:
-        """Get a fully connected and bound LDAP Connection"""
-        if not self._connection:
+    def server(self) -> Server:
+        """Get LDAP Server/ServerPool"""
        servers = []
        if "," in self.server_uri:
            for server in self.server_uri.split(","):
                servers.append(Server(server, get_info=ALL, connect_timeout=LDAP_TIMEOUT))
        else:
            servers = [Server(self.server_uri, get_info=ALL, connect_timeout=LDAP_TIMEOUT)]
-            pool = ServerPool(servers, ROUND_ROBIN, active=True, exhaust=True)
-            self._connection = Connection(
-                pool,
+        return ServerPool(servers, RANDOM, active=True, exhaust=True)
+
+    @property
+    def connection(self) -> Connection:
+        """Get a fully connected and bound LDAP Connection"""
+        connection = Connection(
+            self.server,
            raise_exceptions=True,
            user=self.bind_cn,
            password=self.bind_password,
            receive_timeout=LDAP_TIMEOUT,
        )

-            self._connection.bind()
+        connection.bind()
        if self.start_tls:
-                self._connection.start_tls()
-        return self._connection
+            connection.start_tls()
+        return connection

    class Meta: