diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2013-03-09 21:51:17 +0100 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2013-03-09 23:27:00 +0100 |
| commit | ac30060ba57112c23b36cf016f7776e5b6af0d9b (patch) | |
| tree | 8a6b8950b70262b0d9ddd3bf2ab2eb93f53f045f | |
| parent | 4e603409f76c14ba7b11c437eac6116a2afce603 (diff) | |
move get_connection function to search module as Connection class as subclass of ReconnectLDAPObject to automatically reconnect to the LDAP server
| -rw-r--r-- | pynslcd/pam.py | 2 | ||||
| -rwxr-xr-x | pynslcd/pynslcd.py | 26 | ||||
| -rw-r--r-- | pynslcd/search.py | 25 |
3 files changed, 28 insertions, 25 deletions
diff --git a/pynslcd/pam.py b/pynslcd/pam.py index f2493ec..2d03cc9 100644 --- a/pynslcd/pam.py +++ b/pynslcd/pam.py @@ -34,7 +34,7 @@ import search def try_bind(userdn, password): # open a new connection - conn = ldap.initialize(cfg.uri) + conn = search.Connection() # bind using the specified credentials pwctrl = PasswordPolicyControl() res, data, msgid, ctrls = conn.simple_bind_s(userdn, password, serverctrls=[pwctrl]) diff --git a/pynslcd/pynslcd.py b/pynslcd/pynslcd.py index 43c787a..0f234c3 100755 --- a/pynslcd/pynslcd.py +++ b/pynslcd/pynslcd.py @@ -35,6 +35,7 @@ import cfg import common import constants import mypidfile +import search # the name of the program @@ -236,31 +237,8 @@ def disable_nss_ldap(): logging.warn('probably older NSS module loaded', exc_info=True) -def get_connection(): - """Return a connection to the LDAP server.""" - session = ldap.initialize(cfg.uri) - # set session-specific LDAP options - if cfg.ldap_version: - session.set_option(ldap.OPT_PROTOCOL_VERSION, cfg.ldap_version) - if cfg.deref: - session.set_option(ldap.OPT_DEREF, cfg.deref) - if cfg.timelimit: - session.set_option(ldap.OPT_TIMELIMIT, cfg.timelimit) - session.set_option(ldap.OPT_TIMEOUT, cfg.timelimit) - session.set_option(ldap.OPT_NETWORK_TIMEOUT, cfg.timelimit) - if cfg.referrals: - session.set_option(ldap.OPT_REFERRALS, cfg.referrals) - if cfg.sasl_canonicalize is not None: - session.set_option(ldap.OPT_X_SASL_NOCANON, not cfg.sasl_canonicalize) - session.set_option(ldap.OPT_RESTART, True) - # TODO: register a connection callback (like dis?connect_cb() in myldap.c) - if cfg.ssl or cfg.uri.startswith('ldaps://'): - session.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_HARD) - return session - - def worker(): - session = get_connection() + session = search.Connection() while True: try: acceptconnection(session) diff --git a/pynslcd/search.py b/pynslcd/search.py index 60d36ff..533e522 100644 --- a/pynslcd/search.py +++ b/pynslcd/search.py @@ -22,10 +22,35 @@ import logging import sys import ldap +import ldap.ldapobject import cfg +class Connection(ldap.ldapobject.ReconnectLDAPObject): + + def __init__(self): + ldap.ldapobject.ReconnectLDAPObject.__init__(self, cfg.uri, + retry_max=1, retry_delay=cfg.reconnect_retrytime) + # set connection-specific LDAP options + if cfg.ldap_version: + self.set_option(ldap.OPT_PROTOCOL_VERSION, cfg.ldap_version) + if cfg.deref: + self.set_option(ldap.OPT_DEREF, cfg.deref) + if cfg.timelimit: + self.set_option(ldap.OPT_TIMELIMIT, cfg.timelimit) + self.set_option(ldap.OPT_TIMEOUT, cfg.timelimit) + self.set_option(ldap.OPT_NETWORK_TIMEOUT, cfg.timelimit) + if cfg.referrals: + self.set_option(ldap.OPT_REFERRALS, cfg.referrals) + if cfg.sasl_canonicalize is not None: + self.set_option(ldap.OPT_X_SASL_NOCANON, not cfg.sasl_canonicalize) + self.set_option(ldap.OPT_RESTART, True) + # TODO: register a connection callback (like dis?connect_cb() in myldap.c) + if cfg.ssl or cfg.uri.startswith('ldaps://'): + self.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_HARD) + + class LDAPSearch(object): """ Class that performs an LDAP search. Subclasses are expected to define the |