[Git][ftp-team/dak][deploy] 2 commits: implement opening connection to LDAP only once

[Ansgar <ansgar@debian.org>]

Title: GitLab

Ansgar pushed to branch deploy at Debian FTP Team / dak

Commits:

• 7842dab8
  by Ansgar at 2020-10-31T15:46:04+01:00

  implement opening connection to LDAP only once
  
  Also import the ldap module only when needed.  This allows using dak
  without the Python ldap module installed.
  

• ec6d0bf6
  by Ansgar at 2020-10-31T15:59:58+01:00

  Merge branch 'master' into deploy
  

2 changed files:

• daklib/dbconn.py
• daklib/utils.py

Changes:

daklib/dbconn.py

---

...	...	@@ -918,22 +918,9 @@ class Keyring(object):
918	918	raise GpgException("command failed: %s\nstdout: %s\nstderr: %s\n" % (cmd, out, err))
919	919
920	920	def import_users_from_ldap(self, session):
921		- import ldap
	921	+ from .utils import open_ldap_connection
	922	+ l = open_ldap_connection()
922	923	cnf = Config()
923		-
924		- LDAPDn = cnf["Import-LDAP-Fingerprints::LDAPDn"]
925		- LDAPServer = cnf["Import-LDAP-Fingerprints::LDAPServer"]
926		- ca_cert_file = cnf.get('Import-LDAP-Fingerprints::CACertFile')
927		-
928		- l = ldap.initialize(LDAPServer)
929		-
930		- if ca_cert_file:
931		- l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_HARD)
932		- l.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_cert_file)
933		- l.set_option(ldap.OPT_X_TLS_NEWCTX, True)
934		- l.start_tls_s()
935		-
936		- l.simple_bind_s("", "")
937	924	Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL,
938	925	"(&(keyfingerprint=*)(supplementaryGid=%s))" % (cnf["Import-Users-From-Passwd::ValidGID"]),
939	926	["uid", "keyfingerprint", "cn", "mn", "sn"])

daklib/utils.py

---

...	...	@@ -37,7 +37,6 @@ import apt_pkg
37	37	import re
38	38	import email as modemail
39	39	import subprocess
40		-import ldap
41	40	import errno
42	41	import functools
43	42	import six
...	...	@@ -773,13 +772,32 @@ def gpg_get_key_addresses(fingerprint):
773	772	################################################################################
774	773
775	774
776		-def get_logins_from_ldap(fingerprint='*'):
777		- """retrieve login from LDAP linked to a given fingerprint"""
	775	+def open_ldap_connection():
	776	+ """open connection to the configured LDAP server"""
	777	+ import ldap
	778	+
	779	+ LDAPDn = Cnf["Import-LDAP-Fingerprints::LDAPDn"]
	780	+ LDAPServer = Cnf["Import-LDAP-Fingerprints::LDAPServer"]
	781	+ ca_cert_file = Cnf.get('Import-LDAP-Fingerprints::CACertFile')
778	782
779		- LDAPDn = Cnf['Import-LDAP-Fingerprints::LDAPDn']
780		- LDAPServer = Cnf['Import-LDAP-Fingerprints::LDAPServer']
781	783	l = ldap.initialize(LDAPServer)
782		- l.simple_bind_s('', '')
	784	+
	785	+ if ca_cert_file:
	786	+ l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_HARD)
	787	+ l.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_cert_file)
	788	+ l.set_option(ldap.OPT_X_TLS_NEWCTX, True)
	789	+ l.start_tls_s()
	790	+
	791	+ l.simple_bind_s("", "")
	792	+
	793	+ return l
	794	+
	795	+################################################################################
	796	+
	797	+
	798	+def get_logins_from_ldap(fingerprint='*'):
	799	+ """retrieve login from LDAP linked to a given fingerprint"""
	800	+ l = open_ldap_connection()
783	801	Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL,
784	802	'(keyfingerprint=%s)' % fingerprint,
785	803	['uid', 'keyfingerprint'])
...	...	@@ -795,11 +813,7 @@ def get_logins_from_ldap(fingerprint='*'):
795	813
796	814	def get_users_from_ldap():
797	815	"""retrieve login and user names from LDAP"""
798		-
799		- LDAPDn = Cnf['Import-LDAP-Fingerprints::LDAPDn']
800		- LDAPServer = Cnf['Import-LDAP-Fingerprints::LDAPServer']
801		- l = ldap.initialize(LDAPServer)
802		- l.simple_bind_s('', '')
	816	+ l = open_ldap_connection()
803	817	Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL,
804	818	'(uid=*)', ['uid', 'cn', 'mn', 'sn'])
805	819	users = {}

—
View it on GitLab.
You're receiving this email because of your account on salsa.debian.org. If you'd like to receive fewer emails, you can adjust your notification settings.