diff options
author | Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> | 2013-08-22 16:24:44 +0200 |
---|---|---|
committer | Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> | 2013-08-22 16:24:44 +0200 |
commit | fb8715aebec46026d7c6da543bc01ba59a8d5be4 (patch) | |
tree | 545086cafa8b830e9059f9b9bfb752d961069aa6 | |
parent | 7efeedbf1b5ac25fdc897cf5d931cb043da7c173 (diff) | |
download | pykolab-fb8715aebec46026d7c6da543bc01ba59a8d5be4.tar.gz |
Make use of the authentication cache
-rw-r--r-- | pykolab/auth/ldap/__init__.py | 112 |
1 files changed, 72 insertions, 40 deletions
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py index 341ae32..4f9ad64 100644 --- a/pykolab/auth/ldap/__init__.py +++ b/pykolab/auth/ldap/__init__.py @@ -35,6 +35,7 @@ from pykolab.translate import _ log = pykolab.getLogger('pykolab.auth') conf = pykolab.getConf() +import auth_cache import cache # Catch python-ldap-2.4 changes @@ -151,13 +152,24 @@ class LDAP(pykolab.base.Base): self.connect() self._bind() - config_base_dn = self.config_get('base_dn') - ldap_base_dn = self._kolab_domain_root_dn(self.domain) + # See if we know a base_dn for the domain + base_dn = None - if not ldap_base_dn == None and not ldap_base_dn == config_base_dn: - base_dn = ldap_base_dn - else: - base_dn = config_base_dn + try: + base_dn = auth_cache.get_entry(self.domain) + except: + pass + + if base_dn == None: + config_base_dn = self.config_get('base_dn') + ldap_base_dn = self._kolab_domain_root_dn(self.domain) + + if not ldap_base_dn == None and not ldap_base_dn == config_base_dn: + base_dn = ldap_base_dn + else: + base_dn = config_base_dn + + auth_cache.set_entry(self.domain, base_dn) user_filter = self.config_get_raw('user_filter') % ({'base_dn':base_dn}) @@ -171,49 +183,69 @@ class LDAP(pykolab.base.Base): _filter += ')%s)' % (user_filter) - config_base_dn = self.config_get('base_dn') - ldap_base_dn = self._kolab_domain_root_dn(self.domain) + entry_dn = None - if not ldap_base_dn == None and not ldap_base_dn == config_base_dn: - base_dn = ldap_base_dn - else: - base_dn = config_base_dn + try: + entry_dn = auth_cache.get_entry(_filter) + except: + pass - _search = self.ldap.search_ext( - base_dn, - ldap.SCOPE_SUBTREE, - _filter, - ['entrydn'] - ) + if entry_dn == None: + _search = self.ldap.search_ext( + base_dn, + ldap.SCOPE_SUBTREE, + _filter, + ['entrydn'] + ) - ( - _result_type, - _result_data, - _result_msgid, - _result_controls - ) = self.ldap.result3(_search) + ( + _result_type, + _result_data, + _result_msgid, + _result_controls + ) = self.ldap.result3(_search) - if len(_result_data) >= 1: - (entry_dn, entry_attrs) = _result_data[0] + if len(_result_data) >= 1: + (entry_dn, entry_attrs) = _result_data[0] - try: - log.debug(_("Binding with user_dn %s and password %s") - % (entry_dn, login[1])) + try: + log.debug(_("Binding with user_dn %s and password %s") + % (entry_dn, login[1])) + + # Needs to be synchronous or succeeds and continues setting retval + # to True!! + self.ldap.simple_bind_s(entry_dn, login[1]) + retval = True + auth_cache.set_entry(_filter, entry_dn) + except: + try: + log.debug( + _("Failed to authenticate as user %s") % (login[0]), + level=8 + ) + except: + pass - # Needs to be synchronous or succeeds and continues setting retval - # to True!! - self.ldap.simple_bind_s(entry_dn, login[1]) - retval = True - except: + retval = False + else: try: - log.debug( - _("Failed to authenticate as user %s") % (login[0]), - level=8 - ) + log.debug(_("Binding with user_dn %s and password %s") + % (entry_dn, login[1])) + + # Needs to be synchronous or succeeds and continues setting retval + # to True!! + self.ldap.simple_bind_s(entry_dn, login[1]) + retval = True except: - pass + try: + log.debug( + _("Failed to authenticate as user %s") % (login[0]), + level=8 + ) + except: + pass - retval = False + retval = False return retval |