4 commits - kolabd/process.py pykolab/auth

Jeroen van Meeuwen vanmeeuwen at kolabsys.com
Mon Apr 29 13:50:09 CEST 2013 

 kolabd/process.py             |    8 +++++
 pykolab/auth/ldap/__init__.py |   58 +++++++++++++++++++++++++-----------------
 pykolab/auth/ldap/cache.py    |   24 +++++++++++++----
 3 files changed, 62 insertions(+), 28 deletions(-)

New commits:
commit a3f6ada361d0942dbe60074d348b9bcf6be83efd
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Mon Apr 29 13:49:41 2013 +0200

    If the entry_dn is None, we are chasing referrals - which we do not want.

diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index 6eda75a..0a564fa 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -361,7 +361,6 @@ class LDAP(pykolab.base.Base):
 
         _filter = "%s%s%s" % (__filter_prefix,_filter,__filter_suffix)
 
-
         log.debug(_("Finding recipient with filter %r") % (_filter), level=8)
 
         if len(_filter) <= 6:
@@ -379,7 +378,10 @@ class LDAP(pykolab.base.Base):
 
         for _result in _results:
             (_entry_id, _entry_attrs) = _result
-            _entry_dns.append(_entry_id)
+
+            # Prevent Active Directory referrals
+            if not _entry_id == None:
+                _entry_dns.append(_entry_id)
 
         return _entry_dns
 
@@ -2014,6 +2016,10 @@ class LDAP(pykolab.base.Base):
         # Typical for Paged Results Control
         elif kw.has_key('entry') and isinstance(kw['entry'], list):
             for entry_dn,entry_attrs in kw['entry']:
+                # This is a referral
+                if entry_dn == None:
+                    continue
+
                 entry = { 'dn': entry_dn }
                 entry_attrs = utils.normalize(entry_attrs)
                 for attr in entry_attrs.keys():


commit 2001494a7dfebe9a1b1bc0e4725b6449cf0ca34f
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Mon Apr 29 13:48:44 2013 +0200

    Try using one supported control, and abort the entire synchronization if it succeeds. If the configured control does not succeed, try the next supported control

diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index 54e231d..6eda75a 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -2394,27 +2394,33 @@ class LDAP(pykolab.base.Base):
             _use_ldap_controls = self.ldap.supported_controls
 
         for supported_control in _use_ldap_controls:
-            exec("""_results = self.%s(
-                    %r,
-                    scope=%r,
-                    filterstr=%r,
-                    attrlist=%r,
-                    attrsonly=%r,
-                    timeout=%r,
-                    callback=callback,
-                    primary_domain=%r,
-                    secondary_domains=%r
-                )""" % (
-                        supported_control,
-                        base_dn,
-                        scope,
-                        filterstr,
-                        attrlist,
-                        attrsonly,
-                        timeout,
-                        primary_domain,
-                        secondary_domains
+            try:
+                exec("""_results = self.%s(
+                        %r,
+                        scope=%r,
+                        filterstr=%r,
+                        attrlist=%r,
+                        attrsonly=%r,
+                        timeout=%r,
+                        callback=callback,
+                        primary_domain=%r,
+                        secondary_domains=%r
+                    )""" % (
+                            supported_control,
+                            base_dn,
+                            scope,
+                            filterstr,
+                            attrlist,
+                            attrsonly,
+                            timeout,
+                            primary_domain,
+                            secondary_domains
+                        )
                     )
-                )
+
+                break
+
+            except:
+                continue
 
         return _results


commit 28ae1b011a59eac48989d01928879af5ca0de6a5
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Mon Apr 29 13:39:26 2013 +0200

    Add a timestamp format modifier, for the purpose of further integration with Active Directory, that uses a .0Z addition to the modifytimestamp.

diff --git a/pykolab/auth/ldap/cache.py b/pykolab/auth/ldap/cache.py
index 9452bba..55a47c3 100644
--- a/pykolab/auth/ldap/cache.py
+++ b/pykolab/auth/ldap/cache.py
@@ -62,9 +62,14 @@ class Entry(object):
     def __init__(self, uniqueid, result_attr, last_change):
         self.uniqueid = uniqueid
         self.result_attribute = result_attr
+
+        modifytimestamp_format = conf.get('ldap', 'modifytimestamp_format')
+        if modifytimestamp_format == None:
+            modifytimestamp_format = "%Y%m%d%H%M%SZ"
+
         self.last_change = datetime.datetime.strptime(
                 last_change,
-                "%Y%m%d%H%M%SZ"
+                modifytimestamp_format
             )
 
 ##
@@ -125,9 +130,13 @@ def get_entry(domain, entry, update=True):
         db.commit()
         _entry = db.query(Entry).filter_by(uniqueid=entry['id']).first()
     else:
-        if not _entry.last_change.strftime("%Y%m%d%H%M%SZ") == entry['modifytimestamp']:
+        modifytimestamp_format = conf.get('ldap', 'modifytimestamp_format')
+        if modifytimestamp_format == None:
+            modifytimestamp_format = "%Y%m%d%H%M%SZ"
+
+        if not _entry.last_change.strftime(modifytimestamp_format) == entry['modifytimestamp']:
             log.debug(_("Updating timestamp for cache entry %r") % (entry['id']), level=8)
-            last_change = datetime.datetime.strptime(entry['modifytimestamp'], "%Y%m%d%H%M%SZ")
+            last_change = datetime.datetime.strptime(entry['modifytimestamp'], modifytimestamp_format)
             _entry.last_change = last_change
             db.commit()
             _entry = db.query(Entry).filter_by(uniqueid=entry['id']).first()
@@ -163,7 +172,12 @@ def init_db(domain):
 def last_modify_timestamp(domain):
     db = init_db(domain)
     last_change = db.query(Entry).order_by(desc(Entry.last_change)).first()
+
+    modifytimestamp_format = conf.get('ldap', 'modifytimestamp_format')
+    if modifytimestamp_format == None:
+        modifytimestamp_format = "%Y%m%d%H%M%SZ"
+
     if not last_change == None:
-        return last_change.last_change.strftime("%Y%m%d%H%M%SZ")
+        return last_change.last_change.strftime(modifytimestamp_format)
 
-    return datetime.datetime(1900, 01, 01, 00, 00, 00).strftime("%Y%m%d%H%M%SZ")
+    return datetime.datetime(1900, 01, 01, 00, 00, 00).strftime(modifytimestamp_format)


commit e0835ed698888cebf0ff84e1c6c67e98f9eb5d8f
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Mon Apr 29 13:34:17 2013 +0200

    Add a [kolab] section setting 'sync_interval', used as the interval between authn/authz synchronization calls.
    
    Synchronization would otherwise continue to occur with paged searches, or vlv searches, immediately after finishing a run.

diff --git a/kolabd/process.py b/kolabd/process.py
index 6578151..659b74f 100644
--- a/kolabd/process.py
+++ b/kolabd/process.py
@@ -38,11 +38,19 @@ class KolabdProcess(multiprocessing.Process):
             )
 
     def synchronize(self, domain):
+        sync_interval = conf.get('kolab', 'sync_interval')
+
+        if sync_interval == None or sync_interval == 0:
+            sync_interval = 300
+        else:
+            sync_interval = (int)(sync_interval)
+
         while True:
             try:
                 auth = Auth(domain)
                 auth.connect(domain)
                 auth.synchronize()
+                time.sleep(sync_interval)
             except KeyboardInterrupt:
                 break
             except Exception, errmsg:

More information about the commits mailing list