4 commits - kolabd/process.py pykolab/auth
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Mon Apr 29 13:50:09 CEST 2013
kolabd/process.py | 8 +++++
pykolab/auth/ldap/__init__.py | 58 +++++++++++++++++++++++++-----------------
pykolab/auth/ldap/cache.py | 24 +++++++++++++----
3 files changed, 62 insertions(+), 28 deletions(-)
New commits:
commit a3f6ada361d0942dbe60074d348b9bcf6be83efd
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Mon Apr 29 13:49:41 2013 +0200
If the entry_dn is None, we are chasing referrals - which we do not want.
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index 6eda75a..0a564fa 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -361,7 +361,6 @@ class LDAP(pykolab.base.Base):
_filter = "%s%s%s" % (__filter_prefix,_filter,__filter_suffix)
-
log.debug(_("Finding recipient with filter %r") % (_filter), level=8)
if len(_filter) <= 6:
@@ -379,7 +378,10 @@ class LDAP(pykolab.base.Base):
for _result in _results:
(_entry_id, _entry_attrs) = _result
- _entry_dns.append(_entry_id)
+
+ # Prevent Active Directory referrals
+ if not _entry_id == None:
+ _entry_dns.append(_entry_id)
return _entry_dns
@@ -2014,6 +2016,10 @@ class LDAP(pykolab.base.Base):
# Typical for Paged Results Control
elif kw.has_key('entry') and isinstance(kw['entry'], list):
for entry_dn,entry_attrs in kw['entry']:
+ # This is a referral
+ if entry_dn == None:
+ continue
+
entry = { 'dn': entry_dn }
entry_attrs = utils.normalize(entry_attrs)
for attr in entry_attrs.keys():
commit 2001494a7dfebe9a1b1bc0e4725b6449cf0ca34f
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Mon Apr 29 13:48:44 2013 +0200
Try using one supported control, and abort the entire synchronization if it succeeds. If the configured control does not succeed, try the next supported control
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index 54e231d..6eda75a 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -2394,27 +2394,33 @@ class LDAP(pykolab.base.Base):
_use_ldap_controls = self.ldap.supported_controls
for supported_control in _use_ldap_controls:
- exec("""_results = self.%s(
- %r,
- scope=%r,
- filterstr=%r,
- attrlist=%r,
- attrsonly=%r,
- timeout=%r,
- callback=callback,
- primary_domain=%r,
- secondary_domains=%r
- )""" % (
- supported_control,
- base_dn,
- scope,
- filterstr,
- attrlist,
- attrsonly,
- timeout,
- primary_domain,
- secondary_domains
+ try:
+ exec("""_results = self.%s(
+ %r,
+ scope=%r,
+ filterstr=%r,
+ attrlist=%r,
+ attrsonly=%r,
+ timeout=%r,
+ callback=callback,
+ primary_domain=%r,
+ secondary_domains=%r
+ )""" % (
+ supported_control,
+ base_dn,
+ scope,
+ filterstr,
+ attrlist,
+ attrsonly,
+ timeout,
+ primary_domain,
+ secondary_domains
+ )
)
- )
+
+ break
+
+ except:
+ continue
return _results
commit 28ae1b011a59eac48989d01928879af5ca0de6a5
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Mon Apr 29 13:39:26 2013 +0200
Add a timestamp format modifier, for the purpose of further integration with Active Directory, that uses a .0Z addition to the modifytimestamp.
diff --git a/pykolab/auth/ldap/cache.py b/pykolab/auth/ldap/cache.py
index 9452bba..55a47c3 100644
--- a/pykolab/auth/ldap/cache.py
+++ b/pykolab/auth/ldap/cache.py
@@ -62,9 +62,14 @@ class Entry(object):
def __init__(self, uniqueid, result_attr, last_change):
self.uniqueid = uniqueid
self.result_attribute = result_attr
+
+ modifytimestamp_format = conf.get('ldap', 'modifytimestamp_format')
+ if modifytimestamp_format == None:
+ modifytimestamp_format = "%Y%m%d%H%M%SZ"
+
self.last_change = datetime.datetime.strptime(
last_change,
- "%Y%m%d%H%M%SZ"
+ modifytimestamp_format
)
##
@@ -125,9 +130,13 @@ def get_entry(domain, entry, update=True):
db.commit()
_entry = db.query(Entry).filter_by(uniqueid=entry['id']).first()
else:
- if not _entry.last_change.strftime("%Y%m%d%H%M%SZ") == entry['modifytimestamp']:
+ modifytimestamp_format = conf.get('ldap', 'modifytimestamp_format')
+ if modifytimestamp_format == None:
+ modifytimestamp_format = "%Y%m%d%H%M%SZ"
+
+ if not _entry.last_change.strftime(modifytimestamp_format) == entry['modifytimestamp']:
log.debug(_("Updating timestamp for cache entry %r") % (entry['id']), level=8)
- last_change = datetime.datetime.strptime(entry['modifytimestamp'], "%Y%m%d%H%M%SZ")
+ last_change = datetime.datetime.strptime(entry['modifytimestamp'], modifytimestamp_format)
_entry.last_change = last_change
db.commit()
_entry = db.query(Entry).filter_by(uniqueid=entry['id']).first()
@@ -163,7 +172,12 @@ def init_db(domain):
def last_modify_timestamp(domain):
db = init_db(domain)
last_change = db.query(Entry).order_by(desc(Entry.last_change)).first()
+
+ modifytimestamp_format = conf.get('ldap', 'modifytimestamp_format')
+ if modifytimestamp_format == None:
+ modifytimestamp_format = "%Y%m%d%H%M%SZ"
+
if not last_change == None:
- return last_change.last_change.strftime("%Y%m%d%H%M%SZ")
+ return last_change.last_change.strftime(modifytimestamp_format)
- return datetime.datetime(1900, 01, 01, 00, 00, 00).strftime("%Y%m%d%H%M%SZ")
+ return datetime.datetime(1900, 01, 01, 00, 00, 00).strftime(modifytimestamp_format)
commit e0835ed698888cebf0ff84e1c6c67e98f9eb5d8f
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Mon Apr 29 13:34:17 2013 +0200
Add a [kolab] section setting 'sync_interval', used as the interval between authn/authz synchronization calls.
Synchronization would otherwise continue to occur with paged searches, or vlv searches, immediately after finishing a run.
diff --git a/kolabd/process.py b/kolabd/process.py
index 6578151..659b74f 100644
--- a/kolabd/process.py
+++ b/kolabd/process.py
@@ -38,11 +38,19 @@ class KolabdProcess(multiprocessing.Process):
)
def synchronize(self, domain):
+ sync_interval = conf.get('kolab', 'sync_interval')
+
+ if sync_interval == None or sync_interval == 0:
+ sync_interval = 300
+ else:
+ sync_interval = (int)(sync_interval)
+
while True:
try:
auth = Auth(domain)
auth.connect(domain)
auth.synchronize()
+ time.sleep(sync_interval)
except KeyboardInterrupt:
break
except Exception, errmsg:
More information about the commits
mailing list