Browse Source

Don't call start_tls_s() twice

pyldap's start_tls_s function calls ldap_start_tls_s[1] which, if called
twice, returns LDAP_LOCAL_ERROR which causes a LDAP queries to fail with
the traceback:

 Traceback (most recent call last):
   File "/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 258, in _create_connector
     self._bind(conn, bind, passwd)
   File "/usr/lib/python2.7/site-packages/ldappool/__init__.py", line 227, in _bind
     conn.start_tls_s()
   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 1095, in start_tls_s
     res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 1071, in _apply_method_s
     return func(self,*args,**kwargs)
   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 780, in start_tls_s
     return self._ldap_call(self._l.start_tls_s)
   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 263, in _ldap_call
     result = func(*args,**kwargs)
 LOCAL_ERROR: {'desc': u'Local error'}

This means that currently keystone's [ldap]/use_pool and [ldap]/use_tls
options are incompatible. This patch fixes the problem by removing the
unnecessary call.

[1] https://linux.die.net/man/3/ldap_start_tls_s

Change-Id: I6baff12bcbd3b110e62f4bcdfb97c561d7ee5fe9
Colleen Murphy 2 years ago
parent
commit
53565dfd97
2 changed files with 20 additions and 1 deletions
  1. 0
    1
      ldappool/__init__.py
  2. 20
    0
      ldappool/tests/test_ldapconnection.py

+ 0
- 1
ldappool/__init__.py View File

@@ -221,7 +221,6 @@ class ConnectionManager(object):
221 221
                 raise BackendError('Could not activate TLS on established '
222 222
                                    'connection with %s' % self.uri,
223 223
                                    backend=conn)
224
-            conn.start_tls_s()
225 224
 
226 225
         if bind is not None:
227 226
             conn.simple_bind_s(bind, passwd)

+ 20
- 0
ldappool/tests/test_ldapconnection.py View File

@@ -55,14 +55,25 @@ def _bind_fails2(self, who='', cred='', **kw):
55 55
     raise ldap.SERVER_DOWN('LDAP connection invalid')
56 56
 
57 57
 
58
+def _start_tls_s(self):
59
+    if self.start_tls_already_called_flag:
60
+        raise ldap.LOCAL_ERROR
61
+    else:
62
+        self.start_tls_already_called_flag = True
63
+
64
+
58 65
 class TestLDAPConnection(unittest.TestCase):
59 66
 
60 67
     def setUp(self):
61 68
         self.old = ldappool.StateConnector.simple_bind_s
62 69
         ldappool.StateConnector.simple_bind_s = _bind
70
+        self.old_start_tls_s = ldappool.StateConnector.start_tls_s
71
+        ldappool.StateConnector.start_tls_s = _start_tls_s
72
+        ldappool.StateConnector.start_tls_already_called_flag = False
63 73
 
64 74
     def tearDown(self):
65 75
         ldappool.StateConnector.simple_bind_s = self.old
76
+        ldappool.StateConnector.start_tls_s = self.old_start_tls_s
66 77
 
67 78
     def test_connection(self):
68 79
         uri = ''
@@ -115,6 +126,15 @@ class TestLDAPConnection(unittest.TestCase):
115 126
         self.assertFalse(cm._pool[0].active)
116 127
         self.assertFalse(cm._pool[1].active)
117 128
 
129
+    def test_tls_connection(self):
130
+        uri = ''
131
+        dn = 'uid=adminuser,ou=logins,dc=mozilla'
132
+        passwd = 'adminuser'
133
+        cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True,
134
+                                        size=2, use_tls=True)
135
+        with cm.connection():
136
+            pass
137
+
118 138
     def test_simple_bind_fails(self):
119 139
         unbinds = []
120 140
 

Loading…
Cancel
Save