vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #2584 from coreos-inc/ldap-sync-opt

Browse source 
LDAP Team sync improvements
This commit is contained in:
josephschorr 2017-04-27 14:40:26 -04:00 committed by GitHub
commit 0a60dd0122
1 changed files with 42 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
data/users/externalldap.py
View file

@ -274,7 +274,7 @@ class LDAPUsers(FederatedUsers):
if err is not None: if err is not None:
return (False, err) return (False, err)
if not list(it): if not next(it, False):
return (False, 'Group does not exist or is empty') return (False, 'Group does not exist or is empty')
return (True, None) return (True, None)
@ -301,24 +301,48 @@ class LDAPUsers(FederatedUsers):
for user_search_dn in self._user_dns: for user_search_dn in self._user_dns:
# Conduct the initial search for users that are a member of the group. # Conduct the initial search for users that are a member of the group.
logger.debug('Conducting LDAP search of DN: %s and filter %s', user_search_dn, search_flt)
try:
if has_pagination: if has_pagination:
msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, serverctrls=[lc], msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt,
attrlist=attributes) serverctrls=[lc], attrlist=attributes)
else: else:
msgid = conn.search(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, attrlist=attributes) msgid = conn.search(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, attrlist=attributes)
except ldap.LDAPError as lde:
logger.exception('Got error when trying to search %s with filter %s: %s',
user_search_dn, search_flt, lde.message)
break
while True: while True:
try:
if has_pagination: if has_pagination:
_, rdata, _, serverctrls = conn.result3(msgid) _, rdata, _, serverctrls = conn.result3(msgid)
else: else:
_, rdata = conn.result(msgid) _, rdata = conn.result(msgid)
# Yield any users found. # Yield any users found.
found_results = 0
for userdata in rdata: for userdata in rdata:
found_results = found_results + 1
yield self._build_user_information(userdata[1]) yield self._build_user_information(userdata[1])
logger.debug('Found %s users in group %s; %s', found_results, user_search_dn,
search_flt)
except ldap.NO_SUCH_OBJECT as nsoe:
logger.debug('NSO when trying to lookup results of search %s with filter %s: %s',
user_search_dn, search_flt, nsoe.message)
except ldap.LDAPError as lde:
logger.exception('Error when trying to lookup results of search %s with filter %s: %s',
user_search_dn, search_flt, lde.message)
break
# If no additional results, nothing more to do.
if not found_results:
break
# If pagination is disabled, nothing more to do. # If pagination is disabled, nothing more to do.
if not has_pagination: if not has_pagination:
logger.debug('Pagination is disabled, no further queries')
break break
# Filter down the controls with which the server responded, looking for the paging # Filter down the controls with which the server responded, looking for the paging
@ -332,11 +356,13 @@ class LDAPUsers(FederatedUsers):
# then conduct the next search. # then conduct the next search.
cookie = lc.cookie = pctrls[0].cookie cookie = lc.cookie = pctrls[0].cookie
if cookie: if cookie:
logger.debug('Pagination is supported for this LDAP server; trying next page')
msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt,
serverctrls=[lc], attrlist=attributes) serverctrls=[lc], attrlist=attributes)
continue continue
else: else:
# No additional results. # No additional results.
logger.debug('Pagination is supported for this LDAP server but on last page')
break break
else: else:
# Pagination is not supported. # Pagination is not supported.