Add default and configurable LDAP timeouts

Fixes https://www.pivotaltracker.com/story/show/135885019
2016-12-19 11:53:06 -05:00 · 2016-12-19 11:53:06 -05:00 · e2efb6c458
commit e2efb6c458
parent e58e04b0e9
3 changed files with 39 additions and 6 deletions
--- a/data/users/externalldap.py
+++ b/data/users/externalldap.py
@ -8,24 +8,34 @@ from data.users.federated import FederatedUsers, UserInformation

 logger = logging.getLogger(__name__)

+_DEFAULT_NETWORK_TIMEOUT = 10.0 # seconds
+_DEFAULT_TIMEOUT = 10.0 # seconds
+

 class LDAPConnectionBuilder(object):
-  def __init__(self, ldap_uri, user_dn, user_pw, allow_tls_fallback=False):
+  def __init__(self, ldap_uri, user_dn, user_pw, allow_tls_fallback=False,
+               timeout=None, network_timeout=None):
    self._ldap_uri = ldap_uri
    self._user_dn = user_dn
    self._user_pw = user_pw
    self._allow_tls_fallback = allow_tls_fallback
+    self._timeout = timeout
+    self._network_timeout = network_timeout

  def get_connection(self):
-    return LDAPConnection(self._ldap_uri, self._user_dn, self._user_pw, self._allow_tls_fallback)
+    return LDAPConnection(self._ldap_uri, self._user_dn, self._user_pw, self._allow_tls_fallback,
+                          self._timeout, self._network_timeout)


 class LDAPConnection(object):
-  def __init__(self, ldap_uri, user_dn, user_pw, allow_tls_fallback=False):
+  def __init__(self, ldap_uri, user_dn, user_pw, allow_tls_fallback=False,
+               timeout=None, network_timeout=None):
    self._ldap_uri = ldap_uri
    self._user_dn = user_dn
    self._user_pw = user_pw
    self._allow_tls_fallback = allow_tls_fallback
+    self._timeout = timeout
+    self._network_timeout = network_timeout
    self._conn = None

  def __enter__(self):
@ -33,6 +43,9 @@ class LDAPConnection(object):

    self._conn = ldap.initialize(self._ldap_uri, trace_level=trace_level)
    self._conn.set_option(ldap.OPT_REFERRALS, 1)
+    self._conn.set_option(ldap.OPT_NETWORK_TIMEOUT,
+                          self._network_timeout or _DEFAULT_NETWORK_TIMEOUT)
+    self._conn.set_option(ldap.OPT_TIMEOUT, self._timeout or _DEFAULT_TIMEOUT)

    if self._allow_tls_fallback:
      logger.debug('TLS Fallback enabled in LDAP')
@ -53,9 +66,12 @@ class LDAPUsers(FederatedUsers):
  _LDAPResult = namedtuple('LDAPResult', ['dn', 'attrs'])

  def __init__(self, ldap_uri, base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr,
-               allow_tls_fallback=False, secondary_user_rdns=None, requires_email=True):
+               allow_tls_fallback=False, secondary_user_rdns=None, requires_email=True,
+               timeout=None, network_timeout=None):
    super(LDAPUsers, self).__init__('ldap', requires_email)
-    self._ldap = LDAPConnectionBuilder(ldap_uri, admin_dn, admin_passwd, allow_tls_fallback)
+
+    self._ldap = LDAPConnectionBuilder(ldap_uri, admin_dn, admin_passwd, allow_tls_fallback,
+                                       timeout, network_timeout)
    self._ldap_uri = ldap_uri
    self._uid_attr = uid_attr
    self._email_attr = email_attr