From ee913b21327806ca175902ad49df95a1b90d0efe Mon Sep 17 00:00:00 2001 From: Sven Haardiek Date: Sat, 11 Dec 2021 15:41:03 +0100 Subject: [PATCH 1/2] Add option pool_lifetime option to ldap This patch adds another option to the ldap connection. Next to the other pool connections, it is now possible to set the `pool_lifetime`. --- .../plugins/microservices/ldap_attribute_store.yaml.example | 3 +++ src/satosa/micro_services/ldap_attribute_store.py | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/example/plugins/microservices/ldap_attribute_store.yaml.example b/example/plugins/microservices/ldap_attribute_store.yaml.example index 4efe85072..35e1bf264 100644 --- a/example/plugins/microservices/ldap_attribute_store.yaml.example +++ b/example/plugins/microservices/ldap_attribute_store.yaml.example @@ -27,6 +27,9 @@ config: # pool_keepalive: seconds to wait between calls to server to keep the # connection alive; default: 10 pool_keepalive: 10 + # pool_lifetime: number of seconds before recreating a new connection + # in a pooled connection strategy. + pool_lifetime: None # Attributes to return from LDAP query. query_return_attributes: diff --git a/src/satosa/micro_services/ldap_attribute_store.py b/src/satosa/micro_services/ldap_attribute_store.py index 6d61559b1..fa0cb422f 100644 --- a/src/satosa/micro_services/ldap_attribute_store.py +++ b/src/satosa/micro_services/ldap_attribute_store.py @@ -61,6 +61,7 @@ class LdapAttributeStore(ResponseMicroService): "client_strategy": "REUSABLE", "pool_size": 10, "pool_keepalive": 10, + "pool_lifetime": None, } def __init__(self, config, *args, **kwargs): @@ -307,6 +308,7 @@ def _ldap_connection_factory(self, config): pool_size = config["pool_size"] pool_keepalive = config["pool_keepalive"] + pool_lifetime = config["pool_lifetime"] pool_name = ''.join(random.sample(string.ascii_lowercase, 6)) if client_strategy == ldap3.REUSABLE: @@ -314,6 +316,9 @@ def _ldap_connection_factory(self, config): logger.debug(msg) msg = "Using pool keep alive {}".format(pool_keepalive) logger.debug(msg) + if pool_lifetime: + msg = "Using pool lifetime {}".format(pool_lifetime) + logger.debug(msg) try: connection = ldap3.Connection( @@ -327,6 +332,7 @@ def _ldap_connection_factory(self, config): pool_name=pool_name, pool_size=pool_size, pool_keepalive=pool_keepalive, + pool_lifetime=pool_lifetime, ) msg = "Successfully connected to LDAP server" logger.debug(msg) From 97cbdf814dd7405ddc3a5ad372b3c9e81f1f12dd Mon Sep 17 00:00:00 2001 From: Sven Haardiek Date: Fri, 16 Jun 2023 15:56:37 +0200 Subject: [PATCH 2/2] =?UTF-8?q?Add=20tests=20f=C3=BCr=20ldap=20connection?= =?UTF-8?q?=20configuration?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch adds tests to check the configuration of the ldap connection. Signed-off-by: Sven Haardiek --- .../test_ldap_attribute_store.py | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/tests/satosa/micro_services/test_ldap_attribute_store.py b/tests/satosa/micro_services/test_ldap_attribute_store.py index e3af1a7f5..26dc3b9fb 100644 --- a/tests/satosa/micro_services/test_ldap_attribute_store.py +++ b/tests/satosa/micro_services/test_ldap_attribute_store.py @@ -2,6 +2,8 @@ from copy import deepcopy +from ldap3 import AUTO_BIND_NO_TLS, MOCK_SYNC + from satosa.internal import AuthenticationInformation from satosa.internal import InternalData from satosa.micro_services.ldap_attribute_store import LdapAttributeStore @@ -107,3 +109,60 @@ def test_attributes_general(self, ldap_attribute_store): internal_attr = ldap_to_internal_map[ldap_attr] response_attr = response.attributes[internal_attr] assert(ldap_value in response_attr) + + @pytest.mark.parametrize( + 'config,connection_attributes', + [ + ( + { + 'auto_bind': 'AUTO_BIND_NO_TLS', + 'client_strategy': 'MOCK_SYNC', + 'ldap_url': 'ldap://satosa.example.com', + 'bind_dn': 'uid=readonly_user,ou=system,dc=example,dc=com', + 'bind_password': 'password', + }, + { + 'user': 'uid=readonly_user,ou=system,dc=example,dc=com', + 'password': 'password', + 'auto_bind': AUTO_BIND_NO_TLS, + 'strategy_type': MOCK_SYNC, + 'read_only': True, + 'version': 3, + 'pool_size': 10, + 'pool_keepalive': 10, + 'pool_lifetime': None, + }, + ), + ( + { + 'auto_bind': 'AUTO_BIND_NO_TLS', + 'client_strategy': 'MOCK_SYNC', + 'ldap_url': 'ldap://satosa.example.com', + 'bind_dn': 'uid=readonly_user,ou=system,dc=example,dc=com', + 'bind_password': 'password', + 'pool_size': 40, + 'pool_keepalive': 41, + 'pool_lifetime': 42, + }, + { + 'user': 'uid=readonly_user,ou=system,dc=example,dc=com', + 'password': 'password', + 'auto_bind': AUTO_BIND_NO_TLS, + 'strategy_type': MOCK_SYNC, + 'read_only': True, + 'version': 3, + 'pool_size': 40, + 'pool_keepalive': 41, + 'pool_lifetime': 42, + }, + ), + ] + ) + def test_connection_config(self, config, connection_attributes): + ldapAttributeStore = LdapAttributeStore({'default': config}, + name="test_ldap_attribute_store", + base_url="https://satosa.example.com") + connection = ldapAttributeStore.config['default']['connection'] + + for k, v in connection_attributes.items(): + assert getattr(connection, k) == v