Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

restrict ldap session length #551

Open
baszoetekouw opened this issue Nov 21, 2024 · 1 comment
Open

restrict ldap session length #551

baszoetekouw opened this issue Nov 21, 2024 · 1 comment
Assignees

Comments

@baszoetekouw
Copy link
Member

Currently, the session length for an ldap connection seem pretty long (at least > 2 hours). This is problematic, because the session keeps being active, even if the bind password has been reset after the session has started.

So, we want to terminate ldap connections after 15 minutes or so. However, I can't find an option to do that.

Script to test this:

import time
from datetime import datetime
from ldap3 import Server, Connection, ALL, Tls

# Configuration
LDAP_SERVER = 'ldaps://ldap.test.sram.surf.nl'  # Replace with your LDAP server address
LDAP_PORT = 636  # Default port for LDAPS
LDAP_USER = 'cn=admin,dc=123,dc=services,dc=sram-tst,dc=surf,dc=nl'  # Replace with your LDAP bind DN
LDAP_PASSWORD = 'the_password'
SEARCH_BASE = 'dc=123,dc=services,dc=sram-tst,dc=surf,dc=nl'  # Base DN for the search
SEARCH_FILTER = '(objectClass=person)'  # Adjust filter as needed
SEARCH_ATTRIBUTES = ['uid', 'mail']  # Attributes to retrieve

# TLS configuration (optional)
tls_config = Tls()

try:
    # Initialize server and connection
    server = Server(LDAP_SERVER, port=LDAP_PORT, use_ssl=True, get_info=ALL, tls=tls_config)
    conn = Connection(server, user=LDAP_USER, password=LDAP_PASSWORD, auto_bind=True)

    print("Connected to the LDAP server successfully.")

    # Keep the session open and run queries periodically
    i=0
    while i:=i+1:
        conn.search(search_base=SEARCH_BASE,
                    search_filter=SEARCH_FILTER,
                    attributes=SEARCH_ATTRIBUTES)

        print(f"{i: 4d} {datetime.now()}  Search results ({len(conn.entries)} entries found)")

        # Wait for 10 seconds before the next query
        time.sleep(60)

except Exception as e:
    print(f"An error occurred: {e}")

finally:
    if 'conn' in locals() and conn.bound:
        conn.unbind()
        print("LDAP connection closed.")
@mrvanes
Copy link
Contributor

mrvanes commented Dec 16, 2024

I did some searching as well and can't find a setting to limit sessions

@mrvanes mrvanes moved this from Todo to Icebox in SRAM development Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Icebox
Development

No branches or pull requests

2 participants