Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server/sources/ldapuser.py
branchstable
changeset 5456 d040889fac4e
parent 5426 0d4853a6e5ee
parent 5455 3dc47a52dd19
child 5603 d8d9f4ec252d
equal deleted inserted replaced
5451:7b2e9f774028 5456:d040889fac4e 
    42 import ldap
 
    42 import ldap
 
    43 from ldap.ldapobject import ReconnectLDAPObject
 
    43 from ldap.ldapobject import ReconnectLDAPObject
 
    44 from ldap.filter import filter_format, escape_filter_chars
 
    44 from ldap.filter import filter_format, escape_filter_chars
 
    45 from ldapurl import LDAPUrl
 
    45 from ldapurl import LDAPUrl
 
    46 
    46 
       
    47 from logilab.common.configuration import time_validator
 
    47 from cubicweb import AuthenticationError, UnknownEid, RepositoryError
 
    48 from cubicweb import AuthenticationError, UnknownEid, RepositoryError
 
    48 from cubicweb.server.utils import cartesian_product
 
    49 from cubicweb.server.utils import cartesian_product
 
    49 from cubicweb.server.sources import (AbstractSource, TrFunc, GlobTrFunc,
 
    50 from cubicweb.server.sources import (AbstractSource, TrFunc, GlobTrFunc,
 
    50                                      ConnectionWrapper, TimedCache)
 
    51                                      ConnectionWrapper, TimedCache)
 
    51 
    52 
    83         ('auth-mode',
 
    84         ('auth-mode',
 
    84          {'type' : 'choice',
 
    85          {'type' : 'choice',
 
    85           'default': 'simple',
 
    86           'default': 'simple',
 
    86           'choices': ('simple', 'cram_md5', 'digest_md5', 'gssapi'),
 
    87           'choices': ('simple', 'cram_md5', 'digest_md5', 'gssapi'),
 
    87           'help': 'authentication mode used to authenticate user to the ldap.',
 
    88           'help': 'authentication mode used to authenticate user to the ldap.',
 
    88           'group': 'ldap-source', 'level': 1,
 
    89           'group': 'ldap-source', 'level': 3,
 
    89           }),
 
    90           }),
 
    90         ('auth-realm',
 
    91         ('auth-realm',
 
    91          {'type' : 'string',
 
    92          {'type' : 'string',
 
    92           'default': None,
 
    93           'default': None,
 
    93           'help': 'realm to use when using gssapi/kerberos authentication.',
 
    94           'help': 'realm to use when using gssapi/kerberos authentication.',
 
    94           'group': 'ldap-source', 'level': 1,
 
    95           'group': 'ldap-source', 'level': 3,
 
    95           }),
 
    96           }),
 
    96 
    97 
    97         ('data-cnx-dn',
 
    98         ('data-cnx-dn',
 
    98          {'type' : 'string',
 
    99          {'type' : 'string',
 
    99           'default': '',
 
   100           'default': '',
 
   150         ('synchronization-interval',
 
   151         ('synchronization-interval',
 
   151          {'type' : 'time',
 
   152          {'type' : 'time',
 
   152           'default': '1d',
 
   153           'default': '1d',
 
   153           'help': 'interval between synchronization with the ldap \
 
   154           'help': 'interval between synchronization with the ldap \
 
   154 directory (default to once a day).',
 
   155 directory (default to once a day).',
 
   155           'group': 'ldap-source', 'level': 2,
 
   156           'group': 'ldap-source', 'level': 3,
 
   156           }),
 
   157           }),
 
   157         ('cache-life-time',
 
   158         ('cache-life-time',
 
   158          {'type' : 'time',
 
   159          {'type' : 'time',
 
   159           'default': '2h',
 
   160           'default': '2h',
 
   160           'help': 'life time of query cache in minutes (default to two hours).',
 
   161           'help': 'life time of query cache in minutes (default to two hours).',
 
   161           'group': 'ldap-source', 'level': 2,
 
   162           'group': 'ldap-source', 'level': 3,
 
   162           }),
 
   163           }),
 
   163 
   164 
   164     )
 
   165     )
 
   165 
   166 
   166     def __init__(self, repo, appschema, source_config, *args, **kwargs):
 
   167     def __init__(self, repo, appschema, source_config, *args, **kwargs):
 
   184             self.user_rev_attrs[cwattr] = ldapattr
 
   185             self.user_rev_attrs[cwattr] = ldapattr
 
   185         self.base_filters = [filter_format('(%s=%s)', ('objectClass', o))
 
   186         self.base_filters = [filter_format('(%s=%s)', ('objectClass', o))
 
   186                               for o in self.user_classes]
 
   187                               for o in self.user_classes]
 
   187         self._conn = None
 
   188         self._conn = None
 
   188         self._cache = {}
 
   189         self._cache = {}
 
   189         ttlm = int(source_config.get('cache-life-type', 2*60))
 
   190         ttlm = time_validator(None, None,
 
       
   191                               source_config.get('cache-life-time', 2*60))
 
   190         self._query_cache = TimedCache(ttlm)
 
   192         self._query_cache = TimedCache(ttlm)
 
   191         self._interval = int(source_config.get('synchronization-interval',
 
   193         self._interval = time_validator(None, None,
 
       
   194                                         source_config.get('synchronization-interval',
 
   192                                                24*60*60))
 
   195                                                24*60*60))
 
   193 
   196 
   194     def reset_caches(self):
 
   197     def reset_caches(self):
 
   195         """method called during test to reset potential source caches"""
 
   198         """method called during test to reset potential source caches"""
 
   196         self._cache = {}
 
   199         self._cache = {}
cubicweb