From: Michael Tremer Date: Sat, 18 May 2019 12:02:38 +0000 (+0100) Subject: accounts: Bind to LDAP after reconnect X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6e33e8e1e9e25d89245148f35950ebc07a16f735;p=ipfire.org.git accounts: Bind to LDAP after reconnect This change makes sure that we are always authenticated against the LDAP server before performing any write operations Signed-off-by: Michael Tremer --- diff --git a/src/backend/accounts.py b/src/backend/accounts.py index 8c00a35a..d25bbcb7 100644 --- a/src/backend/accounts.py +++ b/src/backend/accounts.py @@ -35,16 +35,15 @@ class Accounts(Object): logging.debug("Connecting to LDAP server: %s" % ldap_uri) # Connect to the LDAP server - conn = ldap.ldapobject.ReconnectLDAPObject(ldap_uri, + return ldap.ldapobject.ReconnectLDAPObject(ldap_uri, retry_max=10, retry_delay=3) + def _authenticate(self): # Bind with username and password - bind_dn = self.settings.get("ldap_bind_dn") - if bind_dn: - bind_pw = self.settings.get("ldap_bind_pw", "") - conn.simple_bind(bind_dn, bind_pw) - - return conn + self.ldap.simple_bind( + self.settings.get("ldap_bind_dn"), + self.settings.get("ldap_bind_pw", ""), + ) def _query(self, query, attrlist=None, limit=0, search_base=None): logging.debug("Performing LDAP query: %s" % query) @@ -204,6 +203,7 @@ class Accounts(Object): dn = "uid=%s,ou=People,dc=mcfly,dc=local" % uid # Create account on LDAP + self.accounts._authenticate() self.ldap.add_s(dn, ldap.modlist.addModlist(account)) # Return account @@ -314,6 +314,9 @@ class Account(Object): def _modify(self, modlist): logging.debug("Modifying %s: %s" % (self.dn, modlist)) + # Authenticate before performing any write operations + self.accounts._authenticate() + # Run modify operation self.ldap.modify_s(self.dn, modlist)