Multiple named configurations #6

Open
wants to merge 21 commits into
from

Conversation

Projects
None yet
1 participant

lmctv commented Jan 22, 2013

This pull request is a superset of the previous one; hope you don't mind this much noise
coming from my side these days...

Thank you,

l.

lmctv added some commits Jan 20, 2013

Early getting of the searches from the registry
To avoid useless activation of the context managers both in
Connector.ldap_login_query() and Connector.user_groups()
Wrap both LDAP operations in the same try: block
to correctly check exception from the first search too.
Skip server searches on empty query filter.
The API has been preserved by refactoring the caching
and connection searching into a new _LDAPQuery.execute_cache
method that gets called in turn by _LDAPQuery.execute
Be nicer to the directory server
by setting a sizelimit on authentication searches.
Allow skipping/postponing the dn search
by refactoring the _LDAPQuery class:

  - slightly refactor _LDAPQuery.execute by splitting it into
    a new method _LDAPQuery.execute_cache, which does the real work
    of searching and caching, and a replacement _LDAPQuery.execute
    which will skip the call to execute_cache when filter_tmpl
    is empty.

  - directly call _LDAPQuery.execute_cache after entering the
    user-bind self.manager.connection() context manager
Escape login identifier before searching the entry.
This will avoid trivial DOS and ldap.FILTER_ERROR exceptions on
attempted logins by users sporting "funny" login names, like 'user*name'
or 'user(middle)name'.

This is a forward port of lmctv/pyramid_ldap@f305744
to silence merge conflicts.
Create context-named connections
This way, it becomes possible to add distinct ldap connectors
to the same pyramid app, and reference them by adding a context=...
discriminator to the api calls:

    ldap_setup()
    ldap_set_login_query()
    ldap_set_groups_query()
    get_ldap_connector()

and to the Connector's __init__ method.

Feature comes complete with unit tests...
Change authenticated_user's representation
to help groupfinder discriminate between configured backend contexts
Factor-out a get_connector_name
to simplify downstream integration.
Merge remote-tracking branch 'upstream/master'
into multiple_named_configurations
Docstring changes
Shorten one line and correct one typo.

lmctv commented Jun 9, 2013

@mcdonc: please tell me where should I send the beer box I bought to try and bribe you into taking a look at this PR :-)

lmctv added some commits Jul 1, 2014

Merge branch 'master' of github.com:Pylons/pyramid_ldap into multiple…
…_named_configurations

Conflicts:
	pyramid_ldap/__init__.py
Module users should know what changed
without being forced to read the vcs log
Document presence and usage of ``realm`` parameter
in `ldap_setup`,  `get_ldap_connector`, `ldap_set_login_query`
and `ldap_set_groups_query` API calls.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment