Skip to content

Add search after bind parameter #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Add search after bind parameter #5

wants to merge 6 commits into from

Conversation

@lmctv
Copy link

@lmctv lmctv commented Jan 20, 2013

This is the first part of the changes I've tried to send yesterday.

I've undone the part which seemed more controversial even to myself,
in the hope these changes could get in with less friction...

This request is meant to replace both

#3
#4

Thank you,

     lorenzo

@anilj: with this pull request,the base dn in itself is templated; I'm not really sure about
adding the means to enable passing an arbitrary dictionary into Connector.authenticate() and
Connector.user_groups(). Some more details on your use-case?

@lmctv lmctv mentioned this pull request Jan 20, 2013
Closed
lmctv added 6 commits January 21, 2013 14:07
@lmctv
Early getting of the searches from the registry
d96fda3 
To avoid useless activation of the context managers both in
Connector.ldap_login_query() and Connector.user_groups()
@lmctv
Wrap both LDAP operations in the same try: block
d31c9a9 
to correctly check exception from the first search too.
@lmctv
Be nicer to the directory server
9d17d4d 
by setting a sizelimit on authentication searches.
@lmctv
Skip server searches on empty query filter.
6f1de90 
The API has been preserved by refactoring the caching
and connection searching into a new _LDAPQuery.execute_cache
method that gets called in turn by _LDAPQuery.execute
@lmctv
Allow skipping/postponing the dn search
74f65da 
by refactoring the _LDAPQuery class:

  - slightly refactor _LDAPQuery.execute by splitting it into
    a new method _LDAPQuery.execute_cache, which does the real work
    of searching and caching, and a replacement _LDAPQuery.execute
    which will skip the call to execute_cache when filter_tmpl
    is empty.

  - directly call _LDAPQuery.execute_cache after entering the
    user-bind self.manager.connection() context manager
@lmctv
Escape login identifier before searching the entry.
2232f87 
This will avoid trivial DOS and ldap.FILTER_ERROR exceptions on
attempted logins by users sporting "funny" login names, like 'user*name'
or 'user(middle)name'.

This is a forward port of f3057446181106
to silence merge conflicts.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lmctv