This is an automated email from the ASF dual-hosted git repository.
rubys pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 0965095 Prep for separate RO and RW LDAP hosts
0965095 is described below
commit 09650958096135c38057439461091a720a752914
Author: Sam Ruby <[email protected]>
AuthorDate: Sat Feb 24 10:33:13 2018 -0500
Prep for separate RO and RW LDAP hosts
The list of RW_HOSTS will be only be used when LDAP is bound to a specific
user id. The RO_HOSTS will be used for all other operations.
Fix a problem where the configuration method was picking up the set of LDAP
servers from /etc/[open]ldap/ldap.config instead of the current set of
servers.
---
lib/whimsy/asf/ldap.rb | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/lib/whimsy/asf/ldap.rb b/lib/whimsy/asf/ldap.rb
index ff3677c..f8b5c14 100644
--- a/lib/whimsy/asf/ldap.rb
+++ b/lib/whimsy/asf/ldap.rb
@@ -47,12 +47,14 @@ module ASF
# Derived from the following sources:
# *
https://github.com/apache/infrastructure-puppet/blob/deployment/data/common.yaml
(ldapserver::slapd_peers)
# Updated 2018-02-24
- HOSTS = %w(
+ RO_HOSTS = %w(
ldaps://ldap1-ec2-va.apache.org:636
ldaps://ldap1-il-eu.apache.org:636
ldaps://ldap2-lw-us.apache.org:636
)
+ RW_HOSTS = RO_HOSTS
+
# Mutex preventing simultaneous connections to LDAP from a single process
CONNECT_LOCK = Mutex.new
@@ -82,7 +84,9 @@ module ASF
end
# connect to LDAP
- def self.connect(test = true)
+ def self.connect(test = true, hosts = nil)
+ hosts ||= self.hosts
+
# Try each host at most once
hosts.length.times do
# Ensure we use each host in turn
@@ -137,7 +141,7 @@ module ASF
raise ::LDAP::ResultError.new('Unknown user') unless dn
ASF.ldap.unbind if ASF.ldap.bound? rescue nil
- ldap = ASF.init_ldap(true)
+ ldap = ASF.init_ldap(true, RW_HOSTS)
if block
ASF.flush_weakrefs
ldap.bind(dn, password, &block)
@@ -174,13 +178,13 @@ module ASF
end
# determine what LDAP hosts are available
- def self.hosts
+ def self.hosts(use_config = true)
return @hosts if @hosts # cache the hosts list
# try whimsy config
hosts = Array(ASF::Config.get(:ldap))
# check system configuration
- if hosts.empty?
+ if use_config and hosts.empty?
conf = "#{ETCLDAP}/ldap.conf"
if File.exist? conf
uris = File.read(conf)[/^uri\s+(.*)/i, 1].to_s
@@ -193,7 +197,7 @@ module ASF
# if all else fails, use default list
Wunderbar.debug "Using default host list" if hosts.empty?
- hosts = ASF::LDAP::HOSTS if hosts.empty?
+ hosts = ASF::LDAP::RO_HOSTS if hosts.empty?
hosts.shuffle!
#Wunderbar.debug "Hosts:\n#{hosts.join(' ')}"
@@ -235,7 +239,7 @@ module ASF
# provide the URIs of the ldap hosts
content.gsub!(/^URI/, '# URI')
content += "uri \n" unless content =~ /^uri /
- content[/uri (.*)\n/, 1] = hosts.join(' ')
+ content[/uri (.*)\n/, 1] = hosts(false).join(' ')
# verify/set the base
unless content.include? 'base dc=apache'
@@ -281,10 +285,10 @@ module ASF
end
# public entry point for establishing a connection safely
- def self.init_ldap(reset = false)
+ def self.init_ldap(reset = false, hosts = nil)
ASF::LDAP::CONNECT_LOCK.synchronize do
@ldap = nil if reset
- @ldap ||= ASF::LDAP.connect(!reset)
+ @ldap ||= ASF::LDAP.connect(!reset, hosts)
end
end
@@ -1461,7 +1465,7 @@ if __FILE__ == $0
module ASF
module LDAP
def self.getHOSTS # :nodoc:
- HOSTS
+ RO_HOSTS
end
end
end
--
To stop receiving notification emails like this one, please contact
[email protected].
