Univention Bugzilla – Bug 38761
enhance ldap connection decorators
Last modified: 2020-07-03 20:53:47 CEST
Currently we are reimplementing functionality to cache and access ldap connections. Currently we've got @LDAP_Connection in UDM, UVMM, UCS@school with differing semantic. We need this functionality now in appcenter, too (Bug #38345). I suggest the following decorators as part of univention.lib: @user_connection(user_dn=unicode, password=unicode, write=False) @machine_connection(write=False) @admin_connection() @license_check @ucr_reload(timeout=0.1) The patch in Bug #36131 is also highly recommended.
See also Bug #33949
They exist in UCS 4.1 as univention.management.console.ldap and are used by UDM, AppCenter and all UCS@school modules.
I see some design weaknesses of the implementation which can be further improoved: 1. The parameter "write" should be named "master"/"use_master". (The name "write" was used in UCS@school but doesn't reflect what it really does.) 2. If /etc/machine.secret or /etc/ldap.secret doesn't exists they return None instead of raising an exception. This has been done to be compliant with what the appcenter needed. But it requires checking the result. 3. If using the functions instead of the decorators a manual call to lo.unbind() will not cause the internal logic to recognize this change so that a invalid ldap connection is returned. Users must call univention.managment.console.ldap.reset_cache(). The problem here is also that it is not mentioned in some docstring. Maybe we can check the connection for validity with a no-op call before returning it, which would solve that problem.
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.