Bug 38761 – enhance ldap connection decorators

Bug 38761 - enhance ldap connection decorators


Summary:	enhance ldap connection decorators

Status:	RESOLVED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	UMC (Generic)
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal with 2 votes (vote)
Target Milestone:	UCS 4.x
Assigned To:	UMC maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-06-24 12:33 CEST by Florian Best
Modified:	2020-07-03 20:53 CEST (History)
CC List:	1 user (show)

See Also:	decorators-rewrite unify-license-check
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Cleanup
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2015-06-24 12:33:13 CEST

Currently we are reimplementing functionality to cache and access ldap connections.
Currently we've got @LDAP_Connection in UDM, UVMM, UCS@school with differing semantic. We need this functionality now in appcenter, too (Bug #38345).

I suggest the following decorators as part of univention.lib:

@user_connection(user_dn=unicode, password=unicode, write=False)
@machine_connection(write=False)
@admin_connection()
@license_check
@ucr_reload(timeout=0.1)


The patch in Bug #36131 is also highly recommended.

Comment 1 Florian Best

2015-06-24 12:34:30 CEST

See also Bug #33949

Comment 2 Florian Best

2015-11-17 16:47:36 CET

They exist in UCS 4.1 as univention.management.console.ldap and are used by UDM, AppCenter and all UCS@school modules.

Comment 3 Florian Best

2015-12-02 13:30:26 CET

I see some design weaknesses of the implementation which can be further improoved:

1. The parameter "write" should be named "master"/"use_master". (The name "write" was used in UCS@school but doesn't reflect what it really does.)

2. If /etc/machine.secret or /etc/ldap.secret doesn't exists they return None instead of raising an exception. This has been done to be compliant with what the appcenter needed. But it requires checking the result.

3. If using the functions instead of the decorators a manual call to lo.unbind() will not cause the internal logic to recognize this change so that a invalid ldap connection is returned. Users must call univention.managment.console.ldap.reset_cache(). The problem here is also that it is not mentioned in some docstring. Maybe we can check the connection for validity with a no-op call before returning it, which would solve that problem.

Comment 4 Ingo Steuwer

2020-07-03 20:53:47 CEST

This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.