External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-24 20:35:02 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #533 from cchurch/cache_ldap_user_groups

Browse Source 
Prefetch LDAP user groups to reduce queries for checking group membership
This commit is contained in:
Matthew Jones
2015-12-16 11:28:30 -05:00
parent 70e9d621c0 8552ea91a8
commit 63a2299dd2
5 changed files with 38 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/main/tests/users.py
View File

@@ -929,7 +929,7 @@ class LdapTest(BaseTest):
if not self.ldap_password: if not self.ldap_password:
self.skipTest('no test LDAP password defined') self.skipTest('no test LDAP password defined')
# Set test LDAP settings that are always needed. # Set test LDAP settings that are always needed.
for name in ('SERVER_URI', 'BIND_DN', 'BIND_PASSWORD', 'USE_TLS'): for name in ('SERVER_URI', 'BIND_DN', 'BIND_PASSWORD', 'USE_TLS', 'CONNECTION_OPTIONS'):
self.use_test_setting(name) self.use_test_setting(name)
def check_login(self, username=None, password=None, should_fail=False): def check_login(self, username=None, password=None, should_fail=False):

7
awx/settings/defaults.py
View File

@@ -4,6 +4,7 @@
import os import os
import re # noqa import re # noqa
import sys import sys
import ldap
import djcelery import djcelery
from datetime import timedelta from datetime import timedelta
@@ -231,6 +232,12 @@ AUTHENTICATION_BACKENDS = (
# LDAP server (default to None to skip using LDAP authentication). # LDAP server (default to None to skip using LDAP authentication).
AUTH_LDAP_SERVER_URI = None AUTH_LDAP_SERVER_URI = None
# Disable LDAP referrals by default (to prevent certain LDAP queries from
# hanging with AD).
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0,
}
# Radius server settings (default to empty string to skip using Radius auth). # Radius server settings (default to empty string to skip using Radius auth).
RADIUS_SERVER = '' RADIUS_SERVER = ''
RADIUS_PORT = 1812 RADIUS_PORT = 1812

17
awx/settings/local_settings.py.docker_compose
View File

@@ -167,6 +167,11 @@ LOGGING['handlers']['syslog'] = {
# Refer to django-auth-ldap docs for more details: # Refer to django-auth-ldap docs for more details:
# http://pythonhosted.org/django-auth-ldap/authentication.html # http://pythonhosted.org/django-auth-ldap/authentication.html
# Imports needed for LDAP configuration.
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
from django_auth_ldap.config import ActiveDirectoryGroupType
# LDAP server URI, such as "ldap://ldap.example.com:389" (non-SSL) or # LDAP server URI, such as "ldap://ldap.example.com:389" (non-SSL) or
# "ldaps://ldap.example.com:636" (SSL). LDAP authentication is disable if this # "ldaps://ldap.example.com:636" (SSL). LDAP authentication is disable if this
# parameter is empty. # parameter is empty.
@@ -183,10 +188,11 @@ AUTH_LDAP_BIND_PASSWORD = ''
# Enable TLS when the connection is not using SSL. # Enable TLS when the connection is not using SSL.
AUTH_LDAP_START_TLS = False AUTH_LDAP_START_TLS = False
# Imports needed for remaining LDAP configuration. # Additional options to set for the LDAP connection. LDAP referrals are
import ldap # disabled by default (to prevent certain LDAP queries from hanging with AD).
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion AUTH_LDAP_CONNECTION_OPTIONS = {
from django_auth_ldap.config import ActiveDirectoryGroupType ldap.OPT_REFERRALS: 0,
}
# LDAP search query to find users. # LDAP search query to find users.
AUTH_LDAP_USER_SEARCH = LDAPSearch( AUTH_LDAP_USER_SEARCH = LDAPSearch(
@@ -334,6 +340,9 @@ TEST_AUTH_LDAP_SERVER_URI = ''
TEST_AUTH_LDAP_BIND_DN = '' TEST_AUTH_LDAP_BIND_DN = ''
TEST_AUTH_LDAP_BIND_PASSWORD = '' TEST_AUTH_LDAP_BIND_PASSWORD = ''
TEST_AUTH_LDAP_START_TLS = False TEST_AUTH_LDAP_START_TLS = False
TEST_AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0,
}
# LDAP username/password for testing authentication. # LDAP username/password for testing authentication.
TEST_AUTH_LDAP_USERNAME = '' TEST_AUTH_LDAP_USERNAME = ''

17
awx/settings/local_settings.py.example
View File

@@ -165,6 +165,11 @@ LOGGING['handlers']['syslog'] = {
# Refer to django-auth-ldap docs for more details: # Refer to django-auth-ldap docs for more details:
# http://pythonhosted.org/django-auth-ldap/authentication.html # http://pythonhosted.org/django-auth-ldap/authentication.html
# Imports needed for LDAP configuration.
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
from django_auth_ldap.config import ActiveDirectoryGroupType
# LDAP server URI, such as "ldap://ldap.example.com:389" (non-SSL) or # LDAP server URI, such as "ldap://ldap.example.com:389" (non-SSL) or
# "ldaps://ldap.example.com:636" (SSL). LDAP authentication is disable if this # "ldaps://ldap.example.com:636" (SSL). LDAP authentication is disable if this
# parameter is empty. # parameter is empty.
@@ -181,10 +186,11 @@ AUTH_LDAP_BIND_PASSWORD = ''
# Enable TLS when the connection is not using SSL. # Enable TLS when the connection is not using SSL.
AUTH_LDAP_START_TLS = False AUTH_LDAP_START_TLS = False
# Imports needed for remaining LDAP configuration. # Additional options to set for the LDAP connection. LDAP referrals are
import ldap # disabled by default (to prevent certain LDAP queries from hanging with AD).
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion AUTH_LDAP_CONNECTION_OPTIONS = {
from django_auth_ldap.config import ActiveDirectoryGroupType ldap.OPT_REFERRALS: 0,
}
# LDAP search query to find users. # LDAP search query to find users.
AUTH_LDAP_USER_SEARCH = LDAPSearch( AUTH_LDAP_USER_SEARCH = LDAPSearch(
@@ -332,6 +338,9 @@ TEST_AUTH_LDAP_SERVER_URI = ''
TEST_AUTH_LDAP_BIND_DN = '' TEST_AUTH_LDAP_BIND_DN = ''
TEST_AUTH_LDAP_BIND_PASSWORD = '' TEST_AUTH_LDAP_BIND_PASSWORD = ''
TEST_AUTH_LDAP_START_TLS = False TEST_AUTH_LDAP_START_TLS = False
TEST_AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0,
}
# LDAP username/password for testing authentication. # LDAP username/password for testing authentication.
TEST_AUTH_LDAP_USERNAME = '' TEST_AUTH_LDAP_USERNAME = ''

4
awx/sso/backends.py
View File

@@ -199,6 +199,10 @@ def on_populate_user(sender, **kwargs):
ldap_user = kwargs['ldap_user'] ldap_user = kwargs['ldap_user']
backend = ldap_user.backend backend = ldap_user.backend
# Prefetch user's groups to prevent LDAP queries for each org/team when
# checking membership.
ldap_user._get_groups().get_group_dns()
# Update organization membership based on group memberships. # Update organization membership based on group memberships.
org_map = getattr(backend.settings, 'ORGANIZATION_MAP', {}) org_map = getattr(backend.settings, 'ORGANIZATION_MAP', {})
for org_name, org_opts in org_map.items(): for org_name, org_opts in org_map.items():