sources/ldap: set connect/receive timeout (default to 15s)

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-11-09 22:27:58 +01:00
parent 8003d67844
commit 4a773b2b4f
2 changed files with 6 additions and 2 deletions

View file

@ -7,7 +7,7 @@ from structlog.stdlib import get_logger
from authentik.core.auth import InbuiltBackend from authentik.core.auth import InbuiltBackend
from authentik.core.models import User from authentik.core.models import User
from authentik.sources.ldap.models import LDAPSource from authentik.sources.ldap.models import LDAP_TIMEOUT, LDAPSource
LOGGER = get_logger() LOGGER = get_logger()
LDAP_DISTINGUISHED_NAME = "distinguishedName" LDAP_DISTINGUISHED_NAME = "distinguishedName"
@ -62,6 +62,7 @@ class LDAPBackend(InbuiltBackend):
user=user.attributes.get(LDAP_DISTINGUISHED_NAME), user=user.attributes.get(LDAP_DISTINGUISHED_NAME),
password=password, password=password,
raise_exceptions=True, raise_exceptions=True,
receive_timeout=LDAP_TIMEOUT,
) )
temp_connection.bind() temp_connection.bind()
return user return user

View file

@ -9,6 +9,8 @@ from rest_framework.serializers import Serializer
from authentik.core.models import Group, PropertyMapping, Source from authentik.core.models import Group, PropertyMapping, Source
from authentik.lib.models import DomainlessURLValidator from authentik.lib.models import DomainlessURLValidator
LDAP_TIMEOUT = 15
class LDAPSource(Source): class LDAPSource(Source):
"""Federate LDAP Directory with authentik, or create new accounts in LDAP.""" """Federate LDAP Directory with authentik, or create new accounts in LDAP."""
@ -86,12 +88,13 @@ class LDAPSource(Source):
def connection(self) -> Connection: def connection(self) -> Connection:
"""Get a fully connected and bound LDAP Connection""" """Get a fully connected and bound LDAP Connection"""
if not self._connection: if not self._connection:
server = Server(self.server_uri, get_info=ALL) server = Server(self.server_uri, get_info=ALL, connect_timeout=LDAP_TIMEOUT)
self._connection = Connection( self._connection = Connection(
server, server,
raise_exceptions=True, raise_exceptions=True,
user=self.bind_cn, user=self.bind_cn,
password=self.bind_password, password=self.bind_password,
receive_timeout=LDAP_TIMEOUT,
) )
self._connection.bind() self._connection.bind()