Use Twisted endpoint strings to specify the LDAP backend.

Using the new syntax, we can now even specify a connection establishment timeout (see #10).
privacyidea · Feb 16, 2017 · d0624f6 · d0624f6
1 parent fbe994f
commit d0624f6
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 8 deletions.
diff --git a/example-proxy.ini b/example-proxy.ini
@@ -5,9 +5,11 @@ endpoint = http://10.0.0.1/validate/check
 realm =
 
 [ldap-backend]
-# Host and port of the LDAP backend server
-host = 10.0.0.2
-port = 389
+# Location of the LDAP backend server, specified using the Twisted endpoint string syntax:
+# https://twistedmatrix.com/documents/16.4.1/core/howto/endpoints.html#endpoint-types-included-with-twisted
+# You can also specify a timeout for connection establishment here (by providing timeout=X)
+# CAUTION: LDAPS/STARTTLS is currently unsupported!
+endpoint = tcp:host=10.0.0.2:port=389
 # Enabling/disabling of TLS (currently unsupported)
 use-tls = false
 

diff --git a/pi_ldapproxy/config.py b/pi_ldapproxy/config.py
@@ -10,8 +10,7 @@
 realm = string(default='')
 
 [ldap-backend]
-host = string
-port = integer
+endpoint = string
 use-tls = boolean
 
 [ldap-proxy]

diff --git a/pi_ldapproxy/proxy.py b/pi_ldapproxy/proxy.py
@@ -22,8 +22,6 @@
 
 log = Logger()
 
-PROXIED_ENDPOINT_TEMPLATE = 'tcp:host={backend[host]}:port={backend[port]}'
-
 class ProxyError(Exception):
     pass
 
@@ -190,7 +188,7 @@ def __init__(self, config):
             print 'LDAP over TLS is currently unsupported. Exiting.'
             sys.exit(1)
 
-        self.proxied_endpoint_string = PROXIED_ENDPOINT_TEMPLATE.format(backend=config['ldap-backend'])
+        self.proxied_endpoint_string = config['ldap-backend']['endpoint']
         self.validate_url = config['privacyidea']['endpoint']
         self.validate_realm = config['privacyidea']['realm']