LDAPService

class gafaelfawr.services.ldap.LDAPService(*, ldap, group_cache, group_name_cache, user_cache, logger)

Bases: object

Perform LDAP lookups for user information.

This collects all of the LDAP search logic. It is primarily intended to be used by the user information service rather than called directly.

Parameters:

• ldap (LDAPStorage) – The underlying LDAP query layer.

• group_cache (LDAPCache[list[TokenGroup]]) – Cache of user group information (including GIDs).

• group_name_cache (LDAPCache[list[str]]) – Cache of group names.

• user_cache (LDAPCache[LDAPUserData]) – Cache of user information from LDAP.

• logger (BoundLogger) – Logger to use.

Methods Summary

get_data(username, *[, uncached])	Get configured data from LDAP.
get_group_names(username, gid, *[, uncached])	Get the names of user groups from LDAP.
get_groups(username, gid, *[, uncached])	Get user group membership and GIDs from LDAP.
invalidate_cache(username)	Invalidate the cache for a given user.

Methods Documentation

async get_data(username, *, uncached=False)

Get configured data from LDAP.

Returns all data configured to be retrieved from LDAP.

Parameters:

• username (str) – Username of the user.

• uncached (bool, default: False) – Bypass the cache, used for health checks.

Returns:

The retrieved data.

Return type:

LDAPUserData

async get_group_names(username, gid, *, uncached=False)

Get the names of user groups from LDAP.

Parameters:

• username (str) – Username of the user.

• gid (int | None) – Primary GID if set. If not None, search for the group with this GID and add it to the user’s group memberships. This handles LDAP configurations where the user’s primary group is represented only by their GID and not their group memberships.

• uncached (bool, default: False) – Bypass the cache, used for health checks.

Returns:

The names of the user’s groups according to LDAP.

Return type:

list of str

async get_groups(username, gid, *, uncached=False)

Get user group membership and GIDs from LDAP.

Parameters:

• username (str) – Username for which to get information.

• gid (int | None) – Primary GID if set. If not None, the user’s groups will be checked for this GID. If it’s not found, search for the group with this GID and add it to the user’s group memberships. This handles LDAP configurations where the user’s primary group is represented only by their GID and not their group memberships.

• uncached (bool, default: False) – Bypass the cache, used for health checks.

Returns:

Groups of the user.

Return type:

list of TokenGroup

Raises:

LDAPError – An error occurred when retrieving user information from LDAP.

async invalidate_cache(username)

Invalidate the cache for a given user.

Parameters:

username (str) – Username of the user.

Return type:

None