Prefetch ldap ticket to optimize ldap connectionswebui_isolate

Signed-off-by: Simo Sorce <simo@redhat.com>
author: Simo Sorce <simo@redhat.com> 2017-02-14 17:51:08 -0500
committer: Simo Sorce <simo@redhat.com> 2017-02-14 17:51:08 -0500
commit: 4936fc7947ab306b329a72019443af8b6fb9b38a (patch)
tree: 96b5275d578ebcabb46a1cc8696b1c0b8ed4bd93
parent: ea0e7cffc70099237e2de455df28953468aad679 (diff)
download: freeipa-webui_isolate.tar.gz
freeipa-webui_isolate.tar.xz
freeipa-webui_isolate.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
index 357e836f9..6bd02c918 100644
--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@@ -610,6 +610,21 @@ class KerberosSession(HTTP_Status):
 
         headers.append(('IPASESSION', session_cookie))
 
+        # Optimize later operations by prefetching and caching a ticket for the
+        # ldap service instead of requesting a new one for each ldap operation
+        try:
+            store = {'ccache': ccache_name}
+            creds = gssapi.Credentials(usage='initiate', store=store)
+            name = gssapi.Name('ldap@{0}'.format(target),
+                               name_type=gssapi.NameType.hostbased_service)
+            gss_ctx = gssapi.SecurityContext(creds=creds, name=name,
+                                             usage='initiate')
+            gss_ctx.step()
+            creds.store(store=store, usage='initiate', overwrite=True)
+        except Exception as e:
+            self.debug('Failed Init-sec for ldap@ (caching ticket): %s' % e)
+            pass
+
         start_response(HTTP_STATUS_SUCCESS, headers)
         return ['']
author	Simo Sorce <simo@redhat.com>	2017-02-14 17:51:08 -0500
committer	Simo Sorce <simo@redhat.com>	2017-02-14 17:51:08 -0500
commit	4936fc7947ab306b329a72019443af8b6fb9b38a (patch)
tree	96b5275d578ebcabb46a1cc8696b1c0b8ed4bd93
parent	ea0e7cffc70099237e2de455df28953468aad679 (diff)
download	freeipa-webui_isolate.tar.gz freeipa-webui_isolate.tar.xz freeipa-webui_isolate.zip