Leaving a connection open

Michael Ströder michael at stroeder.com
Fri Mar 28 01:05:48 CET 2008 

Ron Teitelbaum wrote:
> 
> I'm getting
> can't-contact-ldap-server errors that I thought this would help with.  Note,
> I believe this is different from the server down error you are mentioning.  

Believe me it's not different. ldap.SERVER_DOWN is the exact exception class 
which you have to catch with except ldap.SERVER_DOWN. "Can't contact LDAP 
server" is the descriptive text (diagnostic message) for that. Note that 
this very same exception is raised if anything goes wrong with SSL/TLS and 
cert checking but with another descriptive text coming from the underlying 
SSL lib.

 > How can I create the server_down error for testing?

Example for a connect to a non-existing server:

 >>> l=ldap.initialize('ldap://localhost:1234')
 >>> l.simple_bind_s('cn=root','blurb')
Traceback (most recent call last):
   File "<stdin>", line 1, in <module>
   File "/usr/lib/python2.6/site-packages/ldap/ldapobject.py", line 201, in 
simple_bind_s
     msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
   File "/usr/lib/python2.6/site-packages/ldap/ldapobject.py", line 195, in 
simple_bind
     return 
self._ldap_call(self._l.simple_bind,who,cred,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls))
   File "/usr/lib/python2.6/site-packages/ldap/ldapobject.py", line 96, in 
_ldap_call
     result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}
 >>>

> Would shutting off slapd cause this error (I assume),

Yes. That's how ReconnectLDAPObject was tested.

> We are assessing our production environment.  For now we are staying with
> Python2.4.4, is python-ldap 2.3.1 stable with Python-2.4.4?

Provided python-ldap 2.3.1 was built from source it's stable. If you're 
using a binary package for which the package maintainer applied a patch set 
you have to ask the package maintainer.

Also note that stable means it has to be linked to stable OpenLDAP libs 
(mainly without bugs in libldap) which in turn has to be linked to stable 
versions of OpenSSL (not gnu-tls like in Debian), cyrus-sasl and Kerberos 
libs. Well, that's the caveat of "standing on the shoulders of giants".

>> Please also note that always unbind_s() should be called. 
> 
> I thought unbind and unbind_s called the same method internally.  Do I need
> to change my calls to unbind_s?  Is that for clarity or is there an
> implementation difference?

You have to grab the result() for unbind(). AFAIK unbind_s() should not 
block. So you should try using it.

Ciao, Michael.

More information about the python-ldap mailing list