Leaving a connection open
Michael Ströder
michael at stroeder.com
Fri Mar 28 01:05:48 CET 2008
Ron Teitelbaum wrote:
>
> I'm getting
> can't-contact-ldap-server errors that I thought this would help with. Note,
> I believe this is different from the server down error you are mentioning.
Believe me it's not different. ldap.SERVER_DOWN is the exact exception class
which you have to catch with except ldap.SERVER_DOWN. "Can't contact LDAP
server" is the descriptive text (diagnostic message) for that. Note that
this very same exception is raised if anything goes wrong with SSL/TLS and
cert checking but with another descriptive text coming from the underlying
SSL lib.
> How can I create the server_down error for testing?
Example for a connect to a non-existing server:
>>> l=ldap.initialize('ldap://localhost:1234')
>>> l.simple_bind_s('cn=root','blurb')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.6/site-packages/ldap/ldapobject.py", line 201, in
simple_bind_s
msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
File "/usr/lib/python2.6/site-packages/ldap/ldapobject.py", line 195, in
simple_bind
return
self._ldap_call(self._l.simple_bind,who,cred,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls))
File "/usr/lib/python2.6/site-packages/ldap/ldapobject.py", line 96, in
_ldap_call
result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}
>>>
> Would shutting off slapd cause this error (I assume),
Yes. That's how ReconnectLDAPObject was tested.
> We are assessing our production environment. For now we are staying with
> Python2.4.4, is python-ldap 2.3.1 stable with Python-2.4.4?
Provided python-ldap 2.3.1 was built from source it's stable. If you're
using a binary package for which the package maintainer applied a patch set
you have to ask the package maintainer.
Also note that stable means it has to be linked to stable OpenLDAP libs
(mainly without bugs in libldap) which in turn has to be linked to stable
versions of OpenSSL (not gnu-tls like in Debian), cyrus-sasl and Kerberos
libs. Well, that's the caveat of "standing on the shoulders of giants".
>> Please also note that always unbind_s() should be called.
>
> I thought unbind and unbind_s called the same method internally. Do I need
> to change my calls to unbind_s? Is that for clarity or is there an
> implementation difference?
You have to grab the result() for unbind(). AFAIK unbind_s() should not
block. So you should try using it.
Ciao, Michael.
More information about the python-ldap
mailing list