[python-ldap] Patch for ReconnectLDAPObject

Dylan Jay djay at pretaweb.com
Mon Jul 8 17:03:03 CEST 2013 

On 08/07/2013, at 5:33 PM, Michael Ströder <michael at stroeder.com> wrote:

> Dylan Jay wrote:
>> We've discovered either an issue with this patch or another issue with timeouts.
> 
> Which patch? Please be more precise.

http://mail.python.org/pipermail/python-ldap/2013q2/003253.html

> 
>> The details of how reproduce this are in the post by Maurits van Rees
>> 
>> https://bugs.launchpad.net/ldapuserfolder/+bug/650371
> 
> Hmm, I don't know anything about Zope. Nor do I have any knowledge about how LDAPUserFolder uses python-ldap. Maybe Jens can comment here.
> 
> I presume that if updating to 2.4.13 partially solves the issue it's related to recent changes for ReconnectLDAPObject. I think that Jonathan Giannuzzi's contribution helped since I could reproduce the problem before and his patch solved it.
> 
> What I see finally in the bug report is a
> SERVER_DOWN: {'desc': "Can't contact LDAP server"}
> 
> This can happen even with ReconnectLDAPObject. See parameters retry_max and retry_delay of ReconnectLDAPObject.__init__():
> 
> http://www.python-ldap.org/doc/html/ldap.html#ldap.ReconnectLDAPObject
> 
> Also note that only synchronous method calls are retried automagically. If LDAPUserFolder uses asynchronous calls, e.g. to make use of LDAPv3 extended response controls only returned by result3() and result4(), it has to handle ldap.SERVER_DOWN itself by invoking ReconnectLDAPObject.reconnect(ls.uri) and retry the code block.

The relevant code in LDAPUserFolder is

            try:
                newconn = self._connect( conn_string
                                       , user_dn
                                       , user_pwd
                                       , conn_timeout=server['conn_timeout']
                                       , op_timeout=server['op_timeout']
                                       )
                return newconn
            except ( ldap.SERVER_DOWN
                   , ldap.TIMEOUT
                   , ldap.INVALID_CREDENTIALS
                   ), e:
                continue

where _connect has

        # Set the connection timeout
        if conn_timeout > 0:
            connection.set_option(ldap.OPT_NETWORK_TIMEOUT, conn_timeout)

        # Set the operations timeout
        if op_timeout > 0:
            connection.timeout = op_timeout

        # Now bind with the credentials given. Let exceptions propagate out.
        connection.simple_bind_s(user_dn, user_pwd)

        return connection



(see http://svn.dataflake.org/svn/Products.LDAPUserFolder/tags/2.20/Products/LDAPUserFolder/LDAPDelegate.py)




> 
> Ciao, Michael.
> 
>

More information about the python-ldap mailing list