[python-ldap] Patch for ReconnectLDAPObject

Michael Ströder michael at stroeder.com
Mon Jul 8 19:20:50 CEST 2013 

Dylan Jay wrote:
>> What I see finally in the bug report is a
>> SERVER_DOWN: {'desc': "Can't contact LDAP server"}
>>
>> This can happen even with ReconnectLDAPObject. See parameters retry_max
>> and retry_delay of ReconnectLDAPObject.__init__():
>>
>> http://www.python-ldap.org/doc/html/ldap.html#ldap.ReconnectLDAPObject
 >
> The relevant code in LDAPUserFolder is
>
>              try:
>                  newconn = self._connect( conn_string
>                                         , user_dn
>                                         , user_pwd
>                                         , conn_timeout=server['conn_timeout']
>                                         , op_timeout=server['op_timeout']
>                                         )
>                  return newconn
>              except ( ldap.SERVER_DOWN
>                     , ldap.TIMEOUT
>                     , ldap.INVALID_CREDENTIALS
>                     ), e:
>                  continue
>
> where _connect has
>
>          # Set the connection timeout
>          if conn_timeout > 0:
>              connection.set_option(ldap.OPT_NETWORK_TIMEOUT, conn_timeout)
>
>          # Set the operations timeout
>          if op_timeout > 0:
>              connection.timeout = op_timeout
>
>          # Now bind with the credentials given. Let exceptions propagate out.
>          connection.simple_bind_s(user_dn, user_pwd)
>
>          return connection
>
>
>
> (see http://svn.dataflake.org/svn/Products.LDAPUserFolder/tags/2.20/Products/LDAPUserFolder/LDAPDelegate.py)

I assume for now the hanging during reconnect has been fixed by updating to 
python-ldap 2.4.13.

The really relevant code is:

try:
     c_factory = ldap.ldapobject.ReconnectLDAPObject
except AttributeError:
     c_factory = ldap.ldapobject.SimpleLDAPObject
[..]
         if not connection._type is c_factory:
             connection = c_factory(connection_string)

So you can see that because of the fall-back to SimpleLDAPObject (likely for 
backward compability to ancient python-ldap releases pre-dating 09/2002) 
retry_max and retry_delay are not set. So with current release it will try to 
reconnect only once.

Ciao, Michael.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2398 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20130708/78b41a82/attachment.bin>

More information about the python-ldap mailing list