diff --git a/base/univention-lib/python/admember.py b/base/univention-lib/python/admember.py index 63ca270e35..f1ac172e68 100644 --- a/base/univention-lib/python/admember.py +++ b/base/univention-lib/python/admember.py @@ -608,7 +608,7 @@ def _server_supports_ssl(server): lo.start_tls_s() except ldap.UNAVAILABLE: return False - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): return False return True diff --git a/base/univention-pam/ldap-group-to-file.py b/base/univention-pam/ldap-group-to-file.py index 72d8640876..5953380494 100755 --- a/base/univention-pam/ldap-group-to-file.py +++ b/base/univention-pam/ldap-group-to-file.py @@ -108,7 +108,7 @@ if __name__ == '__main__': try: lo = univention.uldap.getMachineConnection(ldap_master=False) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Abort: Can't contact LDAP server." sys.exit(1) diff --git a/base/univention-python/modules/uldap.py b/base/univention-python/modules/uldap.py index c38d02132e..49f0983bde 100644 --- a/base/univention-python/modules/uldap.py +++ b/base/univention-python/modules/uldap.py @@ -127,7 +127,7 @@ def getBackupConnection(start_tls=2, decode_ignorelist=[], reconnect=True): # t port = int(ucr.get('ldap/master/port', '7389')) try: return access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn='cn=backup,' + ucr['ldap/base'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): if not ucr['ldap/backup']: raise backup = ucr['ldap/backup'].split(' ')[0] @@ -161,7 +161,7 @@ def getMachineConnection(start_tls=2, decode_ignorelist=[], ldap_master=True, se port = int(ucr.get('ldap/server/port', '7389')) try: return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect) - except ldap.SERVER_DOWN as exc: + except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: # ldap/server/name is down, try next server if not ucr.get('ldap/server/addition'): raise @@ -169,7 +169,7 @@ def getMachineConnection(start_tls=2, decode_ignorelist=[], ldap_master=True, se for server in servers.split(): try: return access(host=server, port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): pass raise exc @@ -179,7 +179,7 @@ class access: The low-level class to access a LDAP server. """ - def __init__(self, host='localhost', port=None, base='', binddn='', bindpw='', start_tls=2, ca_certfile=None, decode_ignorelist=[], use_ldaps=False, uri=None, follow_referral=False, reconnect=True): + def __init__(self, host='localhost', port=None, base='', binddn='', bindpw='', start_tls=2, ca_certfile=None, decode_ignorelist=[], use_ldaps=False, uri=None, follow_referral=False, reconnect=True, timeout=None): """start_tls = 0 (no); 1 (try); 2 (must)""" self.host = host self.base = base @@ -188,6 +188,8 @@ class access: self.start_tls = start_tls self.ca_certfile = ca_certfile self.reconnect = reconnect + self.timeout = timeout + self.port = int(port) if port else None @@ -275,6 +277,9 @@ class access: else: univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, 'establishing new connection') self.lo = ldap.initialize(self.uri, trace_stack_limit=None) + if self.timeout: + ldap.set_option(ldap.OPT_TIMEOUT, self.timeout) + ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, self.timeout) if ca_certfile: self.lo.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_certfile) diff --git a/base/univention-quota/quota.py b/base/univention-quota/quota.py index 2fdb25b64d..849ea69408 100644 --- a/base/univention-quota/quota.py +++ b/base/univention-quota/quota.py @@ -114,7 +114,7 @@ def _is_container(new, old): def _get_ldap_connection(): try: connection = univention.uldap.getMachineConnection(ldap_master=False) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): connection = univention.uldap.getMachineConnection() return connection diff --git a/management/univention-appcenter/conffiles/create_portal_entries.py b/management/univention-appcenter/conffiles/create_portal_entries.py index e3be9cfea4..5250e2ec3f 100644 --- a/management/univention-appcenter/conffiles/create_portal_entries.py +++ b/management/univention-appcenter/conffiles/create_portal_entries.py @@ -32,7 +32,7 @@ import re from ldap.dn import escape_dn_chars -from ldap import SERVER_DOWN +from ldap import SERVER_DOWN, TIMEOUT from base64 import b64encode from copy import copy from urlparse import urlsplit @@ -227,7 +227,7 @@ def _handler(ucr, changes): def handler(ucr, changes): try: _handler(ucr, changes) - except SERVER_DOWN: - portal_logger.error('LDAP server is not available.') + except (SERVER_DOWN, TIMEOUT) as exc: + portal_logger.error('LDAP server is not available (%s)' % exc.args[0]) except Exception: portal_logger.exception('Exception in UCR module create_portal_entries') diff --git a/management/univention-appcenter/python/appcenter/actions/credentials.py b/management/univention-appcenter/python/appcenter/actions/credentials.py index 703c82e7b3..d5c914d283 100644 --- a/management/univention-appcenter/python/appcenter/actions/credentials.py +++ b/management/univention-appcenter/python/appcenter/actions/credentials.py @@ -127,7 +127,7 @@ class CredentialsAction(UniventionAppAction): raise ConnectionFailedInvalidMachineCredentials() except ldap.CONNECT_ERROR as exc: raise ConnectionFailedConnectError(exc) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): raise ConnectionFailedServerDown() def _get_admin_connection(self): @@ -139,7 +139,7 @@ class CredentialsAction(UniventionAppAction): raise ConnectionFailedInvalidAdminCredentials() except ldap.CONNECT_ERROR as exc: raise ConnectionFailedConnectError(exc) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): raise ConnectionFailedServerDown() def _get_ldap_connection(self, args, allow_machine_connection=False, allow_admin_connection=True): @@ -175,7 +175,7 @@ class CredentialsAction(UniventionAppAction): return get_connection(userdn, password) except ldap.CONNECT_ERROR as exc: raise ConnectionFailedConnectError(exc) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): raise ConnectionFailedServerDown() except ldap.INVALID_CREDENTIALS: time.sleep(0.1) diff --git a/management/univention-directory-listener/src/notifier.c b/management/univention-directory-listener/src/notifier.c index 45082395eb..e598ea304e 100644 --- a/management/univention-directory-listener/src/notifier.c +++ b/management/univention-directory-listener/src/notifier.c @@ -184,7 +184,7 @@ int notifier_listen(univention_ldap_parameters_t *lp, bool write_transaction_fil to reconnect */ while ((rv = change_update_dn(&trans)) != LDAP_SUCCESS) { univention_debug(UV_DEBUG_LISTENER, UV_DEBUG_ERROR, "change_update_dn failed: %d", rv); - if (rv == LDAP_SERVER_DOWN) + if (rv == LDAP_SERVER_DOWN || rv == LDAP_TIMEOUT) if ((rv = connect_to_ldap(trans.lp)) == 0) continue; goto out; diff --git a/management/univention-directory-listener/src/utils.h b/management/univention-directory-listener/src/utils.h index c139b9dc3a..2b0ed118c0 100644 --- a/management/univention-directory-listener/src/utils.h +++ b/management/univention-directory-listener/src/utils.h @@ -41,7 +41,7 @@ extern int get_ldap_retries(); ldap_retries = get_ldap_retries(); \ do { \ _rv = (cmd); \ - if (_rv != LDAP_SERVER_DOWN) \ + if (_rv != LDAP_SERVER_DOWN && _rv != LDAP_TIMEOUT) \ break; \ while (_retry < ldap_retries && univention_ldap_open(lp) != LDAP_SUCCESS) \ sleep(1 << (_retry++ % 6)); \ diff --git a/management/univention-directory-manager-modules/modules/univention/admin/syntax.py b/management/univention-directory-manager-modules/modules/univention/admin/syntax.py index d2fc3d563d..63e3efc0d0 100644 --- a/management/univention-directory-manager-modules/modules/univention/admin/syntax.py +++ b/management/univention-directory-manager-modules/modules/univention/admin/syntax.py @@ -1817,7 +1817,7 @@ class ldapFilter(simple): lo.search_ext_s('', ldap.SCOPE_BASE, text) except ldap.FILTER_ERROR: raise univention.admin.uexceptions.valueError(_('Not a valid LDAP search filter')) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): pass finally: lo.unbind() diff --git a/management/univention-directory-manager-modules/modules/univention/admin/uldap.py b/management/univention-directory-manager-modules/modules/univention/admin/uldap.py index 23665817dc..570844ae5d 100644 --- a/management/univention-directory-manager-modules/modules/univention/admin/uldap.py +++ b/management/univention-directory-manager-modules/modules/univention/admin/uldap.py @@ -135,7 +135,7 @@ def getBaseDN(host='localhost', port=None, uri=None): # type: (str, Optional[in lo = ldap.ldapobject.ReconnectLDAPObject(uri, trace_stack_limit=None) result = lo.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ['NamingContexts']) return result[0][1]['namingContexts'][0] - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): time.sleep(60) lo = ldap.ldapobject.ReconnectLDAPObject(uri, trace_stack_limit=None) result = lo.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ['NamingContexts']) @@ -498,7 +498,7 @@ class access: def start_tls(self): return self.lo.start_tls - def __init__(self, host='localhost', port=None, base='', binddn='', bindpw='', start_tls=2, lo=None, follow_referral=False): + def __init__(self, host='localhost', port=None, base='', binddn='', bindpw='', start_tls=2, lo=None, follow_referral=False, timeout=None): """ :param str host: The hostname of the LDAP server. :param int port: The TCP port number of the LDAP server. @@ -506,9 +506,7 @@ class access: :param str binddn: The distinguished name of the account. :param str bindpw: The user password for simple authentication. :param int start_tls: Negotiate TLS with server. If `2` is given, the command will require the operation to be successful. - :param univention.uldap.access: Low-level - - :param str uri: A complete LDAP URI. + :param univention.uldap.access lo: Low-level """ if lo: self.lo = lo @@ -516,7 +514,7 @@ class access: if not port: port = int(configRegistry.get('ldap/server/port', 7389)) try: - self.lo = univention.uldap.access(host, port, base, binddn, bindpw, start_tls, follow_referral=follow_referral) + self.lo = univention.uldap.access(host, port, base, binddn, bindpw, start_tls, follow_referral=follow_referral, timeout=timeout) except ldap.INVALID_CREDENTIALS: raise univention.admin.uexceptions.authFail(_("Authentication failed")) except ldap.UNWILLING_TO_PERFORM: diff --git a/management/univention-directory-manager-modules/modules/univention/admincli/admin.py b/management/univention-directory-manager-modules/modules/univention/admincli/admin.py index 9273e7422e..650b0f3873 100755 --- a/management/univention-directory-manager-modules/modules/univention/admincli/admin.py +++ b/management/univention-directory-manager-modules/modules/univention/admincli/admin.py @@ -396,7 +396,7 @@ def doit(arglist): out = [] try: out = _doit(arglist) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): return out + ["E: The LDAP Server is currently not available.", "OPERATION FAILED"] except univention.admin.uexceptions.base, e: univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, traceback.format_exc()) diff --git a/management/univention-directory-manager-modules/scripts/convert-user-base64-photos b/management/univention-directory-manager-modules/scripts/convert-user-base64-photos index 906f824daa..052f480636 100755 --- a/management/univention-directory-manager-modules/scripts/convert-user-base64-photos +++ b/management/univention-directory-manager-modules/scripts/convert-user-base64-photos @@ -112,6 +112,6 @@ if __name__ == '__main__': # action! try: run(args[0], verbose=options.verbose) - except ldap.SERVER_DOWN as e: + except (ldap.SERVER_DOWN, ldap.TIMEOUT) as e: print >>sys.stderr, 'ERROR: could not contact LDAP server: %s' % e sys.exit(1) diff --git a/management/univention-management-console/src/univention/management/console/base.py b/management/univention-management-console/src/univention/management/console/base.py index e198a10152..b535634e8a 100644 --- a/management/univention-management-console/src/univention/management/console/base.py +++ b/management/univention-management-console/src/univention/management/console/base.py @@ -296,7 +296,7 @@ class Base(signals.Provider, Translation): exc = exc.original_exception if isinstance(exc, udm_errors.ldapError) and isinstance(getattr(exc, 'original_exception', None), ldap.INVALID_CREDENTIALS): exc = exc.original_exception - if isinstance(exc, ldap.SERVER_DOWN): + if isinstance(exc, ldap.SERVER_DOWN) or isinstance(exc, ldap.TIMEOUT): raise LDAP_ServerDown() if isinstance(exc, ldap.CONNECT_ERROR): raise LDAP_ConnectionFailed(exc) diff --git a/services/univention-ad-connector/modules/univention/connector/__init__.py b/services/univention-ad-connector/modules/univention/connector/__init__.py index 08c1e2bbd6..d7be476d5f 100644 --- a/services/univention-ad-connector/modules/univention/connector/__init__.py +++ b/services/univention-ad-connector/modules/univention/connector/__init__.py @@ -119,7 +119,7 @@ def dictonary_lowercase(dict): else: try: # should be string return dict.lower() - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? pass @@ -131,7 +131,7 @@ def compare_lowercase(val1, val2): return True else: return False - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? return False @@ -478,7 +478,7 @@ class ucs: ud.debug(ud.LDAP, ud.INFO, 'Lost connection to the LDAP server. Trying to reconnect ...') try: self.open_ucs() - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): ud.debug(ud.LDAP, ud.INFO, 'LDAP-Server seems to be down') raise search_exception @@ -487,7 +487,7 @@ class ucs: if '%s/debug/function' % self.CONFIGBASENAME in self.baseConfig: try: function_level = int(self.baseConfig['%s/debug/function' % self.CONFIGBASENAME]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? function_level = 0 @@ -615,7 +615,7 @@ class ucs: try: ret.append((self._decode_dn_from_config_option(d1), self._decode_dn_from_config_option(self._get_config_option(config_space, d1)))) return_update = True - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? count = count + 1 @@ -753,7 +753,7 @@ class ucs: change_type = "add" old_dn = '' # there may be an old_dn if object was moved from ignored container ud.debug(ud.LDAP, ud.INFO, "__sync_file_from_ucs: objected was added") - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # the ignore_object method might throw an exception if the subschema will be synced @@ -784,7 +784,7 @@ class ucs: return False else: return True - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._save_rejected_ucs(filename, dn) @@ -835,7 +835,7 @@ class ucs: ucs_object = univention.admin.objects.get(module, co=None, lo=self.lo, position='', dn=searchdn) ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object found: %s" % searchdn) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object search failed: %s" % searchdn) @@ -906,7 +906,7 @@ class ucs: pass self._remove_rejected_ucs(filename) change_counter += 1 - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._save_rejected_ucs(filename, dn) @@ -988,7 +988,7 @@ class ucs: for i in [0, 1]: # do it twice if the LDAP connection was closed try: sync_successfull = self.__sync_file_from_ucs(filename, traceback_level=traceback_level) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): # once again, ldap idletimeout ... if i == 0: self.open_ucs() @@ -1202,7 +1202,7 @@ class ucs: return True else: ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object from %s to %s" % (object['olddn'], object['dn'])) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object in UCS") @@ -1277,7 +1277,7 @@ class ucs: if not self.sync_to_ucs(key, subobject, object_mapping['dn']): try: ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed") @@ -1380,7 +1380,7 @@ class ucs: except univention.admin.uexceptions.valueMayNotChange, msg: ud.debug(ud.LDAP, ud.ERROR, "Value may not change: %s (%s)" % (msg, object['dn'])) return False - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): # LDAP idletimeout? try once again if retry: self.open_ucs() @@ -1468,7 +1468,7 @@ class ucs: return True else: return False - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: ud.debug(ud.LDAP, ud.WARN, "attribute_filter: Failed to convert attributes for bitwise filter") diff --git a/services/univention-ad-connector/modules/univention/connector/ad/__init__.py b/services/univention-ad-connector/modules/univention/connector/ad/__init__.py index 02f1293f37..0f0cfe0866 100644 --- a/services/univention-ad-connector/modules/univention/connector/ad/__init__.py +++ b/services/univention-ad-connector/modules/univention/connector/ad/__init__.py @@ -161,7 +161,7 @@ def encode_ad_object(ad_object): else: try: ad_object[key] = encode_attriblist(ad_object[key]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.WARN, "encode_ad_object: encode attrib %s failed, ignored!" % key) @@ -1061,7 +1061,7 @@ class ad(univention.connector.ucs): except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.INFO, "get_object: got object: ") return encode_ad_object(ad_object) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? pass @@ -1164,7 +1164,7 @@ class ad(univention.connector.ucs): else: # Every object has got a uSNCreated returnObjects = search_ad_changes_by_attribute('uSNCreated', lastUSN + 1) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except ldap.SIZELIMIT_EXCEEDED: # The LDAP control page results was not sucessful. Without this control @@ -1580,7 +1580,7 @@ class ad(univention.connector.ucs): ad_members_from_ucs.append(ad_dn.lower()) self.group_mapping_cache_ucs[member_dn.lower()] = ad_dn self.__group_cache_ucs_append_member(object_ucs['dn'], member_dn) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: failed to get dn from ad, assume object doesn't exist") @@ -1601,7 +1601,7 @@ class ad(univention.connector.ucs): elif self._ignore_object(key, {'dn': member_dn, 'attributes': ad_object}): ad_members_from_ucs.append(member_dn.lower()) ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: Object ignored in AD [%s], key = [%s]" % (ucs_dn, key)) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._debug_traceback(ud.INFO, "group_members_sync_from_ucs: failed to get dn from ad which is groupmember") @@ -1672,7 +1672,7 @@ class ad(univention.connector.ucs): try: self.lo_ad.lo.modify_s(compatible_modstring(object['dn']), [(ldap.MOD_REPLACE, 'member', modlist_members)]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.WARN, "group_members_sync_from_ucs: failed to sync members: (%s,%s)" % (object['dn'], [(ldap.MOD_REPLACE, 'member', modlist_members)])) @@ -1849,7 +1849,7 @@ class ad(univention.connector.ucs): self.__group_cache_con_append_member(ad_object['dn'], member_dn) else: ud.debug(ud.LDAP, ud.INFO, "Failed to find %s via self.lo.get" % ucs_dn) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.INFO, "group_members_sync_to_ucs: failed to get dn from ucs, assume object doesn't exist") @@ -1882,7 +1882,7 @@ class ad(univention.connector.ucs): ucs_members_from_ad[k].append(member_dn.lower()) break - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._debug_traceback(ud.INFO, "group_members_sync_to_ucs: failed to get dn from ucs which is groupmember") @@ -2109,7 +2109,7 @@ class ad(univention.connector.ucs): sync_successfull = self.sync_to_ucs(property_key, mapped_object, dn) else: sync_successfull = True - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._debug_traceback(ud.ERROR, "sync of rejected object failed \n\t%s" % (object['dn'])) @@ -2119,7 +2119,7 @@ class ad(univention.connector.ucs): self._remove_rejected(id) self.__update_lastUSN(object) self._set_DN_for_GUID(elements[0][1]['objectGUID'][0], elements[0][0]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except Exception: self._debug_traceback(ud.ERROR, "unexpected Error during ad.resync_rejected") @@ -2138,7 +2138,7 @@ class ad(univention.connector.ucs): changes = [] try: changes = self.__search_ad_changes(show_deleted=show_deleted) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._debug_traceback(ud.WARN, "Exception during search_ad_changes") @@ -2195,7 +2195,7 @@ class ad(univention.connector.ucs): sync_successfull = self.sync_to_ucs(property_key, mapped_object, object['dn']) else: sync_successfull = True - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except univention.admin.uexceptions.ldapError, msg: ud.debug(ud.LDAP, ud.INFO, "Exception during poll with message (1) %s" % msg) @@ -2222,7 +2222,7 @@ class ad(univention.connector.ucs): try: GUID = old_element[1]['objectGUID'][0] self._set_DN_for_GUID(GUID, old_element[0]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._debug_traceback(ud.WARN, "Exception during set_DN_for_GUID") @@ -2286,7 +2286,7 @@ class ad(univention.connector.ucs): # the old object was moved in UCS, but does this object exist in AD? try: old_object = self.lo_ad.get(compatible_modstring(old_dn)) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: old_object = None @@ -2553,7 +2553,7 @@ class ad(univention.connector.ucs): if not self.sync_from_ucs(key, subobject, object_mapping['dn']): try: ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed") diff --git a/services/univention-ad-connector/modules/univention/connector/ad/main.py b/services/univention-ad-connector/modules/univention/connector/ad/main.py index a47967e498..31bdefc7a9 100755 --- a/services/univention-ad-connector/modules/univention/connector/ad/main.py +++ b/services/univention-ad-connector/modules/univention/connector/ad/main.py @@ -191,7 +191,7 @@ def connect(): baseConfig['%s/ad/listener/dir' % CONFIGBASENAME] ) ad_init = True - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Warning: Can't initialize LDAP-Connections, wait..." sys.stdout.flush() time.sleep(poll_sleep) @@ -204,7 +204,7 @@ def connect(): try: ad.initialize_ucs() ucs_init = True - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Can't contact LDAP server during ucs-poll, sync not possible." sys.stdout.flush() time.sleep(poll_sleep) @@ -215,7 +215,7 @@ def connect(): try: ad.initialize() ad_init = True - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Can't contact LDAP server during ucs-poll, sync not possible." sys.stdout.flush() time.sleep(poll_sleep) @@ -239,7 +239,7 @@ def connect(): continue else: break - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Can't contact LDAP server during ucs-poll, sync not possible." connected = False sys.stdout.flush() @@ -255,7 +255,7 @@ def connect(): continue else: break - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Can't contact LDAP server during ad-poll, sync not possible." connected = False sys.stdout.flush() @@ -268,7 +268,7 @@ def connect(): retry_rejected = 0 else: retry_rejected += 1 - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Can't contact LDAP server during resync rejected, sync not possible." connected = False sys.stdout.flush() diff --git a/services/univention-ad-connector/scripts/make-deleted-objects-readable-for-this-machine b/services/univention-ad-connector/scripts/make-deleted-objects-readable-for-this-machine index 04a1043727..49b1b30dcd 100755 --- a/services/univention-ad-connector/scripts/make-deleted-objects-readable-for-this-machine +++ b/services/univention-ad-connector/scripts/make-deleted-objects-readable-for-this-machine @@ -171,7 +171,7 @@ class AD_DSACL_modifier(): self.ucr['%s/ad/ldap/certificate' % CONFIGBASENAME] ) ad_init = True - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Warning: Can't initialize LDAP-Connections, wait..." sys.stdout.flush() time.sleep(poll_sleep) diff --git a/services/univention-ad-connector/scripts/well-known-sid-object-rename b/services/univention-ad-connector/scripts/well-known-sid-object-rename index 665edc6cd0..9033894766 100755 --- a/services/univention-ad-connector/scripts/well-known-sid-object-rename +++ b/services/univention-ad-connector/scripts/well-known-sid-object-rename @@ -184,7 +184,7 @@ class Well_Known_SID_object_renamer(): self.ucr['%s/ad/ldap/certificate' % CONFIGBASENAME] ) ad_init = True - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Warning: Can't initialize LDAP-Connections, wait..." sys.stdout.flush() time.sleep(poll_sleep) diff --git a/services/univention-radius/usr/bin/univention-radius-check-access b/services/univention-radius/usr/bin/univention-radius-check-access index 3efc07f34b..a99d5c8ec2 100644 --- a/services/univention-radius/usr/bin/univention-radius-check-access +++ b/services/univention-radius/usr/bin/univention-radius-check-access @@ -37,7 +37,7 @@ from univention.networkaccess import traceStationWhitelist import optparse import sys import univention.uldap -from ldap import SERVER_DOWN +from ldap import SERVER_DOWN, TIMEOUT def main(): @@ -49,7 +49,7 @@ def main(): try: # try ldap/server/name, then each of ldap/server/addition ldapConnection = univention.uldap.getMachineConnection(ldap_master=False, reconnect=False) - except SERVER_DOWN: + except (SERVER_DOWN, TIMEOUT): # then master dc ldapConnection = univention.uldap.getMachineConnection() exitCode = 0 diff --git a/services/univention-radius/usr/bin/univention-radius-ntlm-auth b/services/univention-radius/usr/bin/univention-radius-ntlm-auth index b302cd2f6f..c1f4668a2f 100644 --- a/services/univention-radius/usr/bin/univention-radius-ntlm-auth +++ b/services/univention-radius/usr/bin/univention-radius-ntlm-auth @@ -37,7 +37,7 @@ import optparse import sys import univention.pyMsChapV2 as pyMsChapV2 import univention.uldap -from ldap import SERVER_DOWN +from ldap import SERVER_DOWN, TIMEOUT def main(): @@ -74,7 +74,7 @@ def main(): try: # try ldap/server/name, then each of ldap/server/addition ldapConnection = univention.uldap.getMachineConnection(ldap_master=False, reconnect=False) - except SERVER_DOWN: + except (SERVER_DOWN, TIMEOUT): # then master dc ldapConnection = univention.uldap.getMachineConnection() PasswordHash = getNTPasswordHash(ldapConnection, options.Username, stationId) diff --git a/services/univention-s4-connector/modules/univention/s4connector/__init__.py b/services/univention-s4-connector/modules/univention/s4connector/__init__.py index a1ef180c33..2e9b1a191a 100644 --- a/services/univention-s4-connector/modules/univention/s4connector/__init__.py +++ b/services/univention-s4-connector/modules/univention/s4connector/__init__.py @@ -136,7 +136,7 @@ def dictonary_lowercase(dict): else: try: # should be string return dict.lower() - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? pass @@ -152,7 +152,7 @@ def compare_lowercase(val1, val2): return True else: return False - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? return False @@ -533,8 +533,8 @@ class ucs: self.open_ucs() result = self.lo.search(filter=filter, base=base, scope=scope, attr=attr, unique=unique, required=required, timeout=timeout, sizelimit=sizelimit) return result - except ldap.SERVER_DOWN, e: - ud.debug(ud.LDAP, ud.INFO, 'LDAP-Server seems to be down') + except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: + ud.debug(ud.LDAP, ud.INFO, 'LDAP-Server seems to be down (%s)' % exc.args[0]) raise search_exception def init_debug(self): @@ -542,7 +542,7 @@ class ucs: if '%s/debug/function' % self.CONFIGBASENAME in self.baseConfig: try: function_level = int(self.baseConfig['%s/debug/function' % self.CONFIGBASENAME]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? function_level = 0 @@ -707,7 +707,7 @@ class ucs: try: ret.append((self._decode_dn_from_config_option(d1), self._decode_dn_from_config_option(self._get_config_option(config_space, d1)))) return_update = True - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? count = count + 1 @@ -868,7 +868,7 @@ class ucs: change_type = "add" old_dn = '' # there may be an old_dn if object was moved from ignored container ud.debug(ud.LDAP, ud.INFO, "__sync_file_from_ucs: object was added: %s" % dn) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # the ignore_object method might throw an exception if the subschema will be synced @@ -900,7 +900,7 @@ class ucs: return False else: return True - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except ldap.NO_SUCH_OBJECT: self._save_rejected_ucs(filename, dn) @@ -937,7 +937,7 @@ class ucs: return None except ldap.INVALID_SYNTAX: return None - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): self.open_ucs() continue @@ -957,7 +957,7 @@ class ucs: return None except ldap.INVALID_SYNTAX: return None - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): self.open_ucs() continue @@ -986,7 +986,7 @@ class ucs: ucs_object = univention.admin.objects.get(module, co=None, lo=self.lo, position='', dn=searchdn) ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object found: %s" % searchdn) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object search failed: %s" % searchdn) @@ -1057,7 +1057,7 @@ class ucs: pass self._remove_rejected_ucs(filename) change_counter += 1 - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._save_rejected_ucs(filename, dn) @@ -1118,7 +1118,7 @@ class ucs: for i in [0, 1]: # do it twice if the LDAP connection was closed try: sync_successfull = self.__sync_file_from_ucs(filename, traceback_level=traceback_level) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): # once again, ldap idletimeout ... if i == 0: self.open_ucs() @@ -1381,7 +1381,7 @@ class ucs: return True else: ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object from %s to %s" % (object['olddn'], object['dn'])) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object in UCS") @@ -1475,7 +1475,7 @@ class ucs: if not self.sync_to_ucs(key, subobject_ucs, back_mapped_subobject['dn'], object): try: ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed") @@ -1508,7 +1508,7 @@ class ucs: try: ud.debug(ud.LDAP, ud.PROCESS, 'sync to ucs: [%14s] [%10s] %s' % (property_type, object['modtype'], object['dn'])) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.PROCESS, 'sync to ucs...') @@ -1610,7 +1610,7 @@ class ucs: ud.debug(ud.LDAP, ud.INFO, "Call post_ucs_modify_functions: %s" % f) f(self, property_type, object) ud.debug(ud.LDAP, ud.INFO, "Call post_ucs_modify_functions: %s (done)" % f) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._debug_traceback(ud.ERROR, "failed in post_con_modify_functions") @@ -1633,7 +1633,7 @@ class ucs: except univention.admin.uexceptions.valueMayNotChange, msg: ud.debug(ud.LDAP, ud.ERROR, "Value may not change: %s (%s)" % (msg, object['dn'])) return False - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._debug_traceback(ud.ERROR, "Unknown Exception during sync_to_ucs") @@ -1716,7 +1716,7 @@ class ucs: return True else: return False - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: ud.debug(ud.LDAP, ud.WARN, "attribute_filter: Failed to convert attributes for bitwise filter") diff --git a/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py b/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py index ba9d456dee..f16026f684 100644 --- a/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py +++ b/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py @@ -192,7 +192,7 @@ def encode_s4_object(s4_object): else: try: s4_object[key] = encode_attriblist(s4_object[key]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.WARN, "encode_s4_object: encode attrib %s failed, ignored!" % key) @@ -1123,7 +1123,7 @@ class s4(univention.s4connector.ucs): except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.INFO, "get_object: got object: ") return dn - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): if i == 0: self.open_s4() continue @@ -1191,7 +1191,7 @@ class s4(univention.s4connector.ucs): except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.INFO, "get_object: got object: ") return encode_s4_object(s4_object) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): if i == 0: self.open_s4() continue @@ -1320,7 +1320,7 @@ class s4(univention.s4connector.ucs): else: # Every object has got a uSNCreated returnObjects = search_s4_changes_by_attribute('uSNCreated', lastUSN + 1) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except ldap.SIZELIMIT_EXCEEDED: # The LDAP control page results was not sucessful. Without this control @@ -1735,7 +1735,7 @@ class s4(univention.s4connector.ucs): s4_members_from_ucs.add(s4_dn.lower()) self.group_member_mapping_cache_ucs[member_dn.lower()] = s4_dn self.__group_cache_ucs_append_member(object_ucs_dn, member_dn) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: failed to get S4 dn for UCS group member %s, assume object doesn't exist" % member_dn) @@ -1759,7 +1759,7 @@ class s4(univention.s4connector.ucs): ## Keep the member in Samba/AD if it's also present in OpenLDAP but ignored in synchronization? s4_members_from_ucs.add(member_dn.lower()) ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: Object ignored in S4 [%s], key = [%s]" % (ucs_dn, mo_key)) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._debug_traceback(ud.INFO, "group_members_sync_from_ucs: failed to get UCS dn for S4 group member %s" % member_dn) @@ -1826,7 +1826,7 @@ class s4(univention.s4connector.ucs): ud.debug(ud.LDAP, ud.ALL, "group_members_sync_from_ucs: modlist: %s" % modlist_members) try: self.lo_s4.lo.modify_s(compatible_modstring(object['dn']), [(ldap.MOD_REPLACE, 'member', modlist_members)]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.WARN, "group_members_sync_from_ucs: failed to sync members: (%s,%s)" % (object['dn'], [(ldap.MOD_REPLACE, 'member', modlist_members)])) @@ -2013,7 +2013,7 @@ class s4(univention.s4connector.ucs): self.__group_cache_con_append_member(s4_object_dn, member_dn) else: ud.debug(ud.LDAP, ud.INFO, "Failed to find %s via self.lo.get" % ucs_dn) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.INFO, "group_members_sync_to_ucs: failed to get UCS dn for S4 group member %s, assume object doesn't exist" % member_dn) @@ -2047,7 +2047,7 @@ class s4(univention.s4connector.ucs): ucs_members_from_s4[k].append(member_dn_lower) break - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._debug_traceback(ud.INFO, "group_members_sync_to_ucs: failed to get S4 dn for UCS group member %s" % member_dn) @@ -2254,7 +2254,7 @@ class s4(univention.s4connector.ucs): sync_successfull = self.sync_to_ucs(property_key, mapped_object, dn, object) else: sync_successfull = True - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._debug_traceback(ud.ERROR, "sync of rejected object failed \n\t%s" % (object['dn'])) @@ -2264,7 +2264,7 @@ class s4(univention.s4connector.ucs): self._remove_rejected(id) self.__update_lastUSN(object) self._set_DN_for_GUID(elements[0][1]['objectGUID'][0], elements[0][0]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except Exception, msg: self._debug_traceback(ud.ERROR, "unexpected Error during s4.resync_rejected") @@ -2282,7 +2282,7 @@ class s4(univention.s4connector.ucs): changes = [] try: changes = self.__search_s4_changes(show_deleted=show_deleted) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._debug_traceback(ud.WARN, "Exception during search_s4_changes") @@ -2299,7 +2299,7 @@ class s4(univention.s4connector.ucs): # Check if the connection to UCS ldap exists. Otherwise re-create the session. try: self.search_ucs(scope=ldap.SCOPE_BASE) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): ud.debug(ud.LDAP, ud.INFO, "UCS LDAP connection was closed, re-open the connection.") self.open_ucs() @@ -2346,7 +2346,7 @@ class s4(univention.s4connector.ucs): sync_successfull = self.sync_to_ucs(property_key, mapped_object, object['dn'], object) else: sync_successfull = True - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): ud.debug(ud.LDAP, ud.ERROR, "Got server downn during sync, re-open ucs and s4 the connection") time.sleep(1) self.open_ucs() @@ -2378,7 +2378,7 @@ class s4(univention.s4connector.ucs): try: GUID = old_element[1]['objectGUID'][0] self._set_DN_for_GUID(GUID, old_element[0]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? self._debug_traceback(ud.WARN, "Exception during set_DN_for_GUID") @@ -2446,7 +2446,7 @@ class s4(univention.s4connector.ucs): # the old object was moved in UCS, but does this object exist in S4? try: old_object = self.lo_s4.lo.search_ext_s(compatible_modstring(old_dn), ldap.SCOPE_BASE, 'objectClass=*', timeout=-1, sizelimit=0) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: old_object = None @@ -2812,7 +2812,7 @@ class s4(univention.s4connector.ucs): if not self.sync_from_ucs(key, subobject_s4, back_mapped_subobject['dn']): try: ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0]) - except (ldap.SERVER_DOWN, SystemExit): + except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): raise except: # FIXME: which exception is to be caught? ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed") diff --git a/services/univention-s4-connector/modules/univention/s4connector/s4/main.py b/services/univention-s4-connector/modules/univention/s4connector/s4/main.py index 7af084ce9d..26ec609e57 100755 --- a/services/univention-s4-connector/modules/univention/s4connector/s4/main.py +++ b/services/univention-s4-connector/modules/univention/s4connector/s4/main.py @@ -166,7 +166,7 @@ def connect(): baseConfig['%s/s4/listener/dir' % CONFIGBASENAME] ) s4_init = True - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Warning: Can't initialize LDAP-Connections, wait..." sys.stdout.flush() time.sleep(poll_sleep) @@ -179,7 +179,7 @@ def connect(): try: s4.initialize_ucs() ucs_init = True - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Can't contact LDAP server during ucs-poll, sync not possible." sys.stdout.flush() time.sleep(poll_sleep) @@ -190,7 +190,7 @@ def connect(): try: s4.initialize() s4_init = True - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Can't contact LDAP server during ucs-poll, sync not possible." sys.stdout.flush() time.sleep(poll_sleep) @@ -214,7 +214,7 @@ def connect(): continue else: break - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Can't contact LDAP server during ucs-poll, sync not possible." connected = False sys.stdout.flush() @@ -230,7 +230,7 @@ def connect(): continue else: break - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Can't contact LDAP server during s4-poll, sync not possible." connected = False sys.stdout.flush() @@ -243,7 +243,7 @@ def connect(): retry_rejected = 0 else: retry_rejected += 1 - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "Can't contact LDAP server during resync rejected, sync not possible." connected = False sys.stdout.flush() diff --git a/services/univention-s4-connector/scripts/adjust_obsolete_gpo_and_wmi_rejects b/services/univention-s4-connector/scripts/adjust_obsolete_gpo_and_wmi_rejects index 23ef091298..71b212e387 100755 --- a/services/univention-s4-connector/scripts/adjust_obsolete_gpo_and_wmi_rejects +++ b/services/univention-s4-connector/scripts/adjust_obsolete_gpo_and_wmi_rejects @@ -230,7 +230,7 @@ def connect(): configRegistry['%s/s4/ldap/certificate' % CONFIGBASENAME], configRegistry['%s/s4/listener/dir' % CONFIGBASENAME] ) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "ERROR: Can't initialize LDAP-Connections." raise diff --git a/services/univention-s4-connector/sync_krbtgt b/services/univention-s4-connector/sync_krbtgt index 1f1d0e36bc..49b21ec36f 100755 --- a/services/univention-s4-connector/sync_krbtgt +++ b/services/univention-s4-connector/sync_krbtgt @@ -92,9 +92,9 @@ class S4: try: self.lo_s4 = univention.uldap.access(host=ldap_host_s4, port=ldap_port_s4, base=self.ldap_base_s4, binddn=ldap_binddn_s4, bindpw=ldap_bindpw_s4, start_tls=tls_mode, ca_certfile=ldap_certificate_s4, decode_ignorelist=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord', 'member', 'unicodePwd'], uri=ldap_uri_s4) self.lo_s4.lo.set_option(ldap.OPT_REFERRALS, 0) - except ldap.SERVER_DOWN: - print "Can't initialize Samba4 LDAP connection" - raise ldap.SERVER_DOWN + except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: + print "Can't initialize Samba4 LDAP connection (%s)" % exc.args[0] + raise def open_ucs(self, binddn, bindpwd): if not binddn: @@ -110,9 +110,9 @@ class S4: try: self.lo = univention.admin.uldap.access(host=self.ucr['ldap/master'], base=self.ucr['ldap/base'], binddn=binddn, bindpw=bindpwd, start_tls=2) - except ldap.SERVER_DOWN: - print "Can't initialize UCS LDAP connection" - raise ldap.SERVER_DOWN + except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: + print "Can't initialize UCS LDAP connection (%s)" % exc.args[0] + raise def _object_mapping(self, key, object, connection): return key @@ -135,9 +135,9 @@ class S4: ud.debug(ud.LDAP, ud.PROCESS, "The Samba4 user (krbtgt) was not found.") print "The Samba4 user (krbtgt) was not found." return - except ldap.SERVER_DOWN: - print "Can't initialize Samba4 LDAP connection" - raise ldap.SERVER_DOWN + except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: + print "Can't initialize Samba4 LDAP connection (%s)" % exc.args[0] + raise if not res_s4: ud.debug(ud.LDAP, ud.PROCESS, " The Samba4 user (krbtgt) was not found." % username) print "\nThe Samba4 user (krbtgt) was not found." % username @@ -194,7 +194,7 @@ def main(): try: s4 = S4(options.ucrbase, options.binddn, options.bindpwd) s4.sync_password() - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): sys.exit(1) diff --git a/services/univention-s4-connector/univention-password_sync_ucs_to_s4 b/services/univention-s4-connector/univention-password_sync_ucs_to_s4 index 4430149a0a..54720c507b 100644 --- a/services/univention-s4-connector/univention-password_sync_ucs_to_s4 +++ b/services/univention-s4-connector/univention-password_sync_ucs_to_s4 @@ -92,9 +92,9 @@ class S4: try: self.lo_s4 = univention.uldap.access(host=ldap_host_s4, port=ldap_port_s4, base=self.ldap_base_s4, binddn=ldap_binddn_s4, bindpw=ldap_bindpw_s4, start_tls=tls_mode, ca_certfile=ldap_certificate_s4, decode_ignorelist=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord', 'member', 'unicodePwd'], uri=ldap_uri_s4) self.lo_s4.lo.set_option(ldap.OPT_REFERRALS, 0) - except ldap.SERVER_DOWN: - print "Can't initialize Samba4 LDAP connection" - raise ldap.SERVER_DOWN + except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: + print "Can't initialize Samba4 LDAP connection (%s)" % exc.args[0] + raise def open_ucs(self, binddn, bindpwd): if not binddn: @@ -110,9 +110,9 @@ class S4: try: self.lo = univention.admin.uldap.access(host=self.ucr['ldap/master'], base=self.ucr['ldap/base'], binddn=binddn, bindpw=bindpwd, start_tls=2) - except ldap.SERVER_DOWN: - print "Can't initialize UCS LDAP connection" - raise ldap.SERVER_DOWN + except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: + print "Can't initialize UCS LDAP connection (%s)" % exc.args[0] + raise def _object_mapping(self, key, object, connection): return key @@ -137,9 +137,9 @@ class S4: ud.debug(ud.LDAP, ud.PROCESS, "password_ucs_to_s4: The Samba4 user (%s) was not found." % username) print "password_ucs_to_s4: The Samba4 user (%s) was not found." % username return - except ldap.SERVER_DOWN: - print "Can't initialize Samba4 LDAP connection" - raise ldap.SERVER_DOWN + except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: + print "Can't initialize Samba4 LDAP connection (%s)" % exc.args[0] + raise if not res: ud.debug(ud.LDAP, ud.PROCESS, "password_ucs_to_s4: The Samba4 user (%s) was not found." % username) print "\npassword_ucs_to_s4: The Samba4 user (%s) was not found." % username @@ -167,7 +167,7 @@ def main(): try: s4 = S4(options.ucrbase, options.binddn, options.bindpwd) s4.sync_password(args[0]) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): sys.exit(1) diff --git a/test/ucs-test/tests/10_ldap/25reconnect_uldap b/test/ucs-test/tests/10_ldap/25reconnect_uldap index 308c3afa07..a5094a9a33 100755 --- a/test/ucs-test/tests/10_ldap/25reconnect_uldap +++ b/test/ucs-test/tests/10_ldap/25reconnect_uldap @@ -113,7 +113,7 @@ try: try: lo = _get_connection() _search(lo) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): pass else: fail('Search was successful') @@ -126,7 +126,7 @@ try: _start_delyed(delay=11) try: _search(lo) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): pass else: fail('Search was successful') diff --git a/test/ucs-test/tests/10_ldap/ldap_extension_utils.py b/test/ucs-test/tests/10_ldap/ldap_extension_utils.py index 8593bc4156..edb62c8c0e 100644 --- a/test/ucs-test/tests/10_ldap/ldap_extension_utils.py +++ b/test/ucs-test/tests/10_ldap/ldap_extension_utils.py @@ -107,7 +107,7 @@ def __fetch_schema_from_uri(ldap_uri): while i < attempts: try: return ldap.schema.subentry.urlfetch(ldap_uri) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): if i >= (attempts - 1): raise time.sleep(1) diff --git a/test/ucs-test/tests/52_s4connector/402check_mapping_for_single_value_samba4_attributes b/test/ucs-test/tests/52_s4connector/402check_mapping_for_single_value_samba4_attributes index 3c42ad4d59..905d8a3289 100755 --- a/test/ucs-test/tests/52_s4connector/402check_mapping_for_single_value_samba4_attributes +++ b/test/ucs-test/tests/52_s4connector/402check_mapping_for_single_value_samba4_attributes @@ -86,7 +86,7 @@ def connect(): s4_ldap_bindpw, configRegistry['%s/s4/ldap/certificate' % CONFIGBASENAME], configRegistry['%s/s4/listener/dir' % CONFIGBASENAME]) - except ldap.SERVER_DOWN: + except (ldap.SERVER_DOWN, ldap.TIMEOUT): print "ERROR: Can't initialize LDAP-Connections." raise diff --git a/test/ucs-test/univention/testing/utils.py b/test/ucs-test/univention/testing/utils.py index 3611da7859..c5709accec 100644 --- a/test/ucs-test/univention/testing/utils.py +++ b/test/ucs-test/univention/testing/utils.py @@ -130,9 +130,9 @@ def get_ldap_connection(pwdfile=False, start_tls=2, decode_ignorelist=None, admi if admin_uldap: lo = access(lo=lo) return lo - except ldap.SERVER_DOWN(): + except ldap.SERVER_DOWN: pass - raise ldap.SERVER_DOWN() + raise ldap.SERVER_DOWN def verify_ldap_object(baseDn, expected_attr=None, strict=True, should_exist=True): diff --git a/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/uvmm_ldap.py b/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/uvmm_ldap.py index 8a6bc6ceb3..45190cde2e 100644 --- a/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/uvmm_ldap.py +++ b/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/uvmm_ldap.py @@ -39,7 +39,7 @@ except ImportError: import pickle import univention.config_registry as ucr import univention.uldap -from ldap import LDAPError, SERVER_DOWN +from ldap import LDAPError, SERVER_DOWN, TIMEOUT import univention.admin.uldap import univention.admin.modules import univention.admin.handlers.uvmm.info as uvmm_info @@ -171,7 +171,7 @@ def ldap_annotation(uuid): try: lo, position = univention.admin.uldap.getMachineConnection(ldap_master=False) base = "%s,%s" % (LDAP_INFO_RDN, position.getDn()) - except (SERVER_DOWN, IOError): + except (SERVER_DOWN, TIMEOUT, IOError): raise LdapConnectionError(_('Could not open LDAP-Machine connection')) co = None dn = "%s=%s,%s" % (uvmm_info.mapping.mapName('uuid'), uuid, base) @@ -190,7 +190,7 @@ def ldap_modify(uuid): try: lo, position = univention.admin.uldap.getMachineConnection(ldap_master=True) base = "%s,%s" % (LDAP_INFO_RDN, position.getDn()) - except (SERVER_DOWN, IOError): + except (SERVER_DOWN, TIMEOUT, IOError): raise LdapConnectionError(_('Could not open LDAP-Admin connection')) co = None dn = "%s=%s,%s" % (uvmm_info.mapping.mapName('uuid'), uuid, base)