Univention Bugzilla – Attachment 9603 Details for
Bug 47389
Timeout for python-ldap connections
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
ldap_timeout.patch
ldap_timeout.patch (text/plain), 57.30 KB, created by
Arvid Requate
on 2018-07-23 18:55 CEST
(
hide
)
Description:
ldap_timeout.patch
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2018-07-23 18:55 CEST
Size:
57.30 KB
patch
obsolete
>diff --git a/base/univention-lib/python/admember.py b/base/univention-lib/python/admember.py >index 63ca270e35..f1ac172e68 100644 >--- a/base/univention-lib/python/admember.py >+++ b/base/univention-lib/python/admember.py >@@ -608,7 +608,7 @@ def _server_supports_ssl(server): > lo.start_tls_s() > except ldap.UNAVAILABLE: > return False >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > return False > return True > >diff --git a/base/univention-pam/ldap-group-to-file.py b/base/univention-pam/ldap-group-to-file.py >index 72d8640876..5953380494 100755 >--- a/base/univention-pam/ldap-group-to-file.py >+++ b/base/univention-pam/ldap-group-to-file.py >@@ -108,7 +108,7 @@ if __name__ == '__main__': > > try: > lo = univention.uldap.getMachineConnection(ldap_master=False) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Abort: Can't contact LDAP server." > sys.exit(1) > >diff --git a/base/univention-python/modules/uldap.py b/base/univention-python/modules/uldap.py >index c38d02132e..49f0983bde 100644 >--- a/base/univention-python/modules/uldap.py >+++ b/base/univention-python/modules/uldap.py >@@ -127,7 +127,7 @@ def getBackupConnection(start_tls=2, decode_ignorelist=[], reconnect=True): # t > port = int(ucr.get('ldap/master/port', '7389')) > try: > return access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn='cn=backup,' + ucr['ldap/base'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > if not ucr['ldap/backup']: > raise > backup = ucr['ldap/backup'].split(' ')[0] >@@ -161,7 +161,7 @@ def getMachineConnection(start_tls=2, decode_ignorelist=[], ldap_master=True, se > port = int(ucr.get('ldap/server/port', '7389')) > try: > return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect) >- except ldap.SERVER_DOWN as exc: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: > # ldap/server/name is down, try next server > if not ucr.get('ldap/server/addition'): > raise >@@ -169,7 +169,7 @@ def getMachineConnection(start_tls=2, decode_ignorelist=[], ldap_master=True, se > for server in servers.split(): > try: > return access(host=server, port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > pass > raise exc > >@@ -179,7 +179,7 @@ class access: > The low-level class to access a LDAP server. > """ > >- def __init__(self, host='localhost', port=None, base='', binddn='', bindpw='', start_tls=2, ca_certfile=None, decode_ignorelist=[], use_ldaps=False, uri=None, follow_referral=False, reconnect=True): >+ def __init__(self, host='localhost', port=None, base='', binddn='', bindpw='', start_tls=2, ca_certfile=None, decode_ignorelist=[], use_ldaps=False, uri=None, follow_referral=False, reconnect=True, timeout=None): > """start_tls = 0 (no); 1 (try); 2 (must)""" > self.host = host > self.base = base >@@ -188,6 +188,8 @@ class access: > self.start_tls = start_tls > self.ca_certfile = ca_certfile > self.reconnect = reconnect >+ self.timeout = timeout >+ > > self.port = int(port) if port else None > >@@ -275,6 +277,9 @@ class access: > else: > univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, 'establishing new connection') > self.lo = ldap.initialize(self.uri, trace_stack_limit=None) >+ if self.timeout: >+ ldap.set_option(ldap.OPT_TIMEOUT, self.timeout) >+ ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, self.timeout) > > if ca_certfile: > self.lo.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_certfile) >diff --git a/base/univention-quota/quota.py b/base/univention-quota/quota.py >index 2fdb25b64d..849ea69408 100644 >--- a/base/univention-quota/quota.py >+++ b/base/univention-quota/quota.py >@@ -114,7 +114,7 @@ def _is_container(new, old): > def _get_ldap_connection(): > try: > connection = univention.uldap.getMachineConnection(ldap_master=False) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > connection = univention.uldap.getMachineConnection() > > return connection >diff --git a/management/univention-appcenter/conffiles/create_portal_entries.py b/management/univention-appcenter/conffiles/create_portal_entries.py >index e3be9cfea4..5250e2ec3f 100644 >--- a/management/univention-appcenter/conffiles/create_portal_entries.py >+++ b/management/univention-appcenter/conffiles/create_portal_entries.py >@@ -32,7 +32,7 @@ > > import re > from ldap.dn import escape_dn_chars >-from ldap import SERVER_DOWN >+from ldap import SERVER_DOWN, TIMEOUT > from base64 import b64encode > from copy import copy > from urlparse import urlsplit >@@ -227,7 +227,7 @@ def _handler(ucr, changes): > def handler(ucr, changes): > try: > _handler(ucr, changes) >- except SERVER_DOWN: >- portal_logger.error('LDAP server is not available.') >+ except (SERVER_DOWN, TIMEOUT) as exc: >+ portal_logger.error('LDAP server is not available (%s)' % exc.args[0]) > except Exception: > portal_logger.exception('Exception in UCR module create_portal_entries') >diff --git a/management/univention-appcenter/python/appcenter/actions/credentials.py b/management/univention-appcenter/python/appcenter/actions/credentials.py >index 703c82e7b3..d5c914d283 100644 >--- a/management/univention-appcenter/python/appcenter/actions/credentials.py >+++ b/management/univention-appcenter/python/appcenter/actions/credentials.py >@@ -127,7 +127,7 @@ class CredentialsAction(UniventionAppAction): > raise ConnectionFailedInvalidMachineCredentials() > except ldap.CONNECT_ERROR as exc: > raise ConnectionFailedConnectError(exc) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > raise ConnectionFailedServerDown() > > def _get_admin_connection(self): >@@ -139,7 +139,7 @@ class CredentialsAction(UniventionAppAction): > raise ConnectionFailedInvalidAdminCredentials() > except ldap.CONNECT_ERROR as exc: > raise ConnectionFailedConnectError(exc) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > raise ConnectionFailedServerDown() > > def _get_ldap_connection(self, args, allow_machine_connection=False, allow_admin_connection=True): >@@ -175,7 +175,7 @@ class CredentialsAction(UniventionAppAction): > return get_connection(userdn, password) > except ldap.CONNECT_ERROR as exc: > raise ConnectionFailedConnectError(exc) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > raise ConnectionFailedServerDown() > except ldap.INVALID_CREDENTIALS: > time.sleep(0.1) >diff --git a/management/univention-directory-listener/src/notifier.c b/management/univention-directory-listener/src/notifier.c >index 45082395eb..e598ea304e 100644 >--- a/management/univention-directory-listener/src/notifier.c >+++ b/management/univention-directory-listener/src/notifier.c >@@ -184,7 +184,7 @@ int notifier_listen(univention_ldap_parameters_t *lp, bool write_transaction_fil > to reconnect */ > while ((rv = change_update_dn(&trans)) != LDAP_SUCCESS) { > univention_debug(UV_DEBUG_LISTENER, UV_DEBUG_ERROR, "change_update_dn failed: %d", rv); >- if (rv == LDAP_SERVER_DOWN) >+ if (rv == LDAP_SERVER_DOWN || rv == LDAP_TIMEOUT) > if ((rv = connect_to_ldap(trans.lp)) == 0) > continue; > goto out; >diff --git a/management/univention-directory-listener/src/utils.h b/management/univention-directory-listener/src/utils.h >index c139b9dc3a..2b0ed118c0 100644 >--- a/management/univention-directory-listener/src/utils.h >+++ b/management/univention-directory-listener/src/utils.h >@@ -41,7 +41,7 @@ extern int get_ldap_retries(); > ldap_retries = get_ldap_retries(); \ > do { \ > _rv = (cmd); \ >- if (_rv != LDAP_SERVER_DOWN) \ >+ if (_rv != LDAP_SERVER_DOWN && _rv != LDAP_TIMEOUT) \ > break; \ > while (_retry < ldap_retries && univention_ldap_open(lp) != LDAP_SUCCESS) \ > sleep(1 << (_retry++ % 6)); \ >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/syntax.py b/management/univention-directory-manager-modules/modules/univention/admin/syntax.py >index d2fc3d563d..63e3efc0d0 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/syntax.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/syntax.py >@@ -1817,7 +1817,7 @@ class ldapFilter(simple): > lo.search_ext_s('', ldap.SCOPE_BASE, text) > except ldap.FILTER_ERROR: > raise univention.admin.uexceptions.valueError(_('Not a valid LDAP search filter')) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > pass > finally: > lo.unbind() >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/uldap.py b/management/univention-directory-manager-modules/modules/univention/admin/uldap.py >index 23665817dc..570844ae5d 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/uldap.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/uldap.py >@@ -135,7 +135,7 @@ def getBaseDN(host='localhost', port=None, uri=None): # type: (str, Optional[in > lo = ldap.ldapobject.ReconnectLDAPObject(uri, trace_stack_limit=None) > result = lo.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ['NamingContexts']) > return result[0][1]['namingContexts'][0] >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > time.sleep(60) > lo = ldap.ldapobject.ReconnectLDAPObject(uri, trace_stack_limit=None) > result = lo.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ['NamingContexts']) >@@ -498,7 +498,7 @@ class access: > def start_tls(self): > return self.lo.start_tls > >- def __init__(self, host='localhost', port=None, base='', binddn='', bindpw='', start_tls=2, lo=None, follow_referral=False): >+ def __init__(self, host='localhost', port=None, base='', binddn='', bindpw='', start_tls=2, lo=None, follow_referral=False, timeout=None): > """ > :param str host: The hostname of the LDAP server. > :param int port: The TCP port number of the LDAP server. >@@ -506,9 +506,7 @@ class access: > :param str binddn: The distinguished name of the account. > :param str bindpw: The user password for simple authentication. > :param int start_tls: Negotiate TLS with server. If `2` is given, the command will require the operation to be successful. >- :param univention.uldap.access: Low-level >- >- :param str uri: A complete LDAP URI. >+ :param univention.uldap.access lo: Low-level > """ > if lo: > self.lo = lo >@@ -516,7 +514,7 @@ class access: > if not port: > port = int(configRegistry.get('ldap/server/port', 7389)) > try: >- self.lo = univention.uldap.access(host, port, base, binddn, bindpw, start_tls, follow_referral=follow_referral) >+ self.lo = univention.uldap.access(host, port, base, binddn, bindpw, start_tls, follow_referral=follow_referral, timeout=timeout) > except ldap.INVALID_CREDENTIALS: > raise univention.admin.uexceptions.authFail(_("Authentication failed")) > except ldap.UNWILLING_TO_PERFORM: >diff --git a/management/univention-directory-manager-modules/modules/univention/admincli/admin.py b/management/univention-directory-manager-modules/modules/univention/admincli/admin.py >index 9273e7422e..650b0f3873 100755 >--- a/management/univention-directory-manager-modules/modules/univention/admincli/admin.py >+++ b/management/univention-directory-manager-modules/modules/univention/admincli/admin.py >@@ -396,7 +396,7 @@ def doit(arglist): > out = [] > try: > out = _doit(arglist) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > return out + ["E: The LDAP Server is currently not available.", "OPERATION FAILED"] > except univention.admin.uexceptions.base, e: > univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, traceback.format_exc()) >diff --git a/management/univention-directory-manager-modules/scripts/convert-user-base64-photos b/management/univention-directory-manager-modules/scripts/convert-user-base64-photos >index 906f824daa..052f480636 100755 >--- a/management/univention-directory-manager-modules/scripts/convert-user-base64-photos >+++ b/management/univention-directory-manager-modules/scripts/convert-user-base64-photos >@@ -112,6 +112,6 @@ if __name__ == '__main__': > # action! > try: > run(args[0], verbose=options.verbose) >- except ldap.SERVER_DOWN as e: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT) as e: > print >>sys.stderr, 'ERROR: could not contact LDAP server: %s' % e > sys.exit(1) >diff --git a/management/univention-management-console/src/univention/management/console/base.py b/management/univention-management-console/src/univention/management/console/base.py >index e198a10152..b535634e8a 100644 >--- a/management/univention-management-console/src/univention/management/console/base.py >+++ b/management/univention-management-console/src/univention/management/console/base.py >@@ -296,7 +296,7 @@ class Base(signals.Provider, Translation): > exc = exc.original_exception > if isinstance(exc, udm_errors.ldapError) and isinstance(getattr(exc, 'original_exception', None), ldap.INVALID_CREDENTIALS): > exc = exc.original_exception >- if isinstance(exc, ldap.SERVER_DOWN): >+ if isinstance(exc, ldap.SERVER_DOWN) or isinstance(exc, ldap.TIMEOUT): > raise LDAP_ServerDown() > if isinstance(exc, ldap.CONNECT_ERROR): > raise LDAP_ConnectionFailed(exc) >diff --git a/services/univention-ad-connector/modules/univention/connector/__init__.py b/services/univention-ad-connector/modules/univention/connector/__init__.py >index 08c1e2bbd6..d7be476d5f 100644 >--- a/services/univention-ad-connector/modules/univention/connector/__init__.py >+++ b/services/univention-ad-connector/modules/univention/connector/__init__.py >@@ -119,7 +119,7 @@ def dictonary_lowercase(dict): > else: > try: # should be string > return dict.lower() >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > pass >@@ -131,7 +131,7 @@ def compare_lowercase(val1, val2): > return True > else: > return False >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > return False >@@ -478,7 +478,7 @@ class ucs: > ud.debug(ud.LDAP, ud.INFO, 'Lost connection to the LDAP server. Trying to reconnect ...') > try: > self.open_ucs() >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > ud.debug(ud.LDAP, ud.INFO, 'LDAP-Server seems to be down') > raise search_exception > >@@ -487,7 +487,7 @@ class ucs: > if '%s/debug/function' % self.CONFIGBASENAME in self.baseConfig: > try: > function_level = int(self.baseConfig['%s/debug/function' % self.CONFIGBASENAME]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > function_level = 0 >@@ -615,7 +615,7 @@ class ucs: > try: > ret.append((self._decode_dn_from_config_option(d1), self._decode_dn_from_config_option(self._get_config_option(config_space, d1)))) > return_update = True >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > count = count + 1 >@@ -753,7 +753,7 @@ class ucs: > change_type = "add" > old_dn = '' # there may be an old_dn if object was moved from ignored container > ud.debug(ud.LDAP, ud.INFO, "__sync_file_from_ucs: objected was added") >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: > # the ignore_object method might throw an exception if the subschema will be synced >@@ -784,7 +784,7 @@ class ucs: > return False > else: > return True >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._save_rejected_ucs(filename, dn) >@@ -835,7 +835,7 @@ class ucs: > > ucs_object = univention.admin.objects.get(module, co=None, lo=self.lo, position='', dn=searchdn) > ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object found: %s" % searchdn) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object search failed: %s" % searchdn) >@@ -906,7 +906,7 @@ class ucs: > pass > self._remove_rejected_ucs(filename) > change_counter += 1 >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._save_rejected_ucs(filename, dn) >@@ -988,7 +988,7 @@ class ucs: > for i in [0, 1]: # do it twice if the LDAP connection was closed > try: > sync_successfull = self.__sync_file_from_ucs(filename, traceback_level=traceback_level) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > # once again, ldap idletimeout ... > if i == 0: > self.open_ucs() >@@ -1202,7 +1202,7 @@ class ucs: > return True > else: > ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object from %s to %s" % (object['olddn'], object['dn'])) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object in UCS") >@@ -1277,7 +1277,7 @@ class ucs: > if not self.sync_to_ucs(key, subobject, object_mapping['dn']): > try: > ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed") >@@ -1380,7 +1380,7 @@ class ucs: > except univention.admin.uexceptions.valueMayNotChange, msg: > ud.debug(ud.LDAP, ud.ERROR, "Value may not change: %s (%s)" % (msg, object['dn'])) > return False >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > # LDAP idletimeout? try once again > if retry: > self.open_ucs() >@@ -1468,7 +1468,7 @@ class ucs: > return True > else: > return False >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: > ud.debug(ud.LDAP, ud.WARN, "attribute_filter: Failed to convert attributes for bitwise filter") >diff --git a/services/univention-ad-connector/modules/univention/connector/ad/__init__.py b/services/univention-ad-connector/modules/univention/connector/ad/__init__.py >index 02f1293f37..0f0cfe0866 100644 >--- a/services/univention-ad-connector/modules/univention/connector/ad/__init__.py >+++ b/services/univention-ad-connector/modules/univention/connector/ad/__init__.py >@@ -161,7 +161,7 @@ def encode_ad_object(ad_object): > else: > try: > ad_object[key] = encode_attriblist(ad_object[key]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.WARN, "encode_ad_object: encode attrib %s failed, ignored!" % key) >@@ -1061,7 +1061,7 @@ class ad(univention.connector.ucs): > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.INFO, "get_object: got object: <print failed>") > return encode_ad_object(ad_object) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > pass >@@ -1164,7 +1164,7 @@ class ad(univention.connector.ucs): > else: > # Every object has got a uSNCreated > returnObjects = search_ad_changes_by_attribute('uSNCreated', lastUSN + 1) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except ldap.SIZELIMIT_EXCEEDED: > # The LDAP control page results was not sucessful. Without this control >@@ -1580,7 +1580,7 @@ class ad(univention.connector.ucs): > ad_members_from_ucs.append(ad_dn.lower()) > self.group_mapping_cache_ucs[member_dn.lower()] = ad_dn > self.__group_cache_ucs_append_member(object_ucs['dn'], member_dn) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: failed to get dn from ad, assume object doesn't exist") >@@ -1601,7 +1601,7 @@ class ad(univention.connector.ucs): > elif self._ignore_object(key, {'dn': member_dn, 'attributes': ad_object}): > ad_members_from_ucs.append(member_dn.lower()) > ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: Object ignored in AD [%s], key = [%s]" % (ucs_dn, key)) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._debug_traceback(ud.INFO, "group_members_sync_from_ucs: failed to get dn from ad which is groupmember") >@@ -1672,7 +1672,7 @@ class ad(univention.connector.ucs): > > try: > self.lo_ad.lo.modify_s(compatible_modstring(object['dn']), [(ldap.MOD_REPLACE, 'member', modlist_members)]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.WARN, "group_members_sync_from_ucs: failed to sync members: (%s,%s)" % (object['dn'], [(ldap.MOD_REPLACE, 'member', modlist_members)])) >@@ -1849,7 +1849,7 @@ class ad(univention.connector.ucs): > self.__group_cache_con_append_member(ad_object['dn'], member_dn) > else: > ud.debug(ud.LDAP, ud.INFO, "Failed to find %s via self.lo.get" % ucs_dn) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.INFO, "group_members_sync_to_ucs: failed to get dn from ucs, assume object doesn't exist") >@@ -1882,7 +1882,7 @@ class ad(univention.connector.ucs): > ucs_members_from_ad[k].append(member_dn.lower()) > break > >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._debug_traceback(ud.INFO, "group_members_sync_to_ucs: failed to get dn from ucs which is groupmember") >@@ -2109,7 +2109,7 @@ class ad(univention.connector.ucs): > sync_successfull = self.sync_to_ucs(property_key, mapped_object, dn) > else: > sync_successfull = True >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._debug_traceback(ud.ERROR, "sync of rejected object failed \n\t%s" % (object['dn'])) >@@ -2119,7 +2119,7 @@ class ad(univention.connector.ucs): > self._remove_rejected(id) > self.__update_lastUSN(object) > self._set_DN_for_GUID(elements[0][1]['objectGUID'][0], elements[0][0]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except Exception: > self._debug_traceback(ud.ERROR, "unexpected Error during ad.resync_rejected") >@@ -2138,7 +2138,7 @@ class ad(univention.connector.ucs): > changes = [] > try: > changes = self.__search_ad_changes(show_deleted=show_deleted) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._debug_traceback(ud.WARN, "Exception during search_ad_changes") >@@ -2195,7 +2195,7 @@ class ad(univention.connector.ucs): > sync_successfull = self.sync_to_ucs(property_key, mapped_object, object['dn']) > else: > sync_successfull = True >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except univention.admin.uexceptions.ldapError, msg: > ud.debug(ud.LDAP, ud.INFO, "Exception during poll with message (1) %s" % msg) >@@ -2222,7 +2222,7 @@ class ad(univention.connector.ucs): > try: > GUID = old_element[1]['objectGUID'][0] > self._set_DN_for_GUID(GUID, old_element[0]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._debug_traceback(ud.WARN, "Exception during set_DN_for_GUID") >@@ -2286,7 +2286,7 @@ class ad(univention.connector.ucs): > # the old object was moved in UCS, but does this object exist in AD? > try: > old_object = self.lo_ad.get(compatible_modstring(old_dn)) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: > old_object = None >@@ -2553,7 +2553,7 @@ class ad(univention.connector.ucs): > if not self.sync_from_ucs(key, subobject, object_mapping['dn']): > try: > ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed") >diff --git a/services/univention-ad-connector/modules/univention/connector/ad/main.py b/services/univention-ad-connector/modules/univention/connector/ad/main.py >index a47967e498..31bdefc7a9 100755 >--- a/services/univention-ad-connector/modules/univention/connector/ad/main.py >+++ b/services/univention-ad-connector/modules/univention/connector/ad/main.py >@@ -191,7 +191,7 @@ def connect(): > baseConfig['%s/ad/listener/dir' % CONFIGBASENAME] > ) > ad_init = True >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Warning: Can't initialize LDAP-Connections, wait..." > sys.stdout.flush() > time.sleep(poll_sleep) >@@ -204,7 +204,7 @@ def connect(): > try: > ad.initialize_ucs() > ucs_init = True >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Can't contact LDAP server during ucs-poll, sync not possible." > sys.stdout.flush() > time.sleep(poll_sleep) >@@ -215,7 +215,7 @@ def connect(): > try: > ad.initialize() > ad_init = True >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Can't contact LDAP server during ucs-poll, sync not possible." > sys.stdout.flush() > time.sleep(poll_sleep) >@@ -239,7 +239,7 @@ def connect(): > continue > else: > break >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Can't contact LDAP server during ucs-poll, sync not possible." > connected = False > sys.stdout.flush() >@@ -255,7 +255,7 @@ def connect(): > continue > else: > break >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Can't contact LDAP server during ad-poll, sync not possible." > connected = False > sys.stdout.flush() >@@ -268,7 +268,7 @@ def connect(): > retry_rejected = 0 > else: > retry_rejected += 1 >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Can't contact LDAP server during resync rejected, sync not possible." > connected = False > sys.stdout.flush() >diff --git a/services/univention-ad-connector/scripts/make-deleted-objects-readable-for-this-machine b/services/univention-ad-connector/scripts/make-deleted-objects-readable-for-this-machine >index 04a1043727..49b1b30dcd 100755 >--- a/services/univention-ad-connector/scripts/make-deleted-objects-readable-for-this-machine >+++ b/services/univention-ad-connector/scripts/make-deleted-objects-readable-for-this-machine >@@ -171,7 +171,7 @@ class AD_DSACL_modifier(): > self.ucr['%s/ad/ldap/certificate' % CONFIGBASENAME] > ) > ad_init = True >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Warning: Can't initialize LDAP-Connections, wait..." > sys.stdout.flush() > time.sleep(poll_sleep) >diff --git a/services/univention-ad-connector/scripts/well-known-sid-object-rename b/services/univention-ad-connector/scripts/well-known-sid-object-rename >index 665edc6cd0..9033894766 100755 >--- a/services/univention-ad-connector/scripts/well-known-sid-object-rename >+++ b/services/univention-ad-connector/scripts/well-known-sid-object-rename >@@ -184,7 +184,7 @@ class Well_Known_SID_object_renamer(): > self.ucr['%s/ad/ldap/certificate' % CONFIGBASENAME] > ) > ad_init = True >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Warning: Can't initialize LDAP-Connections, wait..." > sys.stdout.flush() > time.sleep(poll_sleep) >diff --git a/services/univention-radius/usr/bin/univention-radius-check-access b/services/univention-radius/usr/bin/univention-radius-check-access >index 3efc07f34b..a99d5c8ec2 100644 >--- a/services/univention-radius/usr/bin/univention-radius-check-access >+++ b/services/univention-radius/usr/bin/univention-radius-check-access >@@ -37,7 +37,7 @@ from univention.networkaccess import traceStationWhitelist > import optparse > import sys > import univention.uldap >-from ldap import SERVER_DOWN >+from ldap import SERVER_DOWN, TIMEOUT > > > def main(): >@@ -49,7 +49,7 @@ def main(): > try: > # try ldap/server/name, then each of ldap/server/addition > ldapConnection = univention.uldap.getMachineConnection(ldap_master=False, reconnect=False) >- except SERVER_DOWN: >+ except (SERVER_DOWN, TIMEOUT): > # then master dc > ldapConnection = univention.uldap.getMachineConnection() > exitCode = 0 >diff --git a/services/univention-radius/usr/bin/univention-radius-ntlm-auth b/services/univention-radius/usr/bin/univention-radius-ntlm-auth >index b302cd2f6f..c1f4668a2f 100644 >--- a/services/univention-radius/usr/bin/univention-radius-ntlm-auth >+++ b/services/univention-radius/usr/bin/univention-radius-ntlm-auth >@@ -37,7 +37,7 @@ import optparse > import sys > import univention.pyMsChapV2 as pyMsChapV2 > import univention.uldap >-from ldap import SERVER_DOWN >+from ldap import SERVER_DOWN, TIMEOUT > > > def main(): >@@ -74,7 +74,7 @@ def main(): > try: > # try ldap/server/name, then each of ldap/server/addition > ldapConnection = univention.uldap.getMachineConnection(ldap_master=False, reconnect=False) >- except SERVER_DOWN: >+ except (SERVER_DOWN, TIMEOUT): > # then master dc > ldapConnection = univention.uldap.getMachineConnection() > PasswordHash = getNTPasswordHash(ldapConnection, options.Username, stationId) >diff --git a/services/univention-s4-connector/modules/univention/s4connector/__init__.py b/services/univention-s4-connector/modules/univention/s4connector/__init__.py >index a1ef180c33..2e9b1a191a 100644 >--- a/services/univention-s4-connector/modules/univention/s4connector/__init__.py >+++ b/services/univention-s4-connector/modules/univention/s4connector/__init__.py >@@ -136,7 +136,7 @@ def dictonary_lowercase(dict): > else: > try: # should be string > return dict.lower() >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > pass >@@ -152,7 +152,7 @@ def compare_lowercase(val1, val2): > return True > else: > return False >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > return False >@@ -533,8 +533,8 @@ class ucs: > self.open_ucs() > result = self.lo.search(filter=filter, base=base, scope=scope, attr=attr, unique=unique, required=required, timeout=timeout, sizelimit=sizelimit) > return result >- except ldap.SERVER_DOWN, e: >- ud.debug(ud.LDAP, ud.INFO, 'LDAP-Server seems to be down') >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: >+ ud.debug(ud.LDAP, ud.INFO, 'LDAP-Server seems to be down (%s)' % exc.args[0]) > raise search_exception > > def init_debug(self): >@@ -542,7 +542,7 @@ class ucs: > if '%s/debug/function' % self.CONFIGBASENAME in self.baseConfig: > try: > function_level = int(self.baseConfig['%s/debug/function' % self.CONFIGBASENAME]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > function_level = 0 >@@ -707,7 +707,7 @@ class ucs: > try: > ret.append((self._decode_dn_from_config_option(d1), self._decode_dn_from_config_option(self._get_config_option(config_space, d1)))) > return_update = True >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > count = count + 1 >@@ -868,7 +868,7 @@ class ucs: > change_type = "add" > old_dn = '' # there may be an old_dn if object was moved from ignored container > ud.debug(ud.LDAP, ud.INFO, "__sync_file_from_ucs: object was added: %s" % dn) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: > # the ignore_object method might throw an exception if the subschema will be synced >@@ -900,7 +900,7 @@ class ucs: > return False > else: > return True >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except ldap.NO_SUCH_OBJECT: > self._save_rejected_ucs(filename, dn) >@@ -937,7 +937,7 @@ class ucs: > return None > except ldap.INVALID_SYNTAX: > return None >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > self.open_ucs() > continue > >@@ -957,7 +957,7 @@ class ucs: > return None > except ldap.INVALID_SYNTAX: > return None >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > self.open_ucs() > continue > >@@ -986,7 +986,7 @@ class ucs: > > ucs_object = univention.admin.objects.get(module, co=None, lo=self.lo, position='', dn=searchdn) > ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object found: %s" % searchdn) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object search failed: %s" % searchdn) >@@ -1057,7 +1057,7 @@ class ucs: > pass > self._remove_rejected_ucs(filename) > change_counter += 1 >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._save_rejected_ucs(filename, dn) >@@ -1118,7 +1118,7 @@ class ucs: > for i in [0, 1]: # do it twice if the LDAP connection was closed > try: > sync_successfull = self.__sync_file_from_ucs(filename, traceback_level=traceback_level) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > # once again, ldap idletimeout ... > if i == 0: > self.open_ucs() >@@ -1381,7 +1381,7 @@ class ucs: > return True > else: > ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object from %s to %s" % (object['olddn'], object['dn'])) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object in UCS") >@@ -1475,7 +1475,7 @@ class ucs: > if not self.sync_to_ucs(key, subobject_ucs, back_mapped_subobject['dn'], object): > try: > ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed") >@@ -1508,7 +1508,7 @@ class ucs: > > try: > ud.debug(ud.LDAP, ud.PROCESS, 'sync to ucs: [%14s] [%10s] %s' % (property_type, object['modtype'], object['dn'])) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.PROCESS, 'sync to ucs...') >@@ -1610,7 +1610,7 @@ class ucs: > ud.debug(ud.LDAP, ud.INFO, "Call post_ucs_modify_functions: %s" % f) > f(self, property_type, object) > ud.debug(ud.LDAP, ud.INFO, "Call post_ucs_modify_functions: %s (done)" % f) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._debug_traceback(ud.ERROR, "failed in post_con_modify_functions") >@@ -1633,7 +1633,7 @@ class ucs: > except univention.admin.uexceptions.valueMayNotChange, msg: > ud.debug(ud.LDAP, ud.ERROR, "Value may not change: %s (%s)" % (msg, object['dn'])) > return False >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._debug_traceback(ud.ERROR, "Unknown Exception during sync_to_ucs") >@@ -1716,7 +1716,7 @@ class ucs: > return True > else: > return False >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: > ud.debug(ud.LDAP, ud.WARN, "attribute_filter: Failed to convert attributes for bitwise filter") >diff --git a/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py b/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py >index ba9d456dee..f16026f684 100644 >--- a/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py >+++ b/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py >@@ -192,7 +192,7 @@ def encode_s4_object(s4_object): > else: > try: > s4_object[key] = encode_attriblist(s4_object[key]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.WARN, "encode_s4_object: encode attrib %s failed, ignored!" % key) >@@ -1123,7 +1123,7 @@ class s4(univention.s4connector.ucs): > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.INFO, "get_object: got object: <print failed>") > return dn >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > if i == 0: > self.open_s4() > continue >@@ -1191,7 +1191,7 @@ class s4(univention.s4connector.ucs): > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.INFO, "get_object: got object: <print failed>") > return encode_s4_object(s4_object) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > if i == 0: > self.open_s4() > continue >@@ -1320,7 +1320,7 @@ class s4(univention.s4connector.ucs): > else: > # Every object has got a uSNCreated > returnObjects = search_s4_changes_by_attribute('uSNCreated', lastUSN + 1) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except ldap.SIZELIMIT_EXCEEDED: > # The LDAP control page results was not sucessful. Without this control >@@ -1735,7 +1735,7 @@ class s4(univention.s4connector.ucs): > s4_members_from_ucs.add(s4_dn.lower()) > self.group_member_mapping_cache_ucs[member_dn.lower()] = s4_dn > self.__group_cache_ucs_append_member(object_ucs_dn, member_dn) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: failed to get S4 dn for UCS group member %s, assume object doesn't exist" % member_dn) >@@ -1759,7 +1759,7 @@ class s4(univention.s4connector.ucs): > ## Keep the member in Samba/AD if it's also present in OpenLDAP but ignored in synchronization? > s4_members_from_ucs.add(member_dn.lower()) > ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: Object ignored in S4 [%s], key = [%s]" % (ucs_dn, mo_key)) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._debug_traceback(ud.INFO, "group_members_sync_from_ucs: failed to get UCS dn for S4 group member %s" % member_dn) >@@ -1826,7 +1826,7 @@ class s4(univention.s4connector.ucs): > ud.debug(ud.LDAP, ud.ALL, "group_members_sync_from_ucs: modlist: %s" % modlist_members) > try: > self.lo_s4.lo.modify_s(compatible_modstring(object['dn']), [(ldap.MOD_REPLACE, 'member', modlist_members)]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.WARN, "group_members_sync_from_ucs: failed to sync members: (%s,%s)" % (object['dn'], [(ldap.MOD_REPLACE, 'member', modlist_members)])) >@@ -2013,7 +2013,7 @@ class s4(univention.s4connector.ucs): > self.__group_cache_con_append_member(s4_object_dn, member_dn) > else: > ud.debug(ud.LDAP, ud.INFO, "Failed to find %s via self.lo.get" % ucs_dn) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.INFO, "group_members_sync_to_ucs: failed to get UCS dn for S4 group member %s, assume object doesn't exist" % member_dn) >@@ -2047,7 +2047,7 @@ class s4(univention.s4connector.ucs): > ucs_members_from_s4[k].append(member_dn_lower) > break > >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._debug_traceback(ud.INFO, "group_members_sync_to_ucs: failed to get S4 dn for UCS group member %s" % member_dn) >@@ -2254,7 +2254,7 @@ class s4(univention.s4connector.ucs): > sync_successfull = self.sync_to_ucs(property_key, mapped_object, dn, object) > else: > sync_successfull = True >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._debug_traceback(ud.ERROR, "sync of rejected object failed \n\t%s" % (object['dn'])) >@@ -2264,7 +2264,7 @@ class s4(univention.s4connector.ucs): > self._remove_rejected(id) > self.__update_lastUSN(object) > self._set_DN_for_GUID(elements[0][1]['objectGUID'][0], elements[0][0]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except Exception, msg: > self._debug_traceback(ud.ERROR, "unexpected Error during s4.resync_rejected") >@@ -2282,7 +2282,7 @@ class s4(univention.s4connector.ucs): > changes = [] > try: > changes = self.__search_s4_changes(show_deleted=show_deleted) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._debug_traceback(ud.WARN, "Exception during search_s4_changes") >@@ -2299,7 +2299,7 @@ class s4(univention.s4connector.ucs): > # Check if the connection to UCS ldap exists. Otherwise re-create the session. > try: > self.search_ucs(scope=ldap.SCOPE_BASE) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > ud.debug(ud.LDAP, ud.INFO, "UCS LDAP connection was closed, re-open the connection.") > self.open_ucs() > >@@ -2346,7 +2346,7 @@ class s4(univention.s4connector.ucs): > sync_successfull = self.sync_to_ucs(property_key, mapped_object, object['dn'], object) > else: > sync_successfull = True >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > ud.debug(ud.LDAP, ud.ERROR, "Got server downn during sync, re-open ucs and s4 the connection") > time.sleep(1) > self.open_ucs() >@@ -2378,7 +2378,7 @@ class s4(univention.s4connector.ucs): > try: > GUID = old_element[1]['objectGUID'][0] > self._set_DN_for_GUID(GUID, old_element[0]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > self._debug_traceback(ud.WARN, "Exception during set_DN_for_GUID") >@@ -2446,7 +2446,7 @@ class s4(univention.s4connector.ucs): > # the old object was moved in UCS, but does this object exist in S4? > try: > old_object = self.lo_s4.lo.search_ext_s(compatible_modstring(old_dn), ldap.SCOPE_BASE, 'objectClass=*', timeout=-1, sizelimit=0) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: > old_object = None >@@ -2812,7 +2812,7 @@ class s4(univention.s4connector.ucs): > if not self.sync_from_ucs(key, subobject_s4, back_mapped_subobject['dn']): > try: > ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0]) >- except (ldap.SERVER_DOWN, SystemExit): >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT, SystemExit): > raise > except: # FIXME: which exception is to be caught? > ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed") >diff --git a/services/univention-s4-connector/modules/univention/s4connector/s4/main.py b/services/univention-s4-connector/modules/univention/s4connector/s4/main.py >index 7af084ce9d..26ec609e57 100755 >--- a/services/univention-s4-connector/modules/univention/s4connector/s4/main.py >+++ b/services/univention-s4-connector/modules/univention/s4connector/s4/main.py >@@ -166,7 +166,7 @@ def connect(): > baseConfig['%s/s4/listener/dir' % CONFIGBASENAME] > ) > s4_init = True >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Warning: Can't initialize LDAP-Connections, wait..." > sys.stdout.flush() > time.sleep(poll_sleep) >@@ -179,7 +179,7 @@ def connect(): > try: > s4.initialize_ucs() > ucs_init = True >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Can't contact LDAP server during ucs-poll, sync not possible." > sys.stdout.flush() > time.sleep(poll_sleep) >@@ -190,7 +190,7 @@ def connect(): > try: > s4.initialize() > s4_init = True >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Can't contact LDAP server during ucs-poll, sync not possible." > sys.stdout.flush() > time.sleep(poll_sleep) >@@ -214,7 +214,7 @@ def connect(): > continue > else: > break >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Can't contact LDAP server during ucs-poll, sync not possible." > connected = False > sys.stdout.flush() >@@ -230,7 +230,7 @@ def connect(): > continue > else: > break >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Can't contact LDAP server during s4-poll, sync not possible." > connected = False > sys.stdout.flush() >@@ -243,7 +243,7 @@ def connect(): > retry_rejected = 0 > else: > retry_rejected += 1 >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "Can't contact LDAP server during resync rejected, sync not possible." > connected = False > sys.stdout.flush() >diff --git a/services/univention-s4-connector/scripts/adjust_obsolete_gpo_and_wmi_rejects b/services/univention-s4-connector/scripts/adjust_obsolete_gpo_and_wmi_rejects >index 23ef091298..71b212e387 100755 >--- a/services/univention-s4-connector/scripts/adjust_obsolete_gpo_and_wmi_rejects >+++ b/services/univention-s4-connector/scripts/adjust_obsolete_gpo_and_wmi_rejects >@@ -230,7 +230,7 @@ def connect(): > configRegistry['%s/s4/ldap/certificate' % CONFIGBASENAME], > configRegistry['%s/s4/listener/dir' % CONFIGBASENAME] > ) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "ERROR: Can't initialize LDAP-Connections." > raise > >diff --git a/services/univention-s4-connector/sync_krbtgt b/services/univention-s4-connector/sync_krbtgt >index 1f1d0e36bc..49b21ec36f 100755 >--- a/services/univention-s4-connector/sync_krbtgt >+++ b/services/univention-s4-connector/sync_krbtgt >@@ -92,9 +92,9 @@ class S4: > try: > self.lo_s4 = univention.uldap.access(host=ldap_host_s4, port=ldap_port_s4, base=self.ldap_base_s4, binddn=ldap_binddn_s4, bindpw=ldap_bindpw_s4, start_tls=tls_mode, ca_certfile=ldap_certificate_s4, decode_ignorelist=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord', 'member', 'unicodePwd'], uri=ldap_uri_s4) > self.lo_s4.lo.set_option(ldap.OPT_REFERRALS, 0) >- except ldap.SERVER_DOWN: >- print "Can't initialize Samba4 LDAP connection" >- raise ldap.SERVER_DOWN >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: >+ print "Can't initialize Samba4 LDAP connection (%s)" % exc.args[0] >+ raise > > def open_ucs(self, binddn, bindpwd): > if not binddn: >@@ -110,9 +110,9 @@ class S4: > > try: > self.lo = univention.admin.uldap.access(host=self.ucr['ldap/master'], base=self.ucr['ldap/base'], binddn=binddn, bindpw=bindpwd, start_tls=2) >- except ldap.SERVER_DOWN: >- print "Can't initialize UCS LDAP connection" >- raise ldap.SERVER_DOWN >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: >+ print "Can't initialize UCS LDAP connection (%s)" % exc.args[0] >+ raise > > def _object_mapping(self, key, object, connection): > return key >@@ -135,9 +135,9 @@ class S4: > ud.debug(ud.LDAP, ud.PROCESS, "The Samba4 user (krbtgt) was not found.") > print "The Samba4 user (krbtgt) was not found." > return >- except ldap.SERVER_DOWN: >- print "Can't initialize Samba4 LDAP connection" >- raise ldap.SERVER_DOWN >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: >+ print "Can't initialize Samba4 LDAP connection (%s)" % exc.args[0] >+ raise > if not res_s4: > ud.debug(ud.LDAP, ud.PROCESS, " The Samba4 user (krbtgt) was not found." % username) > print "\nThe Samba4 user (krbtgt) was not found." % username >@@ -194,7 +194,7 @@ def main(): > try: > s4 = S4(options.ucrbase, options.binddn, options.bindpwd) > s4.sync_password() >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > sys.exit(1) > > >diff --git a/services/univention-s4-connector/univention-password_sync_ucs_to_s4 b/services/univention-s4-connector/univention-password_sync_ucs_to_s4 >index 4430149a0a..54720c507b 100644 >--- a/services/univention-s4-connector/univention-password_sync_ucs_to_s4 >+++ b/services/univention-s4-connector/univention-password_sync_ucs_to_s4 >@@ -92,9 +92,9 @@ class S4: > try: > self.lo_s4 = univention.uldap.access(host=ldap_host_s4, port=ldap_port_s4, base=self.ldap_base_s4, binddn=ldap_binddn_s4, bindpw=ldap_bindpw_s4, start_tls=tls_mode, ca_certfile=ldap_certificate_s4, decode_ignorelist=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord', 'member', 'unicodePwd'], uri=ldap_uri_s4) > self.lo_s4.lo.set_option(ldap.OPT_REFERRALS, 0) >- except ldap.SERVER_DOWN: >- print "Can't initialize Samba4 LDAP connection" >- raise ldap.SERVER_DOWN >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: >+ print "Can't initialize Samba4 LDAP connection (%s)" % exc.args[0] >+ raise > > def open_ucs(self, binddn, bindpwd): > if not binddn: >@@ -110,9 +110,9 @@ class S4: > > try: > self.lo = univention.admin.uldap.access(host=self.ucr['ldap/master'], base=self.ucr['ldap/base'], binddn=binddn, bindpw=bindpwd, start_tls=2) >- except ldap.SERVER_DOWN: >- print "Can't initialize UCS LDAP connection" >- raise ldap.SERVER_DOWN >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: >+ print "Can't initialize UCS LDAP connection (%s)" % exc.args[0] >+ raise > > def _object_mapping(self, key, object, connection): > return key >@@ -137,9 +137,9 @@ class S4: > ud.debug(ud.LDAP, ud.PROCESS, "password_ucs_to_s4: The Samba4 user (%s) was not found." % username) > print "password_ucs_to_s4: The Samba4 user (%s) was not found." % username > return >- except ldap.SERVER_DOWN: >- print "Can't initialize Samba4 LDAP connection" >- raise ldap.SERVER_DOWN >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT) as exc: >+ print "Can't initialize Samba4 LDAP connection (%s)" % exc.args[0] >+ raise > if not res: > ud.debug(ud.LDAP, ud.PROCESS, "password_ucs_to_s4: The Samba4 user (%s) was not found." % username) > print "\npassword_ucs_to_s4: The Samba4 user (%s) was not found." % username >@@ -167,7 +167,7 @@ def main(): > try: > s4 = S4(options.ucrbase, options.binddn, options.bindpwd) > s4.sync_password(args[0]) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > sys.exit(1) > > >diff --git a/test/ucs-test/tests/10_ldap/25reconnect_uldap b/test/ucs-test/tests/10_ldap/25reconnect_uldap >index 308c3afa07..a5094a9a33 100755 >--- a/test/ucs-test/tests/10_ldap/25reconnect_uldap >+++ b/test/ucs-test/tests/10_ldap/25reconnect_uldap >@@ -113,7 +113,7 @@ try: > try: > lo = _get_connection() > _search(lo) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > pass > else: > fail('Search was successful') >@@ -126,7 +126,7 @@ try: > _start_delyed(delay=11) > try: > _search(lo) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > pass > else: > fail('Search was successful') >diff --git a/test/ucs-test/tests/10_ldap/ldap_extension_utils.py b/test/ucs-test/tests/10_ldap/ldap_extension_utils.py >index 8593bc4156..edb62c8c0e 100644 >--- a/test/ucs-test/tests/10_ldap/ldap_extension_utils.py >+++ b/test/ucs-test/tests/10_ldap/ldap_extension_utils.py >@@ -107,7 +107,7 @@ def __fetch_schema_from_uri(ldap_uri): > while i < attempts: > try: > return ldap.schema.subentry.urlfetch(ldap_uri) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > if i >= (attempts - 1): > raise > time.sleep(1) >diff --git a/test/ucs-test/tests/52_s4connector/402check_mapping_for_single_value_samba4_attributes b/test/ucs-test/tests/52_s4connector/402check_mapping_for_single_value_samba4_attributes >index 3c42ad4d59..905d8a3289 100755 >--- a/test/ucs-test/tests/52_s4connector/402check_mapping_for_single_value_samba4_attributes >+++ b/test/ucs-test/tests/52_s4connector/402check_mapping_for_single_value_samba4_attributes >@@ -86,7 +86,7 @@ def connect(): > s4_ldap_bindpw, > configRegistry['%s/s4/ldap/certificate' % CONFIGBASENAME], > configRegistry['%s/s4/listener/dir' % CONFIGBASENAME]) >- except ldap.SERVER_DOWN: >+ except (ldap.SERVER_DOWN, ldap.TIMEOUT): > print "ERROR: Can't initialize LDAP-Connections." > raise > >diff --git a/test/ucs-test/univention/testing/utils.py b/test/ucs-test/univention/testing/utils.py >index 3611da7859..c5709accec 100644 >--- a/test/ucs-test/univention/testing/utils.py >+++ b/test/ucs-test/univention/testing/utils.py >@@ -130,9 +130,9 @@ def get_ldap_connection(pwdfile=False, start_tls=2, decode_ignorelist=None, admi > if admin_uldap: > lo = access(lo=lo) > return lo >- except ldap.SERVER_DOWN(): >+ except ldap.SERVER_DOWN: > pass >- raise ldap.SERVER_DOWN() >+ raise ldap.SERVER_DOWN > > > def verify_ldap_object(baseDn, expected_attr=None, strict=True, should_exist=True): >diff --git a/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/uvmm_ldap.py b/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/uvmm_ldap.py >index 8a6bc6ceb3..45190cde2e 100644 >--- a/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/uvmm_ldap.py >+++ b/virtualization/univention-virtual-machine-manager-daemon/src/univention/uvmm/uvmm_ldap.py >@@ -39,7 +39,7 @@ except ImportError: > import pickle > import univention.config_registry as ucr > import univention.uldap >-from ldap import LDAPError, SERVER_DOWN >+from ldap import LDAPError, SERVER_DOWN, TIMEOUT > import univention.admin.uldap > import univention.admin.modules > import univention.admin.handlers.uvmm.info as uvmm_info >@@ -171,7 +171,7 @@ def ldap_annotation(uuid): > try: > lo, position = univention.admin.uldap.getMachineConnection(ldap_master=False) > base = "%s,%s" % (LDAP_INFO_RDN, position.getDn()) >- except (SERVER_DOWN, IOError): >+ except (SERVER_DOWN, TIMEOUT, IOError): > raise LdapConnectionError(_('Could not open LDAP-Machine connection')) > co = None > dn = "%s=%s,%s" % (uvmm_info.mapping.mapName('uuid'), uuid, base) >@@ -190,7 +190,7 @@ def ldap_modify(uuid): > try: > lo, position = univention.admin.uldap.getMachineConnection(ldap_master=True) > base = "%s,%s" % (LDAP_INFO_RDN, position.getDn()) >- except (SERVER_DOWN, IOError): >+ except (SERVER_DOWN, TIMEOUT, IOError): > raise LdapConnectionError(_('Could not open LDAP-Admin connection')) > co = None > dn = "%s=%s,%s" % (uvmm_info.mapping.mapName('uuid'), uuid, base)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Actions:
View
|
Diff
Attachments on
bug 47389
: 9603