Univention Bugzilla – Bug 47236
[4.3] LDAP connection cache doesn't handle credentials change
Last modified: 2021-11-24 13:13:07 CET
Admin and machine connections are cached in ucsschool/importer/utils/ldap_connection.py. When the machine accounts credentials change, uldap tries to reconnect using the old credentials. Invalidate the connection caches when the password files change.
(In reply to Daniel Tröder from comment #0) > Invalidate the connection caches when the password files change. Or restart gunicorn via password_change.d/ script?
I think I ran into similar problem before. See bug 44621 comment 12 especially commit "ad6c547c8f". In that case it was python-ldap that cached the credentials.
Gunicorn is now restarted when the machine account password changes. Cache refresh inside the running Python instance (to not restart it) is not required, as the process does not perform any critical operation. The import is run within Celery instances. [4.3] f367c66f7 Bug #47236: restart Gunicorn when machine account password changes [4.3] aabe8697f Bug #47236: advisory ucs-school-import (16.0.2-17)
Advisory: OK Changelog: OK Gunicorn restarts when machine password is changed: OK
*** Bug 46908 has been marked as a duplicate of this bug. ***
UCS@school 4.3 v4 has been released. https://docs.software-univention.de/changelog-ucsschool-4.3v4-de.html If this error occurs again, please clone this bug.