Univention Bugzilla – Bug 32617
Switch to ReconnectLDAPObject
Last modified: 2019-02-20 17:59:16 CET
We should switch to ReconnectLDAPObject which does automatic reconnects. This should be done in uldap.py. The directory manager modules code should be checked as well. http://www.python-ldap.org/doc/html/ldap.html#ldapobject-classes
We should check the implementation for 3.2.
The call l = ldap.initialize(uri) is equal to the call l = ldap.ldapobject.SimpleLDAPObject(uri, trace_strack_limit=None) . The call l = ldap.ldapobject.SimpleLDAPObject(uri, trace_strack_limit=None) can be replaced by the call l = ldap.ldapobject.ReconnectLDAPObject(uri, trace_strack_limit=None) because both versions raise the same ldap.SERVER_DOWN execptions but RLO can reestablish a connection when SLO cannot. Only difference observed is that the timeout is doubled when connecting to unavailable servers (probably trying RLO is trying to "reconnect" at least once after the failed initial connection where SLO would fail)
The following packages now use ReconnectLDAPObject: univention-python (7.0.3-1) univention-directory-manager-modules (9.0.51-1) Changelog updated.
When given no credentials RLO fails to reconnect because the bind "succeeds" without contacting the server. UDM getBaseDN does not use credentials, thus triggering the bug.
Manual reconnect (once, after 60s -- just like RLO) added. univention-directory-manager-modules (9.0.69-1)
(In reply to Janek Walkenhorst from comment #4) > When given no credentials RLO fails to reconnect because the bind "succeeds" > without contacting the server. python-ldap 2.4.13 fixes this problem: http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/CHANGES?content-type=text%2Fplain&revision=HEAD
OK: ChangeLog OK: r44907,r45459 OK: python-univention 7.0.3-1.133.201310081753 OK: python-univention-directory-manager 9.0.72-3.1143.201310281935 OK: /etc/init.d/slapd stop ; udm "computers/$(ucr get server/role)" list & /etc/init.d/slapd.start OK: /etc/init.d/slapd stop ; python -c 'from univention.admin.uldap import getBaseDN;print getBaseDN()' & /etc/init.d/slapd.start FYI: Not worse then previously: /etc/init.d/slapd stop ; python -c 'from univention.admin.uldap import getMachineConnection;print getMachineConnection()' & sleep 2 ; /etc/init.d/slapd start Stopping ldap server(s): slapd ...done. Traceback (most recent call last): File "<string>", line 1, in <module> File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 75, in getMachineConnection lo=univention.uldap.getMachineConnection(start_tls, decode_ignorelist=decode_ignorelist, ldap_master=ldap_master) File "/usr/lib/pymodules/python2.6/univention/uldap.py", line 103, in getMachineConnection lo=access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist) File "/usr/lib/pymodules/python2.6/univention/uldap.py", line 169, in __init__ self.__open(ca_certfile) File "/usr/lib/pymodules/python2.6/univention/uldap.py", line 203, in __open self.lo.start_tls_s() File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 784, in start_tls_s res = SimpleLDAPObject.start_tls_s(self) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 526, in start_tls_s return self._ldap_call(self._l.start_tls_s) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs) ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}
UCS 3.2 has been released: http://docs.univention.de/release-notes-3.2-en.html http://docs.univention.de/release-notes-3.2-de.html If this error occurs again, please use "Clone This Bug".