Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

twisted hangs when provding wrong host name #10

Open
cornelinux opened this issue Feb 12, 2017 · 9 comments
Open

twisted hangs when provding wrong host name #10

cornelinux opened this issue Feb 12, 2017 · 9 comments
Labels
prio:medium

Comments

@cornelinux
Copy link
Member

cornelinux commented Feb 12, 2017
edited
Loading

In config.ini setting in section [ldap-backend] the host = "ldap://1.2.3.4".
twisted runs into this error:

2017-02-12T08:39:37+0100 [pi_ldapproxy.proxy.ProxyServerFactory] Unhandled Error
	Traceback (most recent call last):
	  File "/home/cornelius/src/privacyidea-ldap-proxy/venv/local/lib/python2.7/site-packages/twisted/python/log.py", line 86, in callWithContext
	    return context.call({ILogContext: newCtx}, func, *args, **kw)
	  File "/home/cornelius/src/privacyidea-ldap-proxy/venv/local/lib/python2.7/site-packages/twisted/python/context.py", line 118, in callWithContext
	    return self.currentContext().callWithContext(ctx, func, *args, **kw)
	  File "/home/cornelius/src/privacyidea-ldap-proxy/venv/local/lib/python2.7/site-packages/twisted/python/context.py", line 81, in callWithContext
	    return func(*args,**kw)
	  File "/home/cornelius/src/privacyidea-ldap-proxy/venv/local/lib/python2.7/site-packages/twisted/internet/posixbase.py", line 597, in _doReadOrWrite
	    why = selectable.doRead()
	---  ---
	  File "/home/cornelius/src/privacyidea-ldap-proxy/venv/local/lib/python2.7/site-packages/twisted/internet/tcp.py", line 1073, in doRead
	    protocol.makeConnection(transport)
	  File "/home/cornelius/src/privacyidea-ldap-proxy/venv/local/lib/python2.7/site-packages/twisted/internet/protocol.py", line 494, in makeConnection
	    self.connectionMade()
	  File "/home/cornelius/src/privacyidea-ldap-proxy/venv/local/lib/python2.7/site-packages/ldaptor/protocols/ldap/proxybase.py", line 40, in connectionMade
	    d = self.clientConnector()
	  File "/home/cornelius/src/privacyidea-ldap-proxy/venv/local/lib/python2.7/site-packages/ldaptor/protocols/ldap/ldapconnector.py", line 22, in connectToLDAPEndpoint
	    e = clientFromString(reactor, endpointStr)
	  File "/home/cornelius/src/privacyidea-ldap-proxy/venv/local/lib/python2.7/site-packages/twisted/internet/endpoints.py", line 1856, in clientFromString
	    kwargs = _clientParsers[name](*args, **kwargs)
	  File "/home/cornelius/src/privacyidea-ldap-proxy/venv/local/lib/python2.7/site-packages/twisted/internet/endpoints.py", line 1579, in _parseClientTCP
	    kwargs['port'] = int(args[0])
	exceptions.ValueError: invalid literal for int() with base 10: '//10.0.1.161'

Also see #3.

The other problem is, that twisted hangs and will not repsond to any other request!
@fredreichbier
Copy link
Contributor

Right, we should definitely handle this case better.

Similarly, if the syntax of the host value is correct, but the given server is unavailable, we only notice when we issue the first bind request: Then, the LDAP proxy tries to connect to the LDAP backend, but the connection only times out after 30 seconds (well, it seems like 30 seconds).

Maybe we should do a "test connection" to the LDAP backend on startup (with the possibility to opt out?) to notice this kind of errors as early as possible?

@cornelinux
Copy link
Member Author

Sounds good to me.

Are there any implementations in regards to round robin?
We should be able to decrease the 30 secs timeout. Hm, 30 secs. Could this be a system timeout? If so, imho it would be enough to note in the readme how to reduce the timeout.

fredreichbier pushed a commit that referenced this issue Feb 16, 2017
Use Twisted endpoint strings to specify the LDAP backend.
d0624f6 
Using the new syntax, we can now even specify a connection
establishment timeout (see #10).
@fredreichbier
Copy link
Contributor

fredreichbier commented Feb 16, 2017
edited
Loading

As of d0624f6, we can now specify a connection establishment timeout in the config file.

By round robin, do you mean the possibility of specifying LDAP backend servers and connecting to them in a round-robin fashion? I'm not sure if Twisted provides something like that out of the box, but I can do some research. :-)

@cornelinux
Copy link
Member Author

I know this from the ldap3 python module. You can have a server pool.
When it tries to connect to the server pool it tries the first server. It the server does not respond in timeout, then the server is removed from the pool for a certain time and the next server is requested.

@fredreichbier
Copy link
Contributor

I did some research and did not find anything that we could use -- but we could always build a simple server pool ourselves. I've opened #11 for that.

@fredreichbier
Copy link
Contributor

7f017ad adds the feature of testing the connection to the LDAP backend on startup -- it just performs an anonymous bind followed by an unbind.
Right now, it just prints a message to the log (on success and in the case of an error), but doesn't exit the daemon.

@fredreichbier
Copy link
Contributor

b45fca5 uses the service account to test the connection.

@cornelinux
Copy link
Member Author

Can we close this?
Or does it still hang - we only get a reasonable error message?

@fredreichbier
Copy link
Contributor

I just noticed: In case the proxy cannot reach the LDAP backend (e.g. wrong IP), it prints a message to the log only after a 30 second timeout.
Maybe we should just sys.exit(1) in case the LDAP backend cannot be reached (which could take 30 seconds, however)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
prio:medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fredreichbier @cornelinux