headers
Gerardo Herzig | 29 Aug 17:47

[OT] dealing with network connection (looking for weird ldap situations)

Hi dudes. I have a python/cgi app who interacts with an ldap server. The
thing is, sometimes ldap server allows the cgi to make some changes,
some times it does not. Same app, same user, same change...

This is a succesfull MOD trough this cgi:

Aug 29 12:44:09 db slapd[4328]: conn=291 fd=21 ACCEPT from
IP=xx.xx.xx.xx:48165 (IP=0.0.0.0:389)
Aug 29 12:44:09 db slapd[4328]: conn=291 op=0 BIND
dn="cn=Manager,dc=xx.xx.xxx" method=128
Aug 29 12:44:09 db slapd[4328]: conn=291 op=0 BIND
dn="cn=Manager,dc=xx.xx.xxx" mech=SIMPLE ssf=0
Aug 29 12:44:09 db slapd[4328]: conn=291 op=0 RESULT tag=97 err=0 text=
Aug 29 12:44:09 db slapd[4328]: conn=291 op=1 MOD dn="cn=111,ou=xx.xxx."
Aug 29 12:44:09 db slapd[4328]: conn=291 op=1 MOD attr=userPassword
Aug 29 12:44:09 db slapd[4328]: conn=291 op=2 UNBIND
Aug 29 12:44:09 db slapd[4328]: conn=291 op=1 RESULT tag=103 err=0 text=
Aug 29 12:44:09 db slapd[4328]: conn=291 fd=21 closed

Seconds later, try again....
Aug 29 12:46:30 db slapd[4328]: conn=297 fd=22 ACCEPT from
IP=xx.xx.xx(IP=0.0.0.0:389)
Aug 29 12:46:30 db slapd[4328]: conn=297 op=0 BIND
dn="cn=Manager,xx.xx.xx" method=128
Aug 29 12:46:30 db slapd[4328]: connection_input: conn=297 deferring
operation: binding
Aug 29 12:46:30 db slapd[4328]: conn=297 op=2 UNBIND
Aug 29 12:46:30 db slapd[4328]: conn=297 op=0 BIND
dn="cn=Manager,dc=xx.xxx-xx" mech=SIMPLE ssf=0
Aug 29 12:46:30 db slapd[4328]: conn=297 op=0 RESULT tag=97 err=0 text=
(Continue reading)

Permalink | Reply |
headers
Michael Ströder | 29 Aug 18:04

Re: [OT] dealing with network connection (looking for weird ldap situations)

Gerardo Herzig wrote:
> Hi dudes. I have a python/cgi app who interacts with an ldap server. The
> thing is, sometimes ldap server allows the cgi to make some changes,
> some times it does not. Same app, same user, same change...

Assuming you're using python-ldap you can let it write debug 
information. See argument trace_level etc. for function ldap.initialize().

http://python-ldap.sourceforge.net/doc/html/ldap.html#ldap.initialize

Additionally you can also turn on debug log of the underlying OpenLDAP 
client libs:

ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
                                      ^^^
(whatever log level you want)

Ciao, Michael.
Permalink | Reply |
headers
gherzig | 29 Aug 21:13

Re: [OT] dealing with network connection (looking for weird ldap situations)

> Gerardo Herzig wrote:
>> Hi dudes. I have a python/cgi app who interacts with an ldap server. The
>> thing is, sometimes ldap server allows the cgi to make some changes,
>> some times it does not. Same app, same user, same change...
>
> Assuming you're using python-ldap you can let it write debug
> information. See argument trace_level etc. for function ldap.initialize().
>
> http://python-ldap.sourceforge.net/doc/html/ldap.html#ldap.initialize
>
> Additionally you can also turn on debug log of the underlying OpenLDAP
> client libs:
>
> ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
>                                       ^^^

Mmm yeah, thats a wise starting point. I will give it a try on Monday.
Thanks!

Gerardo
Permalink | Reply |
headers
Hallvard B Furuseth | 29 Aug 18:19
Favicon

Re: [OT] dealing with network connection (looking for weird ldap situations)

Gerardo Herzig writes:
> Hi dudes. I have a python/cgi app who interacts with an ldap
> server. The thing is, sometimes ldap server allows the cgi to make
> some changes, some times it does not. Same app, same user, same
> change...

You are not waiting for results from previous operations before sending
the next.

With some exceptions, the LDAP server can process incoming operations
in any order.  Unbind (and for that matter Bind) may discard outstanding
operations.  Which is what happens when the server is busy and defers
the Bind, and then sees your Unbind.

The LDAP standard (RFC 4511) does in any case require that you wait for
the result from Bind before sending other operations.  But you are not
reqired to wait for other operation results before sending the next,
except you must wait before and after StartTLS.

--

-- 
Hallvard
Permalink | Reply |
headers
Michael Ströder | 29 Aug 18:42

Re: [OT] dealing with network connection (looking for weird ldap situations)

Hallvard B Furuseth wrote:
> Gerardo Herzig writes:
>> Hi dudes. I have a python/cgi app who interacts with an ldap
>> server. The thing is, sometimes ldap server allows the cgi to make
>> some changes, some times it does not. Same app, same user, same
>> change...
> 
> You are not waiting for results from previous operations before sending
> the next.

This could be caused by errornous use of python-ldap's asynchronous 
methods instead of the synchronous methods (e.g LDAPObject.search() 
instead of LDAPObject.search_s() etc.).

Ciao, Michael.
Permalink | Reply |

Gmane