search

liam-middlebrook / csh_ldap

Python 3 ORM for CSH LDAP
MIT License
2 stars 9 forks source link

Investigate SERVER_DOWN issue on bullseye #33

Open Mstrodl opened 2 years ago

Mstrodl commented 2 years ago

Something wonky happened between libldap 2.4.47 and 2.4.59 that causes bullseye's libldap 2.4.57 to give us SERVER_DOWN errors when attempting to connect:

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/ldap/ldapobject.py", line 1196, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/local/lib/python3.9/site-packages/ldap/ldapobject.py", line 443, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/usr/local/lib/python3.9/site-packages/ldap/ldapobject.py", line 437, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/usr/local/lib/python3.9/site-packages/ldap/ldapobject.py", line 329, in _ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/usr/local/lib/python3.9/site-packages/ldap/compat.py", line 44, in reraise
    raise exc_value
  File "/usr/local/lib/python3.9/site-packages/ldap/ldapobject.py", line 313, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server", 'errno': 9, 'info': '(unknown error code)'}

This isn't great because we tend not to pin our container images to a particular release. We have a lot of things that have python:3.9.7 instead of python:3.9.7-buster. When these projects get rebuilt by OKD, stuff breaks because it can't talk to LDAP.

WillNilges commented 2 years ago

Can we revert this guy back to a working version of LDAP in the meantime, or should we move all our projects back to buster?

Oh wait, is this a problem with the Debian package?

Mstrodl commented 2 years ago

Can we revert this guy back to a working version of LDAP in the meantime, or should we move all our projects back to buster?

Oh wait, is this a problem with the Debian package?

Bullseye ships libldap with a regression, and it's unlikely to be fixed because that's kinda their whole meme (:sparkles: stability :sparkles:)

It's fixed in newer libldap and older libldap (as in buster) doesn't have the issue

You may have luck with alpine or debian bookworm (unsure if python projects tend to build that or not... I'm not a doctor)