Closed djay closed 11 years ago
I can confirm this. The control panel has both a connection timeout and an operation timeout. I have set both, to 5 and 10 respectively, and defined and enabled an ldap server on localhost. This was an ssh tunnel that connected localhost port 389 (as root) with port 389 of a client ldap server. I loaded a page so the connection was created. Then I quit the ssh tunnel. After that, zope did not answer any requests that I tried and I had to restart the zope instance.
The problem is likely somewhere lower in the stack, maybe in Products.LDAPUserFolder. I had a quick look, but could not immediately discover what could be wrong.
I looked at the code for LDAPUserFolder. OPT_NETWORK_TIMEOUT is set but OPT_TIMEOUT isn't.
I put a comment in here
https://bugs.launchpad.net/ldapuserfolder/+bug/650371
but I don't think it reopened that ticket.
On 02/07/2013, at 10:33 PM, Maurits van Rees notifications@github.com wrote:
I can confirm this. The control panel has both a connection timeout and an operation timeout. I have set both, to 5 and 10 respectively, and defined and enabled an ldap server on localhost. This was an ssh tunnel that connected localhost port 389 (as root) with port 389 of a client ldap server. I loaded a page so the connection was created. Then I quit the ssh tunnel. After that, zope did not answer any requests that I tried and I had to restart the zope instance.
The problem is likely somewhere lower in the stack, maybe in Products.LDAPUserFolder. I had a quick look, but could not immediately discover what could be wrong.
— Reply to this email directly or view it on GitHub.
Ha, I was using python-ldap 2.4.10. Updating to 2.4.13 (released last week) solves it. Tested on Plone 4.2.4.
See the python-ldap changelog.
At first, I tried modifying the _connect
method of LDAPDelegate.py
to explicitly set OPT_TIMOUT
, but it had no effect with the old python-ldap:
# Set the operations timeout
if op_timeout > 0:
connection.timeout = op_timeout
# The next line is new:
connection.set_option(ldap.OPT_TIMEOUT, op_timeout)
With the newer python-ldap this made no difference either, at least not for this issue.
nice
Note my later comment in the LDAPUserFolder issue tracker though. python-ldap 2.4.13 seems to help a bit, but not enough.
Went to pyconau on the weekend and saw a presentation about this https://pypi.python.org/pypi/interruptingcow. If we can't get python-ldap fixed in the near future, what do you think about using that to enforce the timeout?
Can be an interesting option. There is not really any code in plone.app.ldap where that could be used though. That would be more at the level of LDAPUserFolder.
Hi guys, I'm the one who wrote the patch that partially solved your problem in python-ldap 2.4.13. I have another patch that should hopefully solve completely your problem. Have a look at http://mail.python.org/pipermail/python-ldap/2013q3/003265.html.
I was just testing your patch now. So far seems to work great. Thanks so much for that.
On Plone 4.1 I'm getting zope instances hanging indefinatly during certain network conditions (a ssh tunnel restarts intermittently for example). I think it could be related to which timeouts are specified e.g. http://stackoverflow.com/questions/6679910/python-ldap-simple-bind-s-timeout