Ldap server down error in logs

Bug #1172164 reported by Jose Castro Leon on 2013-04-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
Jose Castro Leon

Bug Description

We are experiencing some errors in authentication and looking into the logs we discover ldap server down messages from time to time in the keystone log.

DEBUG Trace in keystone.log

2013-04-09 06:44:03 ERROR [root]
{'desc': "Can't contact LDAP server"}
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 204, in _call_
File "/usr/lib/python2.6/site-packages/keystone/service.py", line 317, in authenticate
File "/usr/lib/python2.6/site-packages/keystone/common/manager.py", line 47, in _wrapper
File "/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py", line 99, in authenticate
File "/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py", line 175, in get_tenants_for_user
File "/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py", line 137, in get_user
File "/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py", line 132, in _get_user
File "/usr/lib/python2.6/site-packages/keystone/identity/backends/ldap/core.py", line 374, in get
File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 245, in get
File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 208, in _ldap_get
File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 134, in get_connection
File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 354, in simple_bind_s
File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 206, in simple_bind_s
File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 200, in simple_bind
File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 96, in _ldap_call
SERVER_DOWN:
{'desc': "Can't contact LDAP server"}

Having a look into the code, we observed that all ldap operations proceed in this way:
1) Open a connection
2) Binds with the username and password
3) Does the operation (search, add, ... )

It leaves to the garbage collector the procedure of freeing the resources. In the python-ldap documentation it is recommended that if you don't use the ldap connection anymore you should free the resources with an unbind.

Changed in keystone:
assignee: nobody → Jose Castro Leon (jose-castro-leon)

Fix proposed to branch: master
Review: https://review.openstack.org/29493

Changed in keystone:
status: New → In Progress
Dolph Mathews (dolph) on 2013-06-10
Changed in keystone:
importance: Undecided → Medium
Dolph Mathews (dolph) wrote :

Unassigning due to inactivity.

Changed in keystone:
assignee: Jose Castro Leon (jose-castro-leon) → nobody
status: In Progress → Triaged
Changed in keystone:
assignee: nobody → Jose Castro Leon (jose-castro-leon)

Fix proposed to branch: master
Review: https://review.openstack.org/45650

Changed in keystone:
status: Triaged → In Progress
Dolph Mathews (dolph) on 2013-09-09
Changed in keystone:
milestone: none → havana-rc1

Reviewed: https://review.openstack.org/45650
Committed: http://github.com/openstack/keystone/commit/eedf32113f88492a295fafb8da06996b48e304e1
Submitter: Jenkins
Branch: master

commit eedf32113f88492a295fafb8da06996b48e304e1
Author: Jose Castro Leon <email address hidden>
Date: Mon Sep 9 10:55:24 2013 +0200

    Close each LDAP connection after it is used,
    following python-ldap docs

    Fixes bug 1172164

    Change-Id: If20e3c1cf3deac5ce4217ce0324f8c91c2e30f92

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-10-02
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-17
Changed in keystone:
milestone: havana-rc1 → 2013.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers