On 04/23/2015 12:24 PM, Petr Vobornik wrote:
If unbind was called when disconnected it raised:
   AttributeError: 'NoneType' object has no attribute 'unbind_s'

AttributeError is not a public error and therefore it prevented
ldap2.destroy_connection() to be called multiple times.

fixes:
https://fedorahosted.org/freeipa/ticket/4991

Note: this issue also prevented rpcserver.change_password from working.
Therefore I think that there might have been an error in recent ipaldap
refactoring and if #4991 was not run on master then there might have
been other issue, which probably have been fixed by the refactoring.


After discussion with Honza, the approach was changed.

Also I've added patch which removes unnecessary incorrect code which revealed the regression.

Additional testing shows that these patches actually don't fix the original issue of #4991. See https://fedorahosted.org/freeipa/ticket/4991#comment:4
--
Petr Vobornik
From 703db8e0b39737dad3b81dacc887d7be3fc22927 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Thu, 23 Apr 2015 13:10:04 +0200
Subject: [PATCH] rpcserver: remove unnecessary conn.destroy_connection calls

Connectible.disconnect() is called automatically at the end of each request.

Also destroy_connection() should not be called directly. One should use
disconnect() instead.

https://fedorahosted.org/freeipa/ticket/4991
---
 ipaserver/rpcserver.py | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
index 2f771a0d15a68f17498a617bdeb44f89a3a3faee..a24f84cbc714692541f26b506fc757bf1d7f4b67 100644
--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@@ -1075,9 +1075,6 @@ class change_password(Backend, HTTP_Status):
                 result = 'ok'
                 title = "Password change successful"
                 message = "Password was changed."
-            finally:
-                if conn.isconnected():
-                    conn.destroy_connection()
 
         self.info('%s: %s', status, message)
 
@@ -1180,9 +1177,6 @@ class sync_token(Backend, HTTP_Status):
             message = "Could not connect to LDAP server."
             self.error("token_sync: cannot authenticate '%s' to LDAP server: %s",
                        data['user'], str(e))
-        finally:
-            if conn.isconnected():
-                conn.destroy_connection()
 
         # Report status and return.
         response_headers.append(('X-IPA-TokenSync-Result', result))
-- 
2.1.0

From a7c8315cdcfe558c46f11a6790eea13c78e42f8d Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Thu, 23 Apr 2015 12:03:49 +0200
Subject: [PATCH] allow to call ldap2.destroy_connection multiple times

A regression fix.

https://fedorahosted.org/freeipa/ticket/4991
---
 ipapython/ipaldap.py       | 2 +-
 ipaserver/plugins/ldap2.py | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
index 7cda7d67d1174cddbff646fd7133a9b995cb58a2..4565b72d401b10ff09c84aaac214504140b285f6 100644
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@@ -1087,7 +1087,7 @@ class LDAPClient(object):
         """
         with self.error_handler():
             self._flush_schema()
-            self.conn.unbind_s()
+            self._conn.unbind_s()
 
     def make_dn_from_attr(self, attr, value, parent_dn=None):
         """
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 15e07f27bf10fbac6fdbc532bd8a3b3cd65fe374..ad372d2a30eb0420e8a977dc9adf862e32416f94 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -196,8 +196,9 @@ class ldap2(LDAPClient, CrudBackend):
     def destroy_connection(self):
         """Disconnect from LDAP server."""
         try:
-            self.unbind()
-            LDAPClient._disconnect(self)
+            if self._conn is not None:
+                self.unbind()
+                LDAPClient._disconnect(self)
         except errors.PublicError:
             # ignore when trying to unbind multiple times
             pass
-- 
2.1.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to