Ldap proxy Connection lost

trebra · May 15, 2020, 9:17am

Dear all,
we configured two ldap proxies on a Ubuntu 18.04.4 LTS. It is a test enviroment. After start of the application and the ldap proxies everything works fine but after a couple of minutes the proxy lost the connection to his backend.

Start of proxy:

2020-05-15T09:51:09+0200 [-] ProxyServerFactory starting on 1389

Lost of connection:

2020-05-15T10:56:40+0200 [pi_ldapproxy.proxy#info] BindRequest for 'wasldap', passing through ...

2020-05-15T10:56:40+0200 [twisted.internet.defer#critical] Unhandled error in Deferred:
2020-05-15T10:56:40+0200 [twisted.internet.defer#critical]
        Traceback (most recent call last):
          File "/opt/ldapproxy/buildenv/lib/python2.7/site-packages/twisted/internet/defer.py", line 651, in _runCallbacks
            current.result = callback(current.result, *args, **kw)
          File "/opt/ldapproxy/buildenv/lib/python2.7/site-packages/ldaptor/protocols/ldap/proxybase.py", line 132, in _forwardRequestToProxiedServer
            d.addCallback(forwardit, reply)
          File "/opt/ldapproxy/buildenv/lib/python2.7/site-packages/twisted/internet/defer.py", line 319, in addCallback
            callbackKeywords=kw)
          File "/opt/ldapproxy/buildenv/lib/python2.7/site-packages/twisted/internet/defer.py", line 308, in addCallbacks
            self._runCallbacks()
        --- <exception caught here> ---
          File "/opt/ldapproxy/buildenv/lib/python2.7/site-packages/twisted/internet/defer.py", line 651, in _runCallbacks
            current.result = callback(current.result, *args, **kw)
          File "/opt/ldapproxy/buildenv/lib/python2.7/site-packages/ldaptor/protocols/ldap/proxybase.py", line 126, in forwardit
            dseq)
          File "/opt/ldapproxy/buildenv/lib/python2.7/site-packages/ldaptor/protocols/ldap/ldapclient.py", line 129, in send_multiResponse
            msg = self._send(op)
          File "/opt/ldapproxy/buildenv/lib/python2.7/site-packages/ldaptor/protocols/ldap/ldapclient.py", line 77, in _send
            raise LDAPClientConnectionLostException()
        ldaptor.protocols.ldap.ldapclient.LDAPClientConnectionLostException: Connection lost

2020-05-15T10:57:00+0200 [pi_ldapproxy.proxy#info] 'LDAPAbandonRequest' received, rejecting.

You see the request and after 20sec the application reach her timeout and gives up.
After restart of the proxy every work fine again.
As further info: between proxy and backend is a firewall.

I hope someone can help.
Regards Jörg

laclaro · May 18, 2020, 11:54am

Hi @trebra,

if you suspect the firewall to cause this problem: did you check the firewall log? Did you try to place all components in some subnet without firewall in-between?

Best regards,

Henning Hollermann

trebra · June 8, 2020, 6:51am

Hi @laclaro,
sorry for late answer. I was in vacation.
I put all components in the same subnet but the error occurs furthermore.
Regards Jörg

laclaro · June 9, 2020, 9:15am

No problem. You may check the logs on the the LDAP side why the connection is lost.

trebra · June 9, 2020, 9:26am

During my vacation something must happen. At this time I can’t authenticate with this proxy any user.
Find in my ldap-proxy logs:
2020-06-09T11:22:15+0200 [pi_ldapproxy.proxy#info] Using user mapping strategy: <class ‘pi_ldapproxy.usermapping.LookupMappingStrategy’>
2020-06-09T11:22:15+0200 [pi_ldapproxy.proxy#info] Using realm mapping strategy: <class ‘pi_ldapproxy.realmmapping.StaticMappingStrategy’>
2020-06-09T11:22:15+0200 [twisted.internet.endpoints.OneShotFactory#info] Starting factory <twisted.internet.endpoints.OneShotFactory instance at 0x7f66bb0b6c30>
2020-06-09T11:22:15+0200 [twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 16.6.0 (/opt/ldapproxy/buildenv/bin/python 2.7.17) starting up.
2020-06-09T11:22:15+0200 [twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor.
2020-06-09T11:22:15+0200 [-] ProxyServerFactory starting on 2389
2020-06-09T11:22:15+0200 [pi_ldapproxy.proxy.ProxyServerFactory#info] Starting factory <pi_ldapproxy.proxy.ProxyServerFactory instance at 0x7f66bb0b6960>
2020-06-09T11:22:15+0200 [-] set uid/gid 28500/28500
2020-06-09T11:22:15+0200 [pi_ldapproxy.proxy#info] Successfully tested the connection to the LDAP backend using the service account
2020-06-09T11:22:15+0200 [twisted.internet.endpoints.OneShotFactory#info] Stopping factory <twisted.internet.endpoints.OneShotFactory instance at 0x7f66bb0b6c30>
2020-06-09T11:23:22+0200 [twisted.internet.endpoints.OneShotFactory#info] Starting factory <twisted.internet.endpoints.OneShotFactory instance at 0x7f66bb0c38c0>
2020-06-09T11:23:22+0200 [pi_ldapproxy.proxy#info] BindRequest for ‘cn=dominoldap,ou=technische-benutzer,ou=benutzer,dc=ppi,dc=int’, passing through …
2020-06-09T11:23:22+0200 [pi_ldapproxy.proxy#info] Reusing LDAP connection, resetting state …
2020-06-09T11:23:22+0200 [pi_ldapproxy.proxy#info] BindRequest for ‘CN=ja,OU=KI,OU=Benutzer,DC=PPI,DC=INT’ received …
2020-06-09T11:23:22+0200 [twisted.internet.endpoints.OneShotFactory#info] Starting factory <twisted.internet.endpoints.OneShotFactory instance at 0x7f66bb0e6730>
2020-06-09T11:23:22+0200 [pi_ldapproxy.proxy#info] Resolved ‘CN=ja,OU=KI,OU=Benutzer,DC=PPI,DC=INT’ to ‘ja’@’’ (’’)
2020-06-09T11:23:22+0200 [twisted.web.client._HTTP11ClientFactory#info] Starting factory <twisted.web.client._HTTP11ClientFactory instance at 0x7f66bb0e6500>
2020-06-09T11:23:22+0200 [twisted.internet.endpoints.OneShotFactory#info] Stopping factory <twisted.internet.endpoints.OneShotFactory instance at 0x7f66bb0e6730>
2020-06-09T11:23:22+0200 [pi_ldapproxy.proxy#info] Sending BindResponse “invalid credentials”: Failed to authenticate. Wrong HTTP response (400)
2020-06-09T11:23:22+0200 [twisted.web.client._HTTP11ClientFactory#info] Stopping factory <twisted.web.client._HTTP11ClientFactory instance at 0x7f66bb0e6500>
2020-06-09T11:23:22+0200 [twisted.internet.endpoints.OneShotFactory#info] Stopping factory <twisted.internet.endpoints.OneShotFactory instance at 0x7f66bb0c38c0>