Hello Quynh,
for a quick fix you can change the LDAPIdResolver.py, if this is OK for
you.
Locate the method “get_serverpool”:
@classmethod
def get_serverpool(cls, urilist, timeout):
"""
This create the serverpool for the ldap3 connection.
The URI from the LDAP resolver can contain a comma separated
:param urilist: The list of LDAP URIs, comma separated
:type urilist: basestring
:param timeout: The connection timeout
:type timeout: float
:return: Server Pool
:rtype: LDAP3 Server Pool Instance
"""
try:
strategy = ldap3.POOLING_STRATEGY_ROUND_ROBIN
except AttributeError:
# This is for ldap3 >= 2.0.7
strategy = ldap3.ROUND_ROBIN
server_pool = ldap3.ServerPool(None, strategy, active=2,
exhaust=30)
for uri in urilist.split(","):
uri = uri.strip()
host, port, ssl = cls.split_uri(uri)
server = ldap3.Server(host, port=port,
use_ssl=ssl,
connect_timeout=float(timeout))
server_pool.add(server)
log.debug("Added {0!s}, {1!s}, {2!s} to server
pool.".format(host, port, ssl))
return server_pool
Not the parameters to the call
ldap3.ServerPool
and set them to active=2 and exhaust=30.
active=2 means, it will try for 2 rounds to reach a server in the
server pool.
Kind regards
CorneliusAm Donnerstag, den 17.11.2016, 01:10 -0800 schrieb Quynh .Nhat:
Also, I only use 1 LDAP server. It is not a pool.
Hi Cornelius,
Following are some settings information for the LDAP connector.
- Timeout: 30s
- Limit: 500
- seach base: OU=x,dc=y,dc=z
The installation is rpm, and we package it ourself.
Pip freeze output:
alembic==0.8.8
bcrypt==3.1.1
beautifulsoup4==4.5.1
cffi==1.9.1
click==6.6
configobj==5.0.6
cryptography==1.5.3
docutils==0.12
ecdsa==0.13
enum34==1.1.6
Flask==0.11.1
Flask-Migrate==2.0.1
Flask-Script==2.0.5
Flask-SQLAlchemy==2.1
funcparserlib==0.3.6
idna==2.1
ipaddress==1.0.17
itsdangerous==0.24
Jinja2==2.8
ldap3==2.1.0
lxml==3.6.4
Mako==1.0.6
MarkupSafe==0.23
netaddr==0.7.18
passlib==1.6.5
Pillow==3.4.2
privacyIDEA==2.16
privacyideaadm==2.15
psycopg2==2.6.2
pyasn1==0.1.9
pycparser==2.17
pycrypto==2.6.1
Pygments==2.1.3
PyGreSQL==5.0.2
PyJWT==1.4.2
PyKCS11==1.3.3
PyMySQL==0.7.9
pyOpenSSL==16.2.0
pyrad==2.0
pysqlite==2.8.3
python-editor==1.0.1
python-gnupg==0.3.9
pyusb==1.0.0
PyYAML==3.12
qrcode==5.3
requests==2.12.0
six==1.10.0
SQLAlchemy==1.1.4
sqlsoup==0.9.1
uWSGI==2.0.14
Werkzeug==0.11.11
I triggered the crash with the ‘Test LDAP Resolver’ button in the
resolver setup page.
Some users have token assigned.
I have waited for like 10 mins, and the server still timeout (504)
(even after the connection to LDAP is restored)
Restarted uwsgi fix the issue (our uwsgi config does not recycle
the worker(s), and we plan to tune this in the future)
–
Please read the blog post about getting help
Getting help – privacyID3A.
For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level
You received this message because you are subscribed to a topic in
the Google Groups “privacyidea” group.
To unsubscribe from this topic, visit https://groups.google.com/d/top
ic/privacyidea/aS_dG1uXpwo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to p
rivacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit https://groups.google.com/d/
msgid/privacyidea/ea6a79d6-b00b-4e5b-ac34-
9588c8e05491%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)