459000d7aa
This patch fixes a bug in ldappool which causes a bind attempt utilizing a bad password to be retried until the retry limit has been reached. Instead ldappool will now break out of the retry loop if the ldap connection try block catches a ldap.INVALID_PASSWORD exception. Previously ldappool would attempt to catch ldap.LDAPError which is the base exception class for all ldap errors in the python-ldap library. This is an issue because Keystone by default enables ldappool and configures the default retry value to be 3. An LDAP server with a password lockout threshold of 3 bad passwords will lock out a user after a single bad password attempt through Keystone. Change-Id: I2a9b850ce977260d4df1e9edf86417b8042a6fb8 Closes-Bug: #1785898 |
||
---|---|---|
.. | ||
tests | ||
__init__.py |