ldappool

History

Nick Wilburn 459000d7aa fix ldappool bad password retry logic This patch fixes a bug in ldappool which causes a bind attempt utilizing a bad password to be retried until the retry limit has been reached. Instead ldappool will now break out of the retry loop if the ldap connection try block catches a ldap.INVALID_PASSWORD exception. Previously ldappool would attempt to catch ldap.LDAPError which is the base exception class for all ldap errors in the python-ldap library. This is an issue because Keystone by default enables ldappool and configures the default retry value to be 3. An LDAP server with a password lockout threshold of 3 bad passwords will lock out a user after a single bad password attempt through Keystone. Change-Id: I2a9b850ce977260d4df1e9edf86417b8042a6fb8 Closes-Bug: #1785898	2018-08-13 17:26:13 -07:00
..
tests	fix ldappool bad password retry logic	2018-08-13 17:26:13 -07:00
__init__.py	fix ldappool bad password retry logic	2018-08-13 17:26:13 -07:00

Nick Wilburn 459000d7aa fix ldappool bad password retry logic

This patch fixes a bug in ldappool which causes a bind attempt
utilizing a bad password to be retried until the retry limit has been
reached. Instead ldappool will now break out of the retry loop if the
ldap connection try block catches a ldap.INVALID_PASSWORD exception.

Previously ldappool would attempt to catch ldap.LDAPError which is
the base exception class for all ldap errors in the python-ldap
library. This is an issue because Keystone by default enables
ldappool and configures the default retry value to be 3. An LDAP
server with a password lockout threshold of 3 bad passwords will
lock out a user after a single bad password attempt through Keystone.

Change-Id: I2a9b850ce977260d4df1e9edf86417b8042a6fb8
Closes-Bug: #1785898

2018-08-13 17:26:13 -07:00

tests

fix ldappool bad password retry logic

2018-08-13 17:26:13 -07:00

__init__.py

fix ldappool bad password retry logic

2018-08-13 17:26:13 -07:00