730405 - LDAP connection failure should bubble up as 503 errors

Status: RESOLVED FIXED

(Webtools Graveyard :: Elmo, defect, P3)

Description

[Peter Bengtsson [:peterbe]]

To reproduce, disconnect any VPN, start django and try to log in. You'll get a "** debug: LDAP server is down" on stdout and the user gets a cryptic message as if he typing in his email and password wrong. 

The 503 is defined as:

    503 Service Unavailable
    The server is currently unavailable (because it is overloaded or down for maintenance).[2] Generally, this is a temporary state.

Comment 1

[Peter Bengtsson [:peterbe]]

Attachment: 503 errors when ldap can't connect

There's an important implication of this.
Due to the nature of authentication backends in Django, any one authentication backend is not supposed to raise exceptions. It's supposed to return the user or None. What this means is that if our ldap is down, you won't be able to log in as user admin. It won't swallow the LDAP error and carry on with the django/mysql one. 

HOWEVER, the way we have it set up is that we only have 1 authentication backend anyway (i.e. `AUTHENTICATION_BACKENDS = ('lib.auth.backends.MozLdapBackend',)`) so there's no such thing as trying the mysql backend. 

The end result here is that if the connection between us and LDAP is down for some reason, the user won't incorrectly think he typed in the wrong password. And we get "alerted" by Arecibo that there's something we need to work on.

Comment 2

[Peter Bengtsson [:peterbe]]

Landed https://github.com/mozilla/elmo/commit/01f024047c18160f7a978dffd49239ec88b946f1