If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

LDAP connection failure should bubble up as 503 errors

RESOLVED FIXED in 2.1

Status

Webtools
Elmo
P3
normal
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: peterbe, Assigned: peterbe)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

6 years ago
To reproduce, disconnect any VPN, start django and try to log in. You'll get a "** debug: LDAP server is down" on stdout and the user gets a cryptic message as if he typing in his email and password wrong. 

The 503 is defined as:

    503 Service Unavailable
    The server is currently unavailable (because it is overloaded or down for maintenance).[2] Generally, this is a temporary state.
(Assignee)

Comment 1

6 years ago
Created attachment 600533 [details] [diff] [review]
503 errors when ldap can't connect

There's an important implication of this.
Due to the nature of authentication backends in Django, any one authentication backend is not supposed to raise exceptions. It's supposed to return the user or None. What this means is that if our ldap is down, you won't be able to log in as user admin. It won't swallow the LDAP error and carry on with the django/mysql one. 

HOWEVER, the way we have it set up is that we only have 1 authentication backend anyway (i.e. `AUTHENTICATION_BACKENDS = ('lib.auth.backends.MozLdapBackend',)`) so there's no such thing as trying the mysql backend. 

The end result here is that if the connection between us and LDAP is down for some reason, the user won't incorrectly think he typed in the wrong password. And we get "alerted" by Arecibo that there's something we need to work on.
Attachment #600533 - Flags: review?(l10n)
(Assignee)

Updated

6 years ago
Priority: -- → P3

Updated

6 years ago
Attachment #600533 - Flags: review?(l10n) → review+
(Assignee)

Comment 2

6 years ago
Landed https://github.com/mozilla/elmo/commit/01f024047c18160f7a978dffd49239ec88b946f1
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED

Updated

5 years ago
Assignee: nobody → peterbe
Target Milestone: --- → 2.1
You need to log in before you can comment on or make changes to this bug.