LDAP server fail over

[Martin Sternevald]

I made some small (local) changes to the LDAPConnection class to support more than one host. I did it kind of brute force and don't really know if there are other consequences which I have neglected. I'll attach the diff agains the current revision.

[Martin Sternevald]

Ok.. for some reason I can't attach the file so here is the changed function instead:

    def _open(self):
        """Open and optionnally bind a new connection to the LDAP directory"""
        errors = []
        hosts = self.host.split(' ')
        for host in hosts:
            try:
                self._ds = ldap.initialize('ldap://%s:%d/' % (host, self.port))
                self._ds.protocol_version = ldap.VERSION3
                if self.bind:
                    if not self.bind_user:
                        raise TracError("Bind enabled but credentials not defined")
                    head = self.bind_user[:self.bind_user.find(',')]
                    if ( head.find('=') == -1 ):
                        self.bind_user = '%s=%s' % (self.uidattr, self.bind_user)
                    self._ds.simple_bind_s(self.bind_user, self.bind_passwd)
                else:
                    self._ds.simple_bind_s()
                return
            except ldap.LDAPError, e:
                self._ds = None
                if self.bind_user:
                    self.log.warn("Unable to open LDAP with user %s" % \
                                  self.bind_user)
                errors = errors + [e[0]['desc'] +', ' + host]
        raise TracError("Unable to open LDAP cnx: %s" % errors)

[Emmanuel Blot]

Replying to bitter:

Ok.. for some reason I can't attach the file so here is the changed function instead:

Maybe the anti-spam filter. Thanks for the patch. I may merge it to the LdapPlugin in a next release.

[Luke Schierer]

This would be very very good. having trac essentially crash just because one of two ldap servers is down is not a good thing.