TIMEOUTs not working

[gumish]

Hello, at first thank you for great package! I am a newbie in Django+LDAP but I have managed to run it in quite short time :)

But I have a question about the case if the LDAP server is not reachable, so it can't be connected.
LDAP_AUTH_URL = ['ldaps://nonsense.com']

Is there a fallback that it will stop trying to connect the server and authenticate you via User model data?

I thought that these settings could help but nothing happened:

LDAP_AUTH_CONNECT_TIMEOUT = 2
LDAP_AUTH_RECEIVE_TIMEOUT = 2

I have also tried to add ModelBackend but also without success:

AUTHENTICATION_BACKENDS = (
    'django_python3_ldap.auth.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',)

Also nothing about unreachable server appears in console (with logging settings from help):

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'console': {
            'class': 'logging.StreamHandler',
        },
    },
    'loggers': {
        'django_python3_ldap': {
            'handlers': ['console'],
            'level': 'INFO',
        },
    },
}

[etianen]

Adding multiple AUTHENTICATION_BACKENDS is the way to make it fall back to the model backend.

However, the model backend requires that the user account has a valid password set.

What makes you think the fallback the model backend is not working?

[gumish]

As you can see I used multiple AUTHENTICATION_BACKENDS.

But if I use a non-existing LDAP_AUTH_URL address like ['ldaps://nonsense.com'], then during login, I only see a rotating spinner in the browser, and nothing happens.

I would expect that because of LDAP_AUTH_CONNECT_TIMEOUT = 2 after 2 seconds it switch to 'django.contrib.auth.backends.ModelBackend' and log me in.

[etianen]

Can I have the logs please? It would be good to know where it's getting stuck. Those settings are passed to the underlying ldap library.

…

On Wed, 20 Sep 2023 at 05:50, gumish ***@***.***> wrote: As you can see I used multiple AUTHENTICATION_BACKENDS. But if I use a non-existing LDAP_AUTH_URL address like ['ldaps:// nonsense.com'], then during login, *I only see a rotating spinner in the browser, and nothing happens.* I would expect that because of LDAP_AUTH_CONNECT_TIMEOUT = 2 after 2 seconds it switch to 'django.contrib.auth.backends.ModelBackend' and log me in. — Reply to this email directly, view it on GitHub <#264 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABEKCHVAQAWYWG4B7EDE2DX3JYHPANCNFSM6AAAAAA33HJAL4> . You are receiving this because you commented.Message ID: ***@***.***>

[gumish]

I am not sure if this will be useful:
DEBUG = True, logging level DEBUG

LDAP_AUTH_URL = ['ldaps://existing_server.com'] - existing running ldap server

D:\03__Web\CONTI\echm2>_virtenv\Scripts\python manage.py runserver 0.0.0.0:8080 
Watching for file changes with StatReloader
Performing system checks...

System check identified no issues (0 silenced).
September 20, 2023 - 11:36:38
Django version 4.1.1, using settings 'echm.settings'
Starting development server at http://0.0.0.0:8080/
Quit the server with CTRL-BREAK.
[20/Sep/2023 11:37:35] "GET /accounts/login/?next=/ HTTP/1.1" 200 9734
[20/Sep/2023 11:37:44] "POST /accounts/login/ HTTP/1.1" 302 0
[20/Sep/2023 11:37:44] "GET / HTTP/1.1" 200 68206

>> successfully logged in

---

LDAP_AUTH_URL changed to ['ldaps://nonsense.com'] - non-existing server

D:\03__Web\CONTI\echm2\echm\settings.py changed, reloading.
Watching for file changes with StatReloader
Performing system checks...

System check identified no issues (0 silenced).
September 20, 2023 - 11:38:12
Django version 4.1.1, using settings 'echm.settings'
Starting development server at http://0.0.0.0:8080/
Quit the server with CTRL-BREAK.
[20/Sep/2023 11:38:16] "GET /accounts/logout/?next=/ HTTP/1.1" 302 0
[20/Sep/2023 11:38:16] "GET / HTTP/1.1" 200 65959
[20/Sep/2023 11:38:18] "GET /accounts/login/?next=/ HTTP/1.1" 200 9734

>> no response, browser is endlessly waiting for it

[etianen]

I think you're going to have to delve into the ldap3 source code to figure out what's going on here. Those settings are being passed to ldap3, and it seems to not be interpreting them as one would expect.

I'm wondering if it's one of:

• if ldap port is wrong ldap3.Connection() hangs forever cannatag/ldap3#1005
• Timeout after trying all servers in a pool cannatag/ldap3#890

[gumish]

Yes, I agree. I have noticed that you only pass setting variables to ldap3. I am not very experienced with github issuing, so I wrote here first if you are sure that this works correctly to you.

[danilogbotelho]

As you can see I used multiple AUTHENTICATION_BACKENDS.

But if I use a non-existing LDAP_AUTH_URL address like ['ldaps://nonsense.com'], then during login, I only see a rotating spinner in the browser, and nothing happens.

I would expect that because of LDAP_AUTH_CONNECT_TIMEOUT = 2 after 2 seconds it switch to 'django.contrib.auth.backends.ModelBackend' and log me in.

Placing ModelBackend first in AUTHENTICATION_BACKENDS allows me to login when my LDAP server is unreachable. If LDAPBackend comes first and the server is unreachable then Django hangs.

[parad0x96]

Same issue here these parameters seems to be ignored

LDAP_AUTH_CONNECT_TIMEOUT = 5
LDAP_AUTH_RECEIVE_TIMEOUT = 5