[python-ldap] ldap.initialize() URLs must only contain scheme and hostport components: Commas break inside OpenLDAP
Michael Ströder
michael at stroeder.com
Wed Aug 16 06:39:56 EDT 2017
Karl Kornel wrote:
> On Wednesday, August 16, 2017 at 1:28 AM, Michael Ströder said:
>> Hmm, maybe we should just repeat the wording from ldap_initialize(3):
>>
>> "The uri parameter may be a comma- or whitespace-separated list of URIs containing
>> only the schema, the host, and the port fields."
>
> I think that would be fine, with one note: For ReconnectLDAPObject, I think it should
> note what the behavior is when you initialize it with multiple URLs. For example,
> would it only try to reconnect to the initial URL that is used, or would it re-try all
> URLs?
It simply passes the very same uri value to C wrapper method _ldap.initialize() no matter
whether it contains multiple URIs or not.
Generally I try to avoid (Reconnect)LDAPObject to be too smart. Therefore I don't
recommend passing mutiple comma-/space-separated URIs to ldap.initialize() or
ReconnectLDAPObject.__init__() without careful consideration. Because with such an
implicit fail-over under the hood you could run into subtle read-after-write issues when
accessing multiple writeable replicas (multi-master replication).
Recommendations:
1. You can safely use ReconnectLDAPObject with multiple uri values if your application
always reads and accepts replication latency (no strictly fresh LDAP data).
2. You should use ReconnectLDAPObject only accessing a single replica for robust write
access. Do the fail-over in the calling application if needed/possible so you can reset
your process to a well-defined entry point for avoiding read-after-write issues.
>> LDAPUrl.initializeUrl() to ldap.initialize().
>
> Ah, I was not aware of that method! I don't see it mentioned anywhere in the online
> ldapurl module documentation, so I didn't know it was there.
Yes, unfortuately the docs are note complete. :-(
More doc patches would be highly appreciated.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20170816/d5e85dd0/attachment.bin>
More information about the python-ldap
mailing list