Module: check_mk
Branch: master
Commit: 396ee8524aa590c426ba5e9615ec8f44b6cbb657
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=396ee8524aa590…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Aug 23 09:39:54 2013 +0200
ldap: Trying to handle unstable ldap connections a bit better
---
web/plugins/userdb/ldap.py | 69 +++++++++++++++++++++++++++-----------------
1 file changed, 42 insertions(+), 27 deletions(-)
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 1e8d2c4..d58d873 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -304,37 +304,52 @@ def ldap_search(base, filt = '(objectclass=*)', columns = [], scope = None):
ldap_log('LDAP_SEARCH "%s" "%s" "%s" "%r"' % (base, scope, filt, columns))
start_time = time.time()
- result = []
- try:
-
- search_func = config.ldap_connection.get('page_size') \
- and ldap_paged_async_search or ldap_async_search
- for dn, obj in search_func(base, scope, filt, columns):
- if dn is None:
- continue # skip unwanted answers
- new_obj = {}
- for key, val in obj.iteritems():
- # Convert all keys to lower case!
- new_obj[key.lower().decode('utf-8')] = [ i.decode('utf-8') for i in val ]
- result.append((dn, new_obj))
- except ldap.NO_SUCH_OBJECT, e:
- raise MKLDAPException(_('The given base object "%s" does not exist in LDAP (%s))') % (base, e))
-
- except ldap.FILTER_ERROR, e:
- raise MKLDAPException(_('The given ldap filter "%s" is invalid (%s)') % (filt, e))
-
- except ldap.SIZELIMIT_EXCEEDED:
- raise MKLDAPException(_('The response reached a size limit. This could be due to '
- 'a sizelimit configuration on the LDAP server.<br />Throwing away the '
- 'incomplete results. You should change the scope of operation '
- 'within the ldap or adapt the limit settings of the LDAP server.'))
+ # In some environments, the connection to the LDAP server does not seem to
+ # be as stable as it is needed. So we try to repeat the query for three times.
+ tries_left = 3
+ success = False
+ while not success:
+ tries_left -= 1
+ try:
+ result = []
+ try:
+ search_func = config.ldap_connection.get('page_size') \
+ and ldap_paged_async_search or ldap_async_search
+ for dn, obj in search_func(base, scope, filt, columns):
+ if dn is None:
+ continue # skip unwanted answers
+ new_obj = {}
+ for key, val in obj.iteritems():
+ # Convert all keys to lower case!
+ new_obj[key.lower().decode('utf-8')] = [ i.decode('utf-8') for i in val ]
+ result.append((dn, new_obj))
+ success = True
+ except ldap.NO_SUCH_OBJECT, e:
+ raise MKLDAPException(_('The given base object "%s" does not exist in LDAP (%s))') % (base, e))
+
+ except ldap.FILTER_ERROR, e:
+ raise MKLDAPException(_('The given ldap filter "%s" is invalid (%s)') % (filt, e))
+
+ except ldap.SIZELIMIT_EXCEEDED:
+ raise MKLDAPException(_('The response reached a size limit. This could be due to '
+ 'a sizelimit configuration on the LDAP server.<br />Throwing away the '
+ 'incomplete results. You should change the scope of operation '
+ 'within the ldap or adapt the limit settings of the LDAP server.'))
+ except ldap.SERVER_DOWN:
+ if tries_left:
+ ldap_log(' Received SERVER_DOWN. Retrying...')
+ time.sleep(0.5)
+ else:
+ break
duration = time.time() - start_time
+
+ if not success:
+ raise MKLDAPException(_('Unable to successfully perform the LDAP search. '
+ 'Maybe there is a connection problem with the LDAP server.'))
+
ldap_log(' RESULT length: %d, duration: %0.3f' % (len(result), duration))
return result
- #return ldap_connection.search_s(base, scope, filter, columns)
- #for dn, obj in ldap_connection.search_s(base, scope, filter, columns):
- # html.log(repr(dn) + ' ' + repr(obj))
# Returns the ldap filter depending on the configured ldap directory type
def ldap_filter(key, handle_config = True):
Module: check_mk
Branch: master
Commit: d1ee0c77ba560cbded40684288056b40ff09d440
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d1ee0c77ba560c…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Aug 23 09:25:36 2013 +0200
Reduced number of ldap queries during sync; Improved connection logging a bit
---
web/plugins/userdb/ldap.py | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 5c41652..1e8d2c4 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -153,7 +153,10 @@ def ldap_connect(enforce_new = False, enforce_server = None):
and not "no_persistent" in config.ldap_connection \
and ldap_connection \
and config.ldap_connection == ldap_connection_options:
+ ldap_log('LDAP CONNECT - Using existing connecting')
return # Use existing connections (if connection settings have not changed)
+ else:
+ ldap_log('LDAP CONNECT - Connecting...')
ldap_test_module()
@@ -455,6 +458,7 @@ def ldap_get_users(add_filter = ''):
if config.ldap_userspec.get('lower_user_ids', False):
user_id = user_id.lower()
+ ldap_user['dn'] = dn # also add the DN
result[user_id] = ldap_user
return result
@@ -475,10 +479,15 @@ def ldap_get_groups(add_filt = None):
filt = '(&%s%s)' % (filt, add_filt)
return ldap_search(ldap_replace_macros(config.ldap_groupspec['dn']), filt, ['cn'])
-def ldap_user_groups(username, attr = 'cn'):
- # The given username might be wrong case. The ldap search is case insensitive,
- # so the username read from ldap might differ. Fix it here.
- user_dn, username = ldap_get_user(username, True)
+def ldap_user_groups(username, user_dn, attr = 'cn'):
+ # When configured to convert user_ids to lower case, all user ids here are lower case.
+ # Otherwise all user_ids are in the case which they are in LDAP. This should be ok
+ # for this function! I removed the snippet below to reduce the number of ldap queries.
+ # Before removal, this query was executed for every user again, just to fetch the DN
+ # and the username.
+ # # The given username might be wrong case. The ldap search is case insensitive,
+ # # so the username read from ldap might differ. Fix it here.
+ # user_dn, username = ldap_get_user(username, True)
if username in g_ldap_group_cache:
if attr == 'cn':
@@ -709,7 +718,7 @@ register_user_attribute_sync_plugins()
def ldap_convert_groups_to_contactgroups(params, user_id, ldap_user, user):
groups = []
# 1. Fetch CNs of all LDAP groups of the user (use group_dn, group_filter)
- ldap_groups = ldap_user_groups(user_id)
+ ldap_groups = ldap_user_groups(user_id, ldap_user['dn'])
# 2. Fetch all existing group names in WATO
cg_names = load_group_information().get("contact", {}).keys()
@@ -730,7 +739,7 @@ ldap_attribute_plugins['groups_to_contactgroups'] = {
def ldap_convert_groups_to_roles(params, user_id, ldap_user, user):
groups = []
# 1. Fetch DNs of all LDAP groups of the user
- ldap_groups = [ g.lower() for g in ldap_user_groups(user_id, 'dn') ]
+ ldap_groups = [ g.lower() for g in ldap_user_groups(user_id, ldap_user['dn'], 'dn') ]
# 2. Load default roles from default user profile
roles = config.default_user_profile['roles'][:]
Module: check_mk
Branch: master
Commit: 75dd66512e2047eb12abb07da7e34b8dcb2ac7ed
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=75dd66512e2047…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Thu Aug 22 15:58:25 2013 +0200
Dictionary vs: now able to set hidden_keys (only useful for fixed values)
---
web/htdocs/valuespec.py | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/web/htdocs/valuespec.py b/web/htdocs/valuespec.py
index 00cf4df..1a02992 100644
--- a/web/htdocs/valuespec.py
+++ b/web/htdocs/valuespec.py
@@ -2079,6 +2079,10 @@ class Dictionary(ValueSpec):
self._optional_keys = False
else:
self._optional_keys = True
+ if "hidden_keys" in kwargs:
+ self._hidden_keys = kwargs["hidden_keys"]
+ else:
+ self._hidden_keys = []
self._columns = kwargs.get("columns", 1) # possible: 1 or 2
self._render = kwargs.get("render", "normal") # also: "form" -> use forms.section()
@@ -2115,6 +2119,8 @@ class Dictionary(ValueSpec):
if headers_sup:
html.write('<tr>')
for param, vs in self._get_elements():
+ if param in self._hidden_keys:
+ continue
if not oneline:
html.write('<tr><td class=dictleft>')
div_id = varprefix + "_d_" + param
@@ -2181,9 +2187,12 @@ class Dictionary(ValueSpec):
def render_input_form_header(self, varprefix, value, title, sections):
forms.header(title, narrow=self._form_narrow)
for param, vs in self._get_elements():
- if sections and param not in sections:
+ if param in self._hidden_keys:
continue
+ if sections and param not in sections:
+ continue
+
div_id = varprefix + "_d_" + param
vp = varprefix + "_p_" + param
if self._optional_keys and param not in self._required_keys:
Module: check_mk
Branch: master
Commit: 1b45f28fc0179ae5189cf2a65affdf6a7314a3e3
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=1b45f28fc0179a…
Author: Götz Golla <gg(a)mathias-kettner.de>
Date: Thu Aug 22 13:50:41 2013 +0200
Updated bug entries #1001
---
.bugs/1001 | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/.bugs/1001 b/.bugs/1001
new file mode 100644
index 0000000..6c57b12
--- /dev/null
+++ b/.bugs/1001
@@ -0,0 +1,12 @@
+Title: check ups_power uses the group 'hw_temperature' which settings levels in degree celcius'
+Component: checks
+State: open
+Date: 2013-08-22 13:43:24
+Targetversion: future
+Class: nastiness
+
+Levels for the electric power of ups devices are in watt, however the check uses the group
+hw_temperature to set the values with the corresponding wato check in degrees celcius.
+This will nevertheless work and may be in active use since the values are integers. However it
+may be confusing. A new group hw_power with corresponding wato rule should be added. Customers
+need to be aware that this fix may break their existing checks.