Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't contact LDAP server fails to stop Sync to Wordpress #68

Open
eigood opened this issue Jan 26, 2018 · 2 comments
Open

Can't contact LDAP server fails to stop Sync to Wordpress #68

eigood opened this issue Jan 26, 2018 · 2 comments

Comments

@eigood
Copy link

eigood commented Jan 26, 2018

Version: 2.0.14

Recently, the automatic sync that has been running fine has started to get transient network connection errors. When this occurs, I see a "Can't contact LDAP server' in the cronjob log file. However, the Sync to Wordpress continues to run.

When this error occurs, the plugin assumes that the user in wordpress no longer exists in AD/LDAP, and then disables the account. The next morning, my phone blows up with the client asking why the entire company is having problems logging in.

I fix it by just running the sync again manually, but that is obviously not good long term.

Is there a way for the Sync to Wordpress feature to completely stop when it receives a connection error?
@MeissnerDa
Copy link
Contributor

MeissnerDa commented Jan 29, 2018
edited
Loading

Hello @eigood ,

Normally the Sync to WordPress process does not even start if the connection could not be established. If the connection breaks while the Sync is running then no the process is not stopped at the moment. I will add this to our issue tracker but I can not give you an ETA when it will be fixed at the moment.
Sorry

Best regards,
meissnerDa

@eigood
Copy link
Author

eigood commented Jan 30, 2018

My current thoughts are to install a global php error/warning handler, and convert the the warning that ldap_search() prints into an exception; that would then cause the sync to abort, and would prevent every user from being disabled. Said error-handler would only be active for the crontab, as I use wp-cli eval.

The first time I saw this bug, the connection error happened early, apparently.

2018-01-25 10:40:47 [WARN ] NextADInt_Adi_User_Manager::disable [line 694] Disabled user with user id 8 with reason: User "XXXX" has no normal Active Directory user account. Only user accounts can be synchronized.

This is the log line that occurred against all users. The sync had run fine for a while. This particular time, a long-lived transient network error was occurring, and it was preventing further connections from happening. While it was occurring, the sync was taking much much much longer, as the connection timeout had to expire before the code could move on the to next step.

Unfortunately, logs/debug.log does not contain the WARNING message printed by ldap_search(), and by the time I had been able to unravel part of this issue, the crontab log file had already been rotated away.

I can definitely confirm that a connection error was occurring during a Sync To Wordpress, and that it was causing all users to be disabled.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eigood @MeissnerDa