active-directory-integration2 icon indicating copy to clipboard operation
active-directory-integration2 copied to clipboard

Published 20 hours ago verified publisher icon NeosIT

Can't contact LDAP server fails to stop Sync to Wordpress

Open eigood opened this issue 6 years ago • 2 comments

Version: 2.0.14

Recently, the automatic sync that has been running fine has started to get transient network connection errors. When this occurs, I see a "Can't contact LDAP server' in the cronjob log file. However, the Sync to Wordpress continues to run.

When this error occurs, the plugin assumes that the user in wordpress no longer exists in AD/LDAP, and then disables the account. The next morning, my phone blows up with the client asking why the entire company is having problems logging in.

I fix it by just running the sync again manually, but that is obviously not good long term.

Is there a way for the Sync to Wordpress feature to completely stop when it receives a connection error?

eigood avatar Jan 26 '18 18:01 eigood

Hello @eigood ,

Normally the Sync to WordPress process does not even start if the connection could not be established. If the connection breaks while the Sync is running then no the process is not stopped at the moment. I will add this to our issue tracker but I can not give you an ETA when it will be fixed at the moment. Sorry

Best regards, meissnerDa

MeissnerDa avatar Jan 29 '18 08:01 MeissnerDa

My current thoughts are to install a global php error/warning handler, and convert the the warning that ldap_search() prints into an exception; that would then cause the sync to abort, and would prevent every user from being disabled. Said error-handler would only be active for the crontab, as I use wp-cli eval.

The first time I saw this bug, the connection error happened early, apparently.

2018-01-25 10:40:47 [WARN ] NextADInt_Adi_User_Manager::disable [line 694] Disabled user with user id 8 with reason: User "XXXX" has no normal Active Directory user account. Only user accounts can be synchronized.

This is the log line that occurred against all users. The sync had run fine for a while. This particular time, a long-lived transient network error was occurring, and it was preventing further connections from happening. While it was occurring, the sync was taking much much much longer, as the connection timeout had to expire before the code could move on the to next step.

Unfortunately, logs/debug.log does not contain the WARNING message printed by ldap_search(), and by the time I had been able to unravel part of this issue, the crontab log file had already been rotated away.

I can definitely confirm that a connection error was occurring during a Sync To Wordpress, and that it was causing all users to be disabled.

eigood avatar Jan 30 '18 18:01 eigood