diff --git a/ldappool/__init__.py b/ldappool/__init__.py index 60c5d6a..6bc52f0 100644 --- a/ldappool/__init__.py +++ b/ldappool/__init__.py @@ -252,6 +252,11 @@ class ConnectionManager(object): conn.timeout = self.timeout self._bind(conn, bind, passwd) connected = True + except ldap.INVALID_CREDENTIALS as error: + exc = error + log.error('Invalid credentials. Cancelling retry', + exc_info=True) + break except ldap.LDAPError as error: exc = error time.sleep(self.retry_delay) diff --git a/ldappool/tests/test_ldapconnection.py b/ldappool/tests/test_ldapconnection.py index 3c6d038..46d033c 100644 --- a/ldappool/tests/test_ldapconnection.py +++ b/ldappool/tests/test_ldapconnection.py @@ -55,6 +55,10 @@ def _bind_fails2(self, who='', cred='', **kw): raise ldap.SERVER_DOWN('LDAP connection invalid') +def _bind_fails_invalid_credentials(self, who='', cred='', **kw): + raise ldap.INVALID_CREDENTIALS('LDAP connection invalid') + + def _start_tls_s(self): if self.start_tls_already_called_flag: raise ldap.LOCAL_ERROR @@ -157,3 +161,26 @@ class TestLDAPConnection(unittest.TestCase): pass else: raise AssertionError() + + def test_simple_bind_fails_invalid_credentials(self): + unbinds = [] + + def _unbind(self): + unbinds.append(1) + + # the binding fails with an LDAPError + ldappool.StateConnector.simple_bind_s = _bind_fails_invalid_credentials + ldappool.StateConnector.unbind_s = _unbind + uri = '' + dn = 'uid=adminuser,ou=logins,dc=mozilla' + passwd = 'adminuser' + cm = ldappool.ConnectionManager(uri, dn, passwd, use_pool=True, size=2) + self.assertEqual(len(cm), 0) + + try: + with cm.connection('dn', 'pass'): + pass + except ldap.INVALID_CREDENTIALS: + pass + else: + raise AssertionError()