ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 107, 'ctrls': [], 'info': 'Transport endpoint is not connected'}

Symptoms

Users are unable to log on.

In the log file awingu-api.service.log, a similar error can be seen:

2022-12-07 15:29:33.123716+00:00 node01 awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:1263]: Could not bind to any ldap server.
Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/cdsessions/backends.py", line 134, in authenticate_ldap
    groups, attributes, rah_token = ldap.authenticate(
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 235, in authenticate
    self._bind(username=username, password=password)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 161, in _bind
    bind_function(*args)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 248, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 242, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 107, 'ctrls': [], 'info': 'Transport endpoint is not connected'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/cdsessions/backends.py", line 134, in authenticate_ldap
    groups, attributes, rah_token = ldap.authenticate(
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 235, in authenticate
    self._bind(username=username, password=password)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 161, in _bind
    bind_function(*args)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 248, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 242, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 107, 'ctrls': [], 'info': 'Transport endpoint is not connected'}
 

Cause

This is likely caused by using a deprecated signature algorithm such as sha1rsa.

Resolution

Reconfigure the LDAP server to use a certificate with a modern signature algorithm.

Workaround: If your LDAP server still allows non-encrypted connections, try to disable SSL ( System Settings > Global > Domains > select each affected domain > LDAP over SSL ). Keep in mind that this makes the connection not secure!