About the “_s” in the LDAP library (Python and others)

If you have coded using LDAP libraries you should have noticed about functions that ends with and without “_s”. That “s” means synchronous: the functions return when the operation is finished. The functions without the “s” are asynchronous: the functions return instantaneously without waiting for the end of the operation. The idea behind async functions is that you can call several LDAP functions to do different things and then you can pick the results when you need them,  without blocking the program.

I’m writing this post because you should be careful using these functions. Today I was writing a small Python script to modify some object from a DIT and I lost 30 minutes trying to figure out why the script wasn’t working. I was using the function “bind()” and then “search_s()”. The second didn’t return anything but If I searched using the command line tools with the same parameters I got the objects. What was the problem? I missed the “_s” at the end of “bind()”. I was using the async version so I was calling “search_s()” before the end of the bind operation. 🙁

Post to Twitter

Source routing with Squid

This is a small HOWTO about doing source routing with Squid and Linux. With Squid you can specifiy the outgoing IP address using ACLs. That means that you can select the outgoing IP using the information inside HTTP messages, thing that you can’t do with a firewall. The syntax is simple:

acl somedomain dstdomain somedomain.com tcp_outgoing_address 1.2.3.4 somedomain

Those two lines say: “If the request is asking for somedomain.com, go to the world using IP 1.2.3.4”.

Now the Linux part. If you have more than one public IP address and you want to make the Squid configuration to work you need some iproute lines.

ip rule add table 10 from 1.2.3.4 ip route add table 10 default via GW

And those two lines says: “If the source IP of the packaet is 1.2.3.4, go via GW”.

Source routing with Linux is simple. What you do is to create a new table. This table will be used by that packets that match the criteria specified in “ip rule”. The “default table” is the table main, everything goes there if there is no rule. Is the table that you see with “ip route” or “route -n” (please, don’t use the last command anymore).

 

Post to Twitter