From f8f0c7c40112c070f36d3c513314afc40dbb8715 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 27 Jan 2022 12:16:46 +0100
Subject: [PATCH 2/3] ldap: do not continue on timeout (#61128)

---
 src/authentic2/backends/ldap_backend.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/authentic2/backends/ldap_backend.py b/src/authentic2/backends/ldap_backend.py
index 95245bb2..751552d6 100644
--- a/src/authentic2/backends/ldap_backend.py
+++ b/src/authentic2/backends/ldap_backend.py
@@ -913,8 +913,6 @@ class LDAPBackend:
                 results = self.normalize_ldap_results(results)
             except ldap.NO_SUCH_OBJECT:
                 pass
-            except ldap.TIMEOUT:
-                log.error('[%s] connection timed out while retrieving group DNs', ldap_uri)
             else:
                 group_dns.update(dn for dn, attrs in results)
         return group_dns
@@ -1499,7 +1497,10 @@ class LDAPBackend:
         for block in blocks:
             if realm and realm != block['realm']:
                 continue
-            yield from cls.get_users_for_block(block)
+            try:
+                yield from cls.get_users_for_block(block)
+            except ldap.LDAPError as e:
+                log.error('synchronization failed on an LDAP error: "%s"', e)
 
     @classmethod
     def deactivate_orphaned_users(cls):
-- 
2.34.1