[PATCH] idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN
Andrew Bartlett
abartlet at samba.org
Mon Jul 10 20:04:15 UTC 2017
On Mon, 2017-07-10 at 16:28 +0200, Ralph Böhme wrote:
> On Mon, Jul 10, 2017 at 11:07:16PM +1200, Andrew Bartlett wrote:
> > On Mon, 2017-07-10 at 13:02 +0200, Ralph Böhme via samba-technical
> > wrote:
> > > On Fri, Jun 30, 2017 at 04:10:01PM -0700, Dustin L. Howett via samba-technical wrote:
> > > > All other ldap-querying methods in idmap_ad make a single retry attempt if they get
> > > > TLDAP_SERVER_DOWN. This patch brings idmap_ad_query_user in line with that design.
> > > >
> > > > This fixes the symptom described in 12720 at the cost of an additional reconnect per
> > > > failed lookup.
> > >
> > > lgtm. Can I get a second reviewer?
> >
> > Can we get a selftest for idmap_ad, like but not re-using the totally
> > different idmap_rfc2307 tests, perhaps as simple as running
> > nsswitch/tests/test_rfc2307_mapping.sh against an appropriate member
> > (rather than DC) environment?
>
> like this?
Yes! I would prefer we didn't re-use administrator but modified a
different user, but that isn't an objection but rather a suggested
improvement that I'm also trying to fix for the idmap_rfc2307 tests.
The only change I want to see is adding:
password server = $DC_SERVER
to the smb.conf, so we don't race replication if the environment
startup order changes.
With that second proviso:
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(including for Dustin's patch)
Thanks!
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list