[PATCH] idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN

Dustin Howett dustin at howett.net
Tue Jul 11 04:13:16 UTC 2017

On Mon, Jul 10, 2017 at 1:04 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> With that second proviso:
> Reviewed-by: Andrew Bartlett <abartlet at samba.org>
> (including for Dustin's patch)
> Thanks!

Andrew, Ralph,

Thanks for the review.

I've got a couple notes:

1. It looks like I missed a space.

+static NTSTATUS idmap_ad_query_user_retry(struct idmap_domain *domain,
+          struct wbint_userinfo *info)

(on the struct wbint_userinfo line.)

I can further revise Ralph's patch if you'd rather not fix it inline.

2. While this brings idmap_ad_query_user in line with the other idmap_ad
functions, it doesn't solve the core issue.

It looks like the winbindd hosting idmap eventually operates on a closed ldap
connection. I haven't been able to determine why it's being closed, but it's
on the member server.

The winbind cache covered the rfc2307 NSS info until 4.6. The ldap connection
loss may have happened in 4.5 and prior as well, but the cache covered for it
until the connection was reestablished.

I may fork a thread over to samba@ to discuss this further.


More information about the samba-technical mailing list