[PATCH] idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN
Andrew Bartlett
abartlet at samba.org
Tue Jul 11 04:30:08 UTC 2017
On Mon, 2017-07-10 at 21:13 -0700, Dustin Howett wrote:
> On Mon, Jul 10, 2017 at 1:04 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> >
> > With that second proviso:
> >
> > Reviewed-by: Andrew Bartlett <abartlet at samba.org>
> > (including for Dustin's patch)
> >
> > Thanks!
>
> Andrew, Ralph,
>
> Thanks for the review.
>
> I've got a couple notes:
>
> 1. It looks like I missed a space.
>
> +static NTSTATUS idmap_ad_query_user_retry(struct idmap_domain *domain,
> + struct wbint_userinfo *info)
>
> (on the struct wbint_userinfo line.)
>
> I can further revise Ralph's patch if you'd rather not fix it inline.
>
> 2. While this brings idmap_ad_query_user in line with the other idmap_ad
> functions, it doesn't solve the core issue.
>
> It looks like the winbindd hosting idmap eventually operates on a closed ldap
> connection. I haven't been able to determine why it's being closed, but it's
> on the member server.
>
> The winbind cache covered the rfc2307 NSS info until 4.6. The ldap connection
> loss may have happened in 4.5 and prior as well, but the cache covered for it
> until the connection was reestablished.
>
> I may fork a thread over to samba@ to discuss this further.
This kind of discussion belongs here, on samba-technical.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list