[PATCH] idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN

Ralph Böhme slow at samba.org
Tue Jul 11 20:02:55 UTC 2017

On Mon, Jul 10, 2017 at 09:13:16PM -0700, Dustin Howett wrote:
> I've got a couple notes:
> 1. It looks like I missed a space.
> +static NTSTATUS idmap_ad_query_user_retry(struct idmap_domain *domain,
> +          struct wbint_userinfo *info)
> (on the struct wbint_userinfo line.)

no prob, shit happens. ;)

> I can further revise Ralph's patch if you'd rather not fix it inline.

I'll fix it when I push it.

> 2. While this brings idmap_ad_query_user in line with the other idmap_ad
> functions, it doesn't solve the core issue.
> It looks like the winbindd hosting idmap eventually operates on a closed ldap
> connection. I haven't been able to determine why it's being closed, but it's
> on the member server.
> The winbind cache covered the rfc2307 NSS info until 4.6. The ldap connection
> loss may have happened in 4.5 and prior as well, but the cache covered for it
> until the connection was reestablished.

Does this imply your patch is void? I think it is correct, essentially
triggering a reconect of an idle connection that got disconnected by the server
(at least that's my understanding of the retry logic).

> I may fork a thread over to samba@ to discuss this further.

As mentioned by Andrew, this discussion rightly belongs here, but feel free to
create a new thread as appropriate.


More information about the samba-technical mailing list