[PATCH] idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN
Ralph Böhme
slow at samba.org
Tue Jul 11 20:02:55 UTC 2017
On Mon, Jul 10, 2017 at 09:13:16PM -0700, Dustin Howett wrote:
> I've got a couple notes:
>
> 1. It looks like I missed a space.
>
> +static NTSTATUS idmap_ad_query_user_retry(struct idmap_domain *domain,
> + struct wbint_userinfo *info)
>
> (on the struct wbint_userinfo line.)
no prob, shit happens. ;)
> I can further revise Ralph's patch if you'd rather not fix it inline.
I'll fix it when I push it.
> 2. While this brings idmap_ad_query_user in line with the other idmap_ad
> functions, it doesn't solve the core issue.
>
> It looks like the winbindd hosting idmap eventually operates on a closed ldap
> connection. I haven't been able to determine why it's being closed, but it's
> on the member server.
>
> The winbind cache covered the rfc2307 NSS info until 4.6. The ldap connection
> loss may have happened in 4.5 and prior as well, but the cache covered for it
> until the connection was reestablished.
Does this imply your patch is void? I think it is correct, essentially
triggering a reconect of an idle connection that got disconnected by the server
(at least that's my understanding of the retry logic).
> I may fork a thread over to samba@ to discuss this further.
As mentioned by Andrew, this discussion rightly belongs here, but feel free to
create a new thread as appropriate.
Cheerio!
-slow
More information about the samba-technical
mailing list