[PATCH] idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN

Dustin L. Howett dustin at howett.net
Fri Jun 30 23:10:01 UTC 2017


All other ldap-querying methods in idmap_ad make a single retry attempt if they get
TLDAP_SERVER_DOWN. This patch brings idmap_ad_query_user in line with that design.

This fixes the symptom described in 12720 at the cost of an additional reconnect per
failed lookup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12720

Signed-off-by: Dustin L. Howett <dustin at howett.net>
---
 source3/winbindd/idmap_ad.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 5039e9bfe56..2bee08a5577 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -511,9 +511,26 @@ static NTSTATUS idmap_ad_query_user(struct idmap_domain *domain,
 	return NT_STATUS_OK;
 }
 
+static NTSTATUS idmap_ad_query_user_retry(struct idmap_domain *domain,
+				          struct wbint_userinfo *info)
+{
+	const NTSTATUS status_server_down =
+		NT_STATUS_LDAP(TLDAP_RC_V(TLDAP_SERVER_DOWN));
+	NTSTATUS status;
+
+	status = idmap_ad_query_user(domain, info);
+
+	if (NT_STATUS_EQUAL(status, status_server_down)) {
+		TALLOC_FREE(domain->private_data);
+		status = idmap_ad_query_user(domain, info);
+	}
+
+	return status;
+}
+
 static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom)
 {
-	dom->query_user = idmap_ad_query_user;
+	dom->query_user = idmap_ad_query_user_retry;
 	dom->private_data = NULL;
 	return NT_STATUS_OK;
 }
-- 
2.13.2




More information about the samba-technical mailing list