[Freeipa-devel] [PATCH] bind-dyndb-ldap: Don't quit when initial connection to LDAP fails

Adam Tkac atkac at redhat.com
Wed Jan 12 15:24:06 UTC 2011 

Hello,

as written in https://bugzilla.redhat.com/show_bug.cgi?id=662930
some people use OpenLDAP & BIND running on one machine. In this case
BIND is started before OpenLDAP so initial connection fails. This
patch allows BIND to run but admin must call "rndc reload" after
LDAP is started to fetch zones stored in LDAP.

Comments are welcomed.

Regards, Adam

-- 
Adam Tkac, Red Hat, Inc.
-------------- next part --------------
>From 42e1c6218ced6678ff7266a937108c058e3531bd Mon Sep 17 00:00:00 2001
From: Adam Tkac <atkac at redhat.com>
Date: Wed, 12 Jan 2011 16:19:10 +0100
Subject: [PATCH] Don't quit when initial connection to LDAP fails.

As written in https://bugzilla.redhat.com/show_bug.cgi?id=662930
some people use OpenLDAP & BIND running on one machine. In this case
BIND is started before OpenLDAP so initial connection fails. This
patch allows BIND to run but admin must call "rndc reload" after
LDAP is started to fetch zones stored in LDAP.

Signed-off-by: Adam Tkac <atkac at redhat.com>
---
 src/ldap_helper.c |   16 ++++++++++++----
 1 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index a6235b3..e5c5aa9 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -422,6 +422,9 @@ retry:
 			ldap_inst->auth_method = AUTH_NONE;
 			log_debug(2, "falling back to password-less login");
 			goto retry;
+		} else if (result == ISC_R_NOTCONNECTED) {
+			/* LDAP server is down which can happen, continue */
+			result = ISC_R_SUCCESS;
 		} else if (result != ISC_R_SUCCESS) {
 			goto cleanup;
 		}
@@ -1683,12 +1686,17 @@ ldap_reconnect(ldap_connection_t *ldap_conn)
 	if (ret != LDAP_SUCCESS) {
 		log_error("bind to LDAP server failed: %s",
 			  ldap_err2string(ret));
-		if (ret == LDAP_INVALID_CREDENTIALS)
+
+		switch (ret) {
+		case LDAP_INVALID_CREDENTIALS:
 			return ISC_R_NOPERM;
-		return ISC_R_FAILURE;
-	} else {
+		case LDAP_SERVER_DOWN:
+			return ISC_R_NOTCONNECTED;
+		default:
+			return ISC_R_FAILURE;
+		}
+	} else
 		log_debug(2, "bind to LDAP server successful");
-	}
 
 	ldap_conn->tries = 0;
 
-- 
1.7.3.4

More information about the Freeipa-devel mailing list