52 lines
1.8 KiB
Diff
52 lines
1.8 KiB
Diff
From 9724cc7dc24dbbc17c356f100262a7999db3f88b Mon Sep 17 00:00:00 2001
|
|
From: Tero Saarni <tero.saarni@est.tech>
|
|
Date: Fri, 5 Mar 2021 10:51:28 +0200
|
|
Subject: [PATCH 232/238] ITS#9468 back-ldap: Return disconect if rebind cannot
|
|
be done
|
|
|
|
---
|
|
servers/slapd/back-ldap/bind.c | 22 +++++++++++++++++++---
|
|
1 file changed, 19 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
|
|
index 1f9cbf185..3b46caaa7 100644
|
|
--- a/servers/slapd/back-ldap/bind.c
|
|
+++ b/servers/slapd/back-ldap/bind.c
|
|
@@ -1495,9 +1495,25 @@ retry_lock:;
|
|
retry:;
|
|
if ( BER_BVISNULL( &lc->lc_cred ) ) {
|
|
tmp_dn = "";
|
|
+ /*
|
|
+ * Bind is requested with DN but without credentials.
|
|
+ * This can happen when connection to remote server has been
|
|
+ * lost either due to remote server disconnecting it or due to
|
|
+ * proxy disconnecting it by itself (idle-timeout, conn-ttl).
|
|
+ */
|
|
if ( !BER_BVISNULL( &lc->lc_bound_ndn ) && !BER_BVISEMPTY( &lc->lc_bound_ndn ) ) {
|
|
- Debug( LDAP_DEBUG_ANY, "%s ldap_back_dobind_int: DN=\"%s\" without creds, binding anonymously",
|
|
- op->o_log_prefix, lc->lc_bound_ndn.bv_val, 0 );
|
|
+ Debug( LDAP_DEBUG_ANY,
|
|
+ "%s ldap_back_dobind_int: DN=\"%s\" connection "
|
|
+ "was re-established but cannot rebind without creds\n",
|
|
+ op->o_log_prefix, lc->lc_bound_ndn.bv_val, 0 );
|
|
+ rs->sr_text = "Proxy lost connection to remote server";
|
|
+ rs->sr_err = LDAP_UNAVAILABLE;
|
|
+ if ( sendok & LDAP_BACK_SENDERR ) {
|
|
+ send_ldap_result( op, rs );
|
|
+ }
|
|
+ rs->sr_err = SLAPD_DISCONNECT;
|
|
+ rc = 0;
|
|
+ goto done;
|
|
}
|
|
|
|
} else {
|
|
@@ -3209,4 +3225,4 @@ ldap_back_schedule_conn_expiry( ldapinfo_t *li, ldapconn_t *lc ) {
|
|
ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
|
|
|
|
return;
|
|
-}
|
|
\ No newline at end of file
|
|
+}
|
|
--
|
|
2.32.0
|
|
|