58 lines
2.2 KiB
Diff
58 lines
2.2 KiB
Diff
From a7de38dac0e3e4686637f26d168f4c95db9ad673 Mon Sep 17 00:00:00 2001
|
|
From: Tero Saarni <tero.saarni@est.tech>
|
|
Date: Mon, 10 May 2021 21:41:02 +0300
|
|
Subject: [PATCH 235/238] ITS#9468 summarize discussion about rebind-as-user
|
|
|
|
---
|
|
servers/slapd/back-ldap/bind.c | 21 +++++++++++++++++----
|
|
1 file changed, 17 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
|
|
index 3b46caaa7..8e77e3a60 100644
|
|
--- a/servers/slapd/back-ldap/bind.c
|
|
+++ b/servers/slapd/back-ldap/bind.c
|
|
@@ -1500,6 +1500,7 @@ retry:;
|
|
* This can happen when connection to remote server has been
|
|
* lost either due to remote server disconnecting it or due to
|
|
* proxy disconnecting it by itself (idle-timeout, conn-ttl).
|
|
+ * See comment in ldap_back_conn_prune().
|
|
*/
|
|
if ( !BER_BVISNULL( &lc->lc_bound_ndn ) && !BER_BVISEMPTY( &lc->lc_bound_ndn ) ) {
|
|
Debug( LDAP_DEBUG_ANY,
|
|
@@ -3098,6 +3099,22 @@ ldap_back_conn_expire_time( ldapinfo_t *li, ldapconn_t *lc) {
|
|
return -1;
|
|
}
|
|
|
|
+/*
|
|
+ * Iterate though connections and close those that are pass the expiry time.
|
|
+ * Also calculate the time for next connection to to expire.
|
|
+ *
|
|
+ * Note:
|
|
+ * When the client sends a request after remote connection is pruned, a new
|
|
+ * connection is created but bind cannot be replayed even if "rebind-as-user"
|
|
+ * was set to "yes". The client credentials are stored in ldapconn_t and lost
|
|
+ * when the connection is freed.
|
|
+ *
|
|
+ * LDAP_DISCONNECT is sent to signal the client that it needs to reconnect to
|
|
+ * the proxy and rebind itself (see "Bind is requested with DN but without
|
|
+ * credentials" in ldap_back_dobind_int()). Better implementation would not
|
|
+ * free ldapconn_t but instead just close the socket. This is not implemented
|
|
+ * currently as it is considerable work for what is assumed to be a corner case.
|
|
+ */
|
|
static void
|
|
ldap_back_conn_prune( ldapinfo_t *li )
|
|
{
|
|
@@ -3106,10 +3123,6 @@ ldap_back_conn_prune( ldapinfo_t *li )
|
|
TAvlnode *edge;
|
|
int c;
|
|
|
|
- /*
|
|
- * Iterate though connections and close those that are pass the expiry time.
|
|
- * Also calculate the time for next connection to to expire.
|
|
- */
|
|
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
|
|
|
|
for ( c = LDAP_BACK_PCONN_FIRST; c < LDAP_BACK_PCONN_LAST; c++ ) {
|
|
--
|
|
2.32.0
|
|
|