[Dovecot] auth-ldap not resetting connection state after failed bind
Brendan
brendan at tucows.com
Thu Dec 20 20:35:48 EET 2007
>> i believe i tracked it down to a couple lines in db_ldap_bind and fixed
>> it - dovecot-auth is reconnecting to ldap in the condition where it was
>> not previously:
>>
> Thanks. http://hg.dovecot.org/dovecot-1.0/rev/8dcc215fbc06
>
timo, i think i found another spot where it won't reconnect.
when ldap_conn_reconnect was getting called, it wasn't completely
reconnecting, and the requests in conn->delayed_requests_tail would
never be processed. when i changed the code to force a connection close
at the start of ldap_conn_reconnect then it would reconnect
successfully. this does cause auth failures when ldap is unconnected
(which from my limited understanding of the code appears to not be the
original desire), but it does cause the system to recover gracefully.
you might be able to come up with a better way to handle this (my c is
weak).
here's a patch that incorporates that one small change and the previous
one as well:
--- dovecot-1.0.3/src/auth/db-ldap.c.orig 2007-12-19
22:01:46.622328000 +0000
+++ dovecot-1.0.3/src/auth/db-ldap.c 2007-12-19 22:03:08.145721000 +0000
@@ -294,7 +294,7 @@
static void ldap_conn_reconnect(struct ldap_connection *conn)
{
- ldap_conn_close(conn, FALSE);
+ ldap_conn_close(conn, TRUE);
if (db_ldap_connect(conn) < 0) {
/* failed to reconnect. fail all requests. */
@@ -446,7 +446,10 @@
msgid = ldap_bind(conn->ld, conn->set.dn, conn->set.dnpass,
LDAP_AUTH_SIMPLE);
if (msgid == -1) {
- db_ldap_connect_finish(conn, ldap_get_errno(conn));
+ if (db_ldap_connect_finish(conn, ldap_get_errno(conn)) < 0) {
+ /* lost connection, close it */
+ ldap_conn_close(conn, TRUE);
+ }
i_free(ldap_request);
return -1;
}
More information about the dovecot
mailing list