hello Sam
I have just tested this modified version but it seems that:
- in some cases the authldap connections are are restarted (first ldap
server restart test),
- but on other cases authldap connections were not restarted
<ldap server restart>
May 26 19:37:46 mail authdaemond: ldap_search_ext_s failed: Can't
contact LDAP server
May 26 19:37:46 mail authdaemond: ldap_search_ext_s failed: Can't
contact LDAP server
May 26 19:37:46 mail maildrop[24377]: Unable to change to home directory.
May 26 19:37:46 mail maildrop[24378]: Unable to change to home directory.
May 26 19:37:54 mail authdaemond: ldap_sasl_bind_s failed: Invalid
credentials
May 26 19:37:54 mail authdaemond: ldap_sasl_bind_s failed: Invalid
credentials
May 26 19:37:55 mail authdaemond: ldap_sasl_bind_s failed: Invalid
credentials
May 26 19:37:55 mail authdaemond: ldap_sasl_bind_s failed: Invalid
credentials
May 26 19:37:56 mail maildrop[24407]: Unable to change to home directory.
May 26 19:37:56 mail maildrop[24408]: Unable to change to home directory.
May 26 19:38:00 mail authdaemond: ldap_sasl_bind_s failed: Can't contact
LDAP server
May 26 19:38:01 mail imapd-ssl: [email protected]: chdir() failed!!
May 26 19:38:01 mail imapd-ssl: error: No such file or directory
May 26 19:38:01 mail imapd-ssl: LOGIN FAILED, user=, ip=
May 26 19:38:01 mail imapd-ssl: authentication error: No such file or
directory
this:
authdaemond: stopping authdaemond children
authdaemond: modules="authldap", daemons=14
authdaemond: Installing libauthldap
authdaemond: Installation complete: authldap
...did not happen.
the original patch is completely without issues. I can restart ldap
server XY times and each time the behavior works perfectly.
Dňa 25.5.2018 o 13:10 Sam Varshavchik napísal(a):
Michal Bruncko writes:
« HTML content follows »
Hello Sam
I have just tested this patch and it work amazingly great. here is
log from authdaemon log after LDAP server restart:
May 25 11:42:21 mail authdaemond: ldap_search_ext_s failed: Can't
contact LDAP server
May 25 11:42:21 mail authdaemond: ldap_start_tls_s failed: Can't
contact LDAP server
May 25 11:42:21 mail authdaemond: authdaemond: search.c:95:
ldap_pvt_search: Assertion `ld != ((void *)0)' failed.
May 25 11:42:21 mail authdaemond: stopping authdaemond children
May 25 11:42:21 mail imapd-ssl: LOGIN FAILED, user=
May 25 11:42:21 mail imapd-ssl: authentication error: Input/output error
May 25 11:42:21 mail authdaemond: restarting authdaemond children
May 25 11:42:21 mail authdaemond: modules="authldap", daemons=14
May 25 11:42:21 mail authdaemond: Uninstalling authldap
May 25 11:42:21 mail authdaemond: Installing libauthldap
May 25 11:42:21 mail authdaemond: Installation complete: authldap
after that all LOGIN requests are back handled properly :)
thank you again for really very quick reaction
is there any chance that this patch can be included in main code?
thank you
I tweaked the patch a little bit, and will include the following
version in the next release. connect() does nothing if the connection
is already established, and this adds an additional attempt to recover
a dead connection. I believe that this adjusted reconnection logic
will work at least as well as the original version.
diff --git a/courier-authlib/authldaplib.cpp
b/courier-authlib/authldaplib.cpp
index f2009cd..d5b71a7 100644
--- a/courier-authlib/authldaplib.cpp
+++ b/courier-authlib/authldaplib.cpp
@@ -87,10 +87,19 @@ public:
cred.bv_len=buffer.size();
cred.bv_val=&buffer[0];
- return ok("ldap_sasl_bind_s",
- ldap_sasl_bind_s(connection, userid.c_str(),
- NULL, &cred,
- NULL, NULL, NULL));
+ if (connect() &&
+ ok("ldap_sasl_bind_s",
+ ldap_sasl_bind_s(connection, userid.c_str(),
+ NULL, &cred,
+ NULL, NULL, NULL)))
+ return true;
+
+ disconnect();
+ return connect() &&
+ ok("ldap_sasl_bind_s",
+ ldap_sasl_bind_s(connection, userid.c_str(),
+ NULL, &cred,
+ NULL, NULL, NULL));
}
};
@@ -618,7 +627,8 @@ public:
{
struct timeval timeout_copy=timeout;
- if (!conn.ok("ldap_search_ext_s",
+ if (!conn.connect() ||
+ !conn.ok("ldap_search_ext_s",
ldap_search_ext_s(conn.connection,
basedn.c_str(),
LDAP_SCOPE_SUBTREE,
@@ -630,6 +640,21 @@ public:
100, &ptr)))
{
ptr=NULL;
+ conn.disconnect();
+ if (!conn.connect()
+ || !conn.ok("ldap_search_ext_s",
+ ldap_search_ext_s(conn.connection,
+ basedn.c_str(),
+ LDAP_SCOPE_SUBTREE,
+ query.c_str(),
+ search_attributes(),
+ 0,
+ NULL, NULL,
+ &timeout_copy,
+ 100, &ptr)))
+ {
+ ptr=NULL;
+ }
}
}
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Courier-imap mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Courier-imap mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
