On 24.10.2013 16:00, Tomas Hozza wrote:
On 10/23/2013 05:14 PM, Petr Spacek wrote:
Hello,

this patch belongs to 4.0 release. It allows the user to catch some
mis-configurations.

It produces error messages like this:
LDAP error: Critical extension is unavailable: unable to start SyncRepl
session: is RFC 4533 supported on LDAP server?

Patch 201 v2 was rebased and modified.

Now the code prints an error and continues to re-try as usual instead of killing BIND. Shutdown in early stages of start-up had various strange effects including assertion failures.

This patch should go only to master branch.

--
Petr^2 Spacek

From ceb61db783d63d1273a02f2dad55a4ba3f714202 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Wed, 23 Oct 2013 16:52:58 +0200
Subject: [PATCH] Report error if RFC 4533 initialization failed.

Signed-off-by: Petr Spacek <pspa...@redhat.com>
---
 src/ldap_helper.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 95e84b127b09d5df691cd956f44b46d05adb671c..52cbfb3e3c04c517b976d5235f83f42423c7b4e6 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -4474,6 +4474,7 @@ ldap_syncrepl_watcher(isc_threadarg_t arg)
 	isc_result_t result;
 	sigset_t sigset;
 	ldap_sync_t *ldap_sync = NULL;
+	const char *err_hint = "";
 
 	log_debug(1, "Entering ldap_syncrepl_watcher");
 
@@ -4508,6 +4509,17 @@ ldap_syncrepl_watcher(isc_threadarg_t arg)
 		log_debug(1, "Sending initial syncrepl lookup");
 		ret = ldap_sync_init(ldap_sync, LDAP_SYNC_REFRESH_AND_PERSIST);
 		/* TODO: error handling, set tainted flag & do full reload? */
+		if (ret != LDAP_SUCCESS) {
+			if (ret == LDAP_UNAVAILABLE_CRITICAL_EXTENSION)
+				err_hint = ": is RFC 4533 supported by LDAP server?";
+			else
+				err_hint = "";
+
+			log_ldap_error(ldap_sync->ls_ld, "unable to start SyncRepl "
+					"session%s", err_hint);
+			conn->handle = NULL;
+			continue;
+		}
 
 		while (!inst->exiting && ret == LDAP_SUCCESS) {
 			ret = ldap_sync_poll(ldap_sync);
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to