On Thu, May 24, 2018 at 11:45:40AM -0700, Paul B. Henson wrote: > > From: Gilles Chehade > > Sent: Wednesday, May 23, 2018 1:20 PM > > > > That's bad but could easily be fixed if you want to help us > > So I dropped in the latest table-ldap from git, and it still failed > authentications after an LDAP server outage. It looks like the check is only > in the table_ldap_check function? I'm not sure what that's for, but it > doesn't seem to be called at all when doing authentication. I added a > similar check into the table_ldap_lookup function, and also had to reorder > the functions in the file a bit due to errors like this: > > table_ldap.c:92:15: warning: implicit declaration of function 'ldap_open' is > invalid in C99 > [-Wimplicit-function-declaration] > > Afterwards, opensmtpd successfully reconnected to LDAP and performed > authentication after an LDAP outage :). > > users[14726]: debug: table_ldap: ldap_query: > filter=(&(objectClass=uidObject)(uid=henson)), ret=0 > users[14726]: debug: table-ldap: reconnecting > users[14726]: info: table-ldap: closed previous connection > users[14726]: debug: ldap server accepted credentials > users[14726]: debug: table_ldap: ldap_query: > filter=(&(objectClass=uidObject)(uid=henson)), ret=1 > > > Here's what my changes currently are. I can submit a pull request on github > if you'd like. Thanks. >
please do so we have more people able to test I'll review shortly > diff --git a/extras/tables/table-ldap/table_ldap.c > b/extras/tables/table-ldap/table_ldap.c > index 88c9ffd..9d20526 100644 > --- a/extras/tables/table-ldap/table_ldap.c > +++ b/extras/tables/table-ldap/table_ldap.c > @@ -74,45 +74,6 @@ table_ldap_update(void) > return 1; > } > > -static int > -table_ldap_check(int service, struct dict *params, const char *key) > -{ > - int ret; > - > - switch(service) { > - case K_ALIAS: > - case K_DOMAIN: > - case K_CREDENTIALS: > - case K_USERINFO: > - case K_MAILADDR: > - if ((ret = ldap_run_query(service, key, NULL, 0)) >= 0) { > - return ret; > - } > - log_debug("debug: table-ldap: reconnecting"); > - if (!(ret = ldap_open())) { > - log_warnx("warn: table-ldap: failed to connect"); > - } > - return ret; > - default: > - return -1; > - } > -} > - > -static int > -table_ldap_lookup(int service, struct dict *params, const char *key, char > *dst, size_t sz) > -{ > - switch(service) { > - case K_ALIAS: > - case K_DOMAIN: > - case K_CREDENTIALS: > - case K_USERINFO: > - case K_MAILADDR: > - return ldap_run_query(service, key, dst, sz); > - default: > - return -1; > - } > -} > - > static int > table_ldap_fetch(int service, struct dict *params, char *dst, size_t sz) > { > @@ -361,6 +322,32 @@ err: > return 0; > } > > +static int > +table_ldap_lookup(int service, struct dict *params, const char *key, char > *dst, size_t sz) > +{ > + int ret; > + > + switch(service) { > + case K_ALIAS: > + case K_DOMAIN: > + case K_CREDENTIALS: > + case K_USERINFO: > + case K_MAILADDR: > + if ((ret = ldap_run_query(service, key, dst, sz)) > 0) { > + return ret; > + } > + log_debug("debug: table-ldap: reconnecting"); > + if (!(ret = ldap_open())) { > + log_warnx("warn: table-ldap: failed to connect"); > + return ret; > + } > + return ldap_run_query(service, key, dst, sz); > + default: > + return -1; > + } > +} > + > + > static int > ldap_query(const char *filter, char **attributes, char ***outp, size_t n) > { > @@ -498,6 +485,31 @@ end: > return ret; > } > > +static int > +table_ldap_check(int service, struct dict *params, const char *key) > +{ > + int ret; > + > + switch(service) { > + case K_ALIAS: > + case K_DOMAIN: > + case K_CREDENTIALS: > + case K_USERINFO: > + case K_MAILADDR: > + if ((ret = ldap_run_query(service, key, NULL, 0)) >= 0) { > + return ret; > + } > + log_debug("debug: table-ldap: reconnecting"); > + if (!(ret = ldap_open())) { > + log_warnx("warn: table-ldap: failed to connect"); > + } > + return ret; > + default: > + return -1; > + } > +} > + > + > int > main(int argc, char **argv) > { > > -- Gilles Chehade https://www.poolp.org @poolpOrg