URL: https://github.com/SSSD/sssd/pull/5532 Title: #5532: ldap: retry ldap_install_tls() when watchdog interruption
alexey-tikhonov commented: """ > > Did you try your latest version with your reproducer? > > Yes, when the process fails it is retried. Thanks for the logs. Functionally it looks good. But I have a question: ``` (11:39:30): [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (11:39:30): [sdap_uri_callback] (0x0400): Constructed uri 'ldaps://10.0.155.220:636' (11:39:30): [decide_tls_usage] (0x2000): [ldaps://10.0.155.220:636] is a secure channel. No need to run START_TLS (11:39:30): [sssd_async_socket_init_send] (0x0400): Setting 12 seconds timeout for connecting ...network delay (11:39:40): [sss_ldap_init_sys_connect_done] (0x0020): ldap_install_tls failed: [Connect error] [unknown error] (11:39:40): [sss_ldap_init_sys_connect_done] (0x0020): Assuming TLS handshake was interrupted (11:39:40): [sss_ldap_init_state_destructor] (0x0400): calling ldap_unbind_ext for ldap:[0xdf4950] sd:[26] (11:39:40): [sss_ldap_init_state_destructor] (0x0400): closing socket [26] (11:39:40): [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [1432158320]: TLS handshake was interrupted. (11:39:40): [sdap_handle_release] (0x2000): Trace: sh[0xdf7020], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0], release_memory[0] (11:39:40): [sdap_cli_connect_done] (0x0040): Performing retry due to TLS handshake interruption (11:39:40): [fo_set_port_status] (0x0100): Marking port 636 of server '10.0.155.220' as 'not working' (11:39:40): [fo_set_port_status] (0x0400): Marking port 636 of duplicate server '10.0.155.220' as 'not working' (11:39:40): [decide_tls_usage] (0x2000): [ldaps://10.0.155.220:636] is a secure channel. No need to run START_TLS (11:39:40): [sssd_async_socket_init_send] (0x0400): Setting 12 seconds timeout for connecting (11:39:42): [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldaps://10.0.155.220:636/??base] with fd [26]. ``` -- why `Marking port ... as 'not working'`? IIUC, this is exactly ip:port that is being retried (and succeeds). """ See the full comment at https://github.com/SSSD/sssd/pull/5532#issuecomment-801848446
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
