LDAP: Set sdap handle as explicitly connected in LDAP auth

In case SSSD is set with id_provider=proxy and auth_provider=ldap, the
LDAP provider is not used to retrieve the user info with the
higher-level calls, but the lower-level connection establishment is used
instead. In this case, we need to make sure to mark the connection as
explicitly connected to be notified about results of looking up the DN.

Resolves:
https://fedorahosted.org/sssd/ticket/2620

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

1 files changed, 12 insertions, 0 deletions

diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 6ee570bba..817179426 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -762,6 +762,18 @@ static void auth_connect_done(struct tevent_req *subreq)
                               state->srv, PORT_WORKING);
     }
 
+    /* In case the ID provider is set to proxy, this might be the first
+     * LDAP operation at all, so we need to set the connection status
+     */
+    if (state->sh->connected == false) {
+        ret = sdap_set_connected(state->sh, state->ev);
+        if (ret) {
+            DEBUG(SSSDBG_OP_FAILURE, "Cannot set connected status\n");
+            tevent_req_error(req, ret);
+            return;
+        }
+    }
+
     ret = get_user_dn(state, state->ctx->be->domain,
                       state->ctx->opts, state->username, &state->dn,
                       &state->pw_expire_type, &state->pw_expire_data);