diff options
author | Sumit Bose <sbose@redhat.com> | 2009-12-04 11:04:34 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-12-07 10:18:53 -0500 |
commit | d239b492ad0382d7061690219275f175c05e1830 (patch) | |
tree | 8baec93845175afd291a42f6e9c11673bae212a9 /server/providers/ldap/ldap_id.c | |
parent | d502762b5fde5bfd485b6cd76f300a5e80b45d31 (diff) | |
download | sssd-d239b492ad0382d7061690219275f175c05e1830.tar.gz sssd-d239b492ad0382d7061690219275f175c05e1830.tar.xz sssd-d239b492ad0382d7061690219275f175c05e1830.zip |
Try to renew Kerberos credentials
When using GSSAPI we need a valid service ticket to talk to the LDAP
server. If the ticket is expired the LDAP client returns with 'Can't
contact LDAP server'. Currently we set the backend offline if this error
occurs although the server is still available. This patch checks if the
TGT is expired and tries to renew the credentials before going offline.
Diffstat (limited to 'server/providers/ldap/ldap_id.c')
-rw-r--r-- | server/providers/ldap/ldap_id.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/server/providers/ldap/ldap_id.c b/server/providers/ldap/ldap_id.c index 18b387e57..4bbc07a68 100644 --- a/server/providers/ldap/ldap_id.c +++ b/server/providers/ldap/ldap_id.c @@ -719,6 +719,11 @@ static void sdap_account_info_users_done(struct tevent_req *req) dp_err = DP_ERR_OFFLINE; ctx = talloc_get_type(breq->be_ctx->bet_info[BET_ID].pvt_bet_data, struct sdap_id_ctx); + if (sdap_check_gssapi_reconnect(ctx)) { + talloc_zfree(ctx->gsh); + sdap_account_info_handler(breq); + return; + } sdap_mark_offline(ctx); } } @@ -745,6 +750,11 @@ static void sdap_account_info_groups_done(struct tevent_req *req) dp_err = DP_ERR_OFFLINE; ctx = talloc_get_type(breq->be_ctx->bet_info[BET_ID].pvt_bet_data, struct sdap_id_ctx); + if (sdap_check_gssapi_reconnect(ctx)) { + talloc_zfree(ctx->gsh); + sdap_account_info_handler(breq); + return; + } sdap_mark_offline(ctx); } } @@ -771,6 +781,11 @@ static void sdap_account_info_initgr_done(struct tevent_req *req) dp_err = DP_ERR_OFFLINE; ctx = talloc_get_type(breq->be_ctx->bet_info[BET_ID].pvt_bet_data, struct sdap_id_ctx); + if (sdap_check_gssapi_reconnect(ctx)) { + talloc_zfree(ctx->gsh); + sdap_account_info_handler(breq); + return; + } sdap_mark_offline(ctx); } } |