1 files changed, 17 insertions, 1 deletions

diff --git a/server/providers/ldap/ldap_id_enum.c b/server/providers/ldap/ldap_id_enum.c
index 1ddcbf8fd..bc06e8bdc 100644
--- a/server/providers/ldap/ldap_id_enum.c
+++ b/server/providers/ldap/ldap_id_enum.c
@@ -227,6 +227,14 @@ fail:
         DEBUG(9, ("User enumeration failed with: (%d)[%s]\n",
                   (int)err, strerror(err)));
 
+        if (sdap_check_gssapi_reconnect(state->ctx)) {
+            talloc_zfree(state->ctx->gsh);
+            subreq = enum_users_send(state, state->ev, state->ctx, state->purge);
+            if (subreq != NULL) {
+                tevent_req_set_callback(subreq, ldap_id_enum_users_done, req);
+                return;
+            }
+        }
         sdap_mark_offline(state->ctx);
     }
 
@@ -268,7 +276,15 @@ static void ldap_id_enum_groups_done(struct tevent_req *subreq)
     return;
 
 fail:
-    /* always go offline on failures */
+    /* check if credentials are expired otherwise go offline on failures */
+    if (sdap_check_gssapi_reconnect(state->ctx)) {
+        talloc_zfree(state->ctx->gsh);
+        subreq = enum_groups_send(state, state->ev, state->ctx, state->purge);
+        if (subreq != NULL) {
+            tevent_req_set_callback(subreq, ldap_id_enum_groups_done, req);
+            return;
+        }
+    }
     sdap_mark_offline(state->ctx);
     DEBUG(1, ("Failed to enumerate groups (%d [%s]), retrying later!\n",
               (int)err, strerror(err)));