> From: Gilles Chehade
> Sent: Wednesday, May 23, 2018 1:20 PM
>
> That's bad but could easily be fixed if you want to help us
So I dropped in the latest table-ldap from git, and it still failed
authentications after an LDAP server outage. It looks like the check is only
in the table_ldap_check function? I'm not sure what that's for, but it
doesn't seem to be called at all when doing authentication. I added a
similar check into the table_ldap_lookup function, and also had to reorder
the functions in the file a bit due to errors like this:
table_ldap.c:92:15: warning: implicit declaration of function 'ldap_open' is
invalid in C99
[-Wimplicit-function-declaration]
Afterwards, opensmtpd successfully reconnected to LDAP and performed
authentication after an LDAP outage :).
users[14726]: debug: table_ldap: ldap_query:
filter=(&(objectClass=uidObject)(uid=henson)), ret=0
users[14726]: debug: table-ldap: reconnecting
users[14726]: info: table-ldap: closed previous connection
users[14726]: debug: ldap server accepted credentials
users[14726]: debug: table_ldap: ldap_query:
filter=(&(objectClass=uidObject)(uid=henson)), ret=1
Here's what my changes currently are. I can submit a pull request on github
if you'd like. Thanks.
diff --git a/extras/tables/table-ldap/table_ldap.c
b/extras/tables/table-ldap/table_ldap.c
index 88c9ffd..9d20526 100644
--- a/extras/tables/table-ldap/table_ldap.c
+++ b/extras/tables/table-ldap/table_ldap.c
@@ -74,45 +74,6 @@ table_ldap_update(void)
return 1;
}
-static int
-table_ldap_check(int service, struct dict *params, const char *key)
-{
- int ret;
-
- switch(service) {
- case K_ALIAS:
- case K_DOMAIN:
- case K_CREDENTIALS:
- case K_USERINFO:
- case K_MAILADDR:
- if ((ret = ldap_run_query(service, key, NULL, 0)) >= 0) {
- return ret;
- }
- log_debug("debug: table-ldap: reconnecting");
- if (!(ret = ldap_open())) {
- log_warnx("warn: table-ldap: failed to connect");
- }
- return ret;
- default:
- return -1;
- }
-}
-
-static int
-table_ldap_lookup(int service, struct dict *params, const char *key, char
*dst, size_t sz)
-{
- switch(service) {
- case K_ALIAS:
- case K_DOMAIN:
- case K_CREDENTIALS:
- case K_USERINFO:
- case K_MAILADDR:
- return ldap_run_query(service, key, dst, sz);
- default:
- return -1;
- }
-}
-
static int
table_ldap_fetch(int service, struct dict *params, char *dst, size_t sz)
{
@@ -361,6 +322,32 @@ err:
return 0;
}
+static int
+table_ldap_lookup(int service, struct dict *params, const char *key, char
*dst, size_t sz)
+{
+ int ret;
+
+ switch(service) {
+ case K_ALIAS:
+ case K_DOMAIN:
+ case K_CREDENTIALS:
+ case K_USERINFO:
+ case K_MAILADDR:
+ if ((ret = ldap_run_query(service, key, dst, sz)) > 0) {
+ return ret;
+ }
+ log_debug("debug: table-ldap: reconnecting");
+ if (!(ret = ldap_open())) {
+ log_warnx("warn: table-ldap: failed to connect");
+ return ret;
+ }
+ return ldap_run_query(service, key, dst, sz);
+ default:
+ return -1;
+ }
+}
+
+
static int
ldap_query(const char *filter, char **attributes, char ***outp, size_t n)
{
@@ -498,6 +485,31 @@ end:
return ret;
}
+static int
+table_ldap_check(int service, struct dict *params, const char *key)
+{
+ int ret;
+
+ switch(service) {
+ case K_ALIAS:
+ case K_DOMAIN:
+ case K_CREDENTIALS:
+ case K_USERINFO:
+ case K_MAILADDR:
+ if ((ret = ldap_run_query(service, key, NULL, 0)) >= 0) {
+ return ret;
+ }
+ log_debug("debug: table-ldap: reconnecting");
+ if (!(ret = ldap_open())) {
+ log_warnx("warn: table-ldap: failed to connect");
+ }
+ return ret;
+ default:
+ return -1;
+ }
+}
+
+
int
main(int argc, char **argv)
{
