Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
openldap2.22971
0235-ITS-9468-summarize-discussion-about-rebind...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0235-ITS-9468-summarize-discussion-about-rebind-as-user.patch of Package openldap2.22971
From a7de38dac0e3e4686637f26d168f4c95db9ad673 Mon Sep 17 00:00:00 2001 From: Tero Saarni <tero.saarni@est.tech> Date: Mon, 10 May 2021 21:41:02 +0300 Subject: [PATCH 235/238] ITS#9468 summarize discussion about rebind-as-user --- servers/slapd/back-ldap/bind.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index 3b46caaa7..8e77e3a60 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -1500,6 +1500,7 @@ retry:; * This can happen when connection to remote server has been * lost either due to remote server disconnecting it or due to * proxy disconnecting it by itself (idle-timeout, conn-ttl). + * See comment in ldap_back_conn_prune(). */ if ( !BER_BVISNULL( &lc->lc_bound_ndn ) && !BER_BVISEMPTY( &lc->lc_bound_ndn ) ) { Debug( LDAP_DEBUG_ANY, @@ -3098,6 +3099,22 @@ ldap_back_conn_expire_time( ldapinfo_t *li, ldapconn_t *lc) { return -1; } +/* + * Iterate though connections and close those that are pass the expiry time. + * Also calculate the time for next connection to to expire. + * + * Note: + * When the client sends a request after remote connection is pruned, a new + * connection is created but bind cannot be replayed even if "rebind-as-user" + * was set to "yes". The client credentials are stored in ldapconn_t and lost + * when the connection is freed. + * + * LDAP_DISCONNECT is sent to signal the client that it needs to reconnect to + * the proxy and rebind itself (see "Bind is requested with DN but without + * credentials" in ldap_back_dobind_int()). Better implementation would not + * free ldapconn_t but instead just close the socket. This is not implemented + * currently as it is considerable work for what is assumed to be a corner case. + */ static void ldap_back_conn_prune( ldapinfo_t *li ) { @@ -3106,10 +3123,6 @@ ldap_back_conn_prune( ldapinfo_t *li ) TAvlnode *edge; int c; - /* - * Iterate though connections and close those that are pass the expiry time. - * Also calculate the time for next connection to to expire. - */ ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex ); for ( c = LDAP_BACK_PCONN_FIRST; c < LDAP_BACK_PCONN_LAST; c++ ) { -- 2.32.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor