On Wed, May 11, 2016 at 10:24:10AM +0200, Pavel Březina wrote:
> On 05/10/2016 04:00 PM, Jakub Hrozek wrote:
> > On Thu, Apr 21, 2016 at 02:54:21PM +0200, Pavel Březina wrote:
> > > We can fail in sasl_bind_send() with ERR_AUTH_FAILED for basically
> > > unspecified reason but we do not failover to next server. This patch
should
> > > fix it.
> > >
> > > As said on the meeting, I didn't reproduce it and I'm not sure if
it will
> > > fix the customer issue unless they confirm it, but it seems to be a valid
> > > patch anyway.
> >
> > > From c9e3bf2726d9edba3cddc91c4ae98a87a5c1652a Mon Sep 17 00:00:00 2001
> > > From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina(a)redhat.com>
> > > Date: Wed, 6 Apr 2016 13:20:59 +0200
> > > Subject: [PATCH 1/2] Inform about (un)successful connection
> > >
> > > ---
> > > src/providers/ldap/sdap_async_connection.c | 5 +++++
> > > 1 file changed, 5 insertions(+)
> > >
> > > diff --git a/src/providers/ldap/sdap_async_connection.c
b/src/providers/ldap/sdap_async_connection.c
> > > index
f9074afb0c1340c7c2a50d4df0021eee4ae0d076..435cb1bb6864b516d386fafa360d062f780b5d04 100644
> > > --- a/src/providers/ldap/sdap_async_connection.c
> > > +++ b/src/providers/ldap/sdap_async_connection.c
> > > @@ -2035,6 +2035,9 @@ int sdap_cli_connect_recv(struct tevent_req *req,
> > > if (tevent_req_is_error(req, &tstate, &err)) {
> > > /* mark the server as bad if connection failed */
> > > if (state->srv) {
> > > + DEBUG(SSSDBG_OP_FAILURE, "Unable to establish connection
"
> > > + "[%d]: %s\n", err, sss_strerror(err));
> > > +
> >
> > In file included from /sssd/src/util/util.h:54:0,
> > from /sssd/src/providers/ldap/sdap_async_connection.c:26:
> > /sssd/src/providers/ldap/sdap_async_connection.c: In function
'sdap_cli_connect_recv':
> > /sssd/src/providers/ldap/sdap_async_connection.c:2038:38: warning: format
'%d' expects argument of type 'int', but argument 6 has type 'uint64_t
{aka long unsigned int}' [-Wformat=]
> > DEBUG(SSSDBG_OP_FAILURE, "Unable to establish connection
"
> > ^
> > /sssd/src/util/debug.h:108:22: note: in definition of macro 'DEBUG'
> > format, ##__VA_ARGS__); \
>
> Fixed.
>
> > ^
> >
> > > be_fo_set_port_status(state->be,
state->service->name,
> > > state->srv, PORT_NOT_WORKING);
> > > } else {
> > > @@ -2048,6 +2051,8 @@ int sdap_cli_connect_recv(struct tevent_req *req,
> > > }
> > > return EIO;
> > > } else if (state->srv) {
> > > + DEBUG(SSSDBG_TRACE_FUNC, "Connection established.\n");
> > > +
> > > be_fo_set_port_status(state->be, state->service->name,
> > > state->srv, PORT_WORKING);
> > > }
> > > --
> > > 2.1.0
> > >
> >
> > > From 8d6f024ac77ddb8dc87d7fd693cfe5846f3a88d6 Mon Sep 17 00:00:00 2001
> > > From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina(a)redhat.com>
> > > Date: Wed, 6 Apr 2016 13:21:21 +0200
> > > Subject: [PATCH 2/2] Failover to next server if authentication fails
> >
> > I was only able to test this patch 'synthetically', by setting ret to
the
> > ERR_AUTH_FAILED value. But then it seemed to do the right thing, so ACK.
>
> Here as well.
>
ACK.
CI is still running. I filed
https://fedorahosted.org/sssd/ticket/3010 to track this issue..
master:
8eb4a1f773b6c2246b0a6c6e3c3b8ef4d79c9ca6
73dd89c3fb361dab43b4802510f4c64d282dbde1