On Wed, Mar 07, 2012 at 05:48:45PM +0100, Jakub Hrozek wrote:
The yesterday's fail over patch broke the IPA provider.. The IPA
provider
is a special case because it uses fail over port 0 for both LDAP and
Kerberos. That is done to make sure that we never connect to LDAP port on
one host and Kerberos port on a different host.
However, the cycle detection in fail over tripped over this because when
performing a GSSAPI bind, we first request a server with port 0 to get
the LDAP server and before we can mark the server status (or go
offline), we also need to resolve the KDC, which, from fail over point
of view is also running on port 0...
The attached patch adds a boolean parameter to be_resolve_server_send()
and only performs the cycle check if the parameter is false, that is,
when requesting another server during the same operation.
Jan spotted I was assigning the same callback for a kpasswd resolve
request twice. New patch is attached.