Commit 650caac2 authored by Tero Saarni's avatar Tero Saarni
Browse files

ITS#9468 summarize discussion about rebind-as-user

parent a6ef8b3d
Pipeline #2644 passed with stage
in 61 minutes and 31 seconds
......@@ -1487,6 +1487,7 @@ retry:;
* This can happen when connection to remote server has been
* lost either due to remote server disconnecting it or due to
* proxy disconnecting it by itself (idle-timeout, conn-ttl).
* See comment in ldap_back_conn_prune().
*/
if ( !BER_BVISNULL( &lc->lc_bound_ndn ) && !BER_BVISEMPTY( &lc->lc_bound_ndn ) ) {
Debug( LDAP_DEBUG_ANY,
......@@ -3090,6 +3091,22 @@ ldap_back_conn_expire_time( ldapinfo_t *li, ldapconn_t *lc) {
return -1;
}
/*
* Iterate though connections and close those that are pass the expiry time.
* Also calculate the time for next connection to to expire.
*
* Note:
* When the client sends a request after remote connection is pruned, a new
* connection is created but bind cannot be replayed even if "rebind-as-user"
* was set to "yes". The client credentials are stored in ldapconn_t and lost
* when the connection is freed.
*
* LDAP_DISCONNECT is sent to signal the client that it needs to reconnect to
* the proxy and rebind itself (see "Bind is requested with DN but without
* credentials" in ldap_back_dobind_int()). Better implementation would not
* free ldapconn_t but instead just close the socket. This is not implemented
* currently as it is considerable work for what is assumed to be a corner case.
*/
static void
ldap_back_conn_prune( ldapinfo_t *li )
{
......@@ -3098,10 +3115,6 @@ ldap_back_conn_prune( ldapinfo_t *li )
TAvlnode *edge;
int c;
/*
* Iterate though connections and close those that are pass the expiry time.
* Also calculate the time for next connection to to expire.
*/
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
for ( c = LDAP_BACK_PCONN_FIRST; c < LDAP_BACK_PCONN_LAST; c++ ) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment