git.ipfire.org Git - thirdparty/samba.git/commit

author	Ralph Boehme <slow@samba.org>
	Thu, 24 Jul 2025 13:49:19 +0000 (15:49 +0200)
committer	Jule Anger <janger@samba.org>
	Fri, 22 Aug 2025 15:56:15 +0000 (15:56 +0000)
commit	8910ba21bab66be6aa200b7b80fc888a34f65dbc
tree	48c3a603f9cabf251841b3724f8c5087b2a3d5c0	tree \| snapshot
parent	236672028c1551395b26aa760db6830cbe320209	commit \| diff

idmap_ad: add and use ldap_timeout and fix LDAP server failover

The key parts are:

1. If an LDAP search fails with the hardcoded fatal error, remove the
retry. That would only retry the query against the same server, taken
from the DCINFO cache key. Instead, force a DC rediscovery.

2. Set a default ldap_timeout and pass it to tldap_search(). This
avoids tldap_search() hanging forever on a stale TCP connection.

3. The LDAP server idmap_ad is using is not necessarily the same DC
we're using for RPC, so in case we learn about a dead DC, put it in
the negative-conn-cache.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 4d69ec473b7be763399c9787eda8e659a1582184)

source3/winbindd/idmap_ad.c		diff \| blob \| blame \| history
source3/winbindd/wb_queryuser.c		diff \| blob \| blame \| history
source3/winbindd/wb_sids2xids.c		diff \| blob \| blame \| history
source3/winbindd/wb_xids2sids.c		diff \| blob \| blame \| history
source3/winbindd/winbindd_cm.c		diff \| blob \| blame \| history
source3/winbindd/winbindd_proto.h		diff \| blob \| blame \| history