git.ipfire.org Git - thirdparty/samba.git/commit

author	Ralph Boehme <slow@samba.org>
	Thu, 24 Jul 2025 13:49:19 +0000 (15:49 +0200)
committer	Jule Anger <janger@samba.org>
	Fri, 22 Aug 2025 12:07:09 +0000 (12:07 +0000)
commit	e412ceaa8e9087d7afa486aae8b8426d28debc62
tree	1f11531380740b1b1373fc9d09665554794e193e	tree \| snapshot
parent	e03f233e92054a2f86017b2bdaed58a8466092cf	commit \| diff

idmap_ad: add and use ldap_timeout and fix LDAP server failover

The key parts are:

1. If an LDAP search fails with the hardcoded fatal error, remove the
retry. That would only retry the query against the same server, taken
from the DCINFO cache key. Instead, force a DC rediscovery.

2. Set a default ldap_timeout and pass it to tldap_search(). This
avoids tldap_search() hanging forever on a stale TCP connection.

3. The LDAP server idmap_ad is using is not necessarily the same DC
we're using for RPC, so in case we learn about a dead DC, put it in
the negative-conn-cache.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 4d69ec473b7be763399c9787eda8e659a1582184)

source3/winbindd/idmap_ad.c		diff \| blob \| blame \| history
source3/winbindd/wb_queryuser.c		diff \| blob \| blame \| history
source3/winbindd/wb_sids2xids.c		diff \| blob \| blame \| history
source3/winbindd/wb_xids2sids.c		diff \| blob \| blame \| history
source3/winbindd/winbindd_cm.c		diff \| blob \| blame \| history
source3/winbindd/winbindd_proto.h		diff \| blob \| blame \| history