ITS#10227 Asyncmeta will not reset a connection if a bind operation fails with LDAP_O...

diff --git a/servers/slapd/back-asyncmeta/bind.c b/servers/slapd/back-asyncmeta/bind.c
index f0dc2a6f39c85bb70d5f0c888272258c39ca0f05..feebf44780ae38aa709ea1d863281e653d56208b 100644 (file)
--- a/servers/slapd/back-asyncmeta/bind.c
+++ b/servers/slapd/back-asyncmeta/bind.c
@@ -851,18 +851,29 @@ asyncmeta_back_proxy_authz_cred(
                                mt->mt_idassert_sasl_mech.bv_val, NULL, NULL,
                                LDAP_SASL_QUIET, lutil_sasl_interact,
                                defaults );
-
                /* restore the old timeout just in case */
                ldap_set_option( msc->msc_ld, LDAP_OPT_TIMEOUT, (void *)&old_tv );
 
                rs->sr_err = slap_map_api2result( rs );
                if ( rs->sr_err != LDAP_SUCCESS ) {
+                       char *xtext = NULL;
+                       rs->sr_text = "Failure to execute SASL bind to remote target.";
+                       ldap_get_option( msc->msc_ld,
+                                                        LDAP_OPT_DIAGNOSTIC_MESSAGE, &xtext );
+                       if ( xtext != NULL && xtext [ 0 ] == '\0' ) {
+                               ldap_memfree( xtext );
+                               xtext = NULL;
+                       }
+
                        if ( LogTest( asyncmeta_debug ) ) {
                                char    time_buf[ SLAP_TEXT_BUFLEN ];
                                asyncmeta_get_timestamp(time_buf);
-                               Debug( asyncmeta_debug, "[%s] asyncmeta_back_proxy_authz_cred failed bind msc: %p\n",
-                                     time_buf, msc );
+                               Debug( asyncmeta_debug, "[%s] asyncmeta_back_proxy_authz_cred failed bind msc: %p with message %s\n",
+                                          time_buf, msc,  (xtext ? xtext : "") );
                        }
+                       if ( xtext )
+                               ldap_memfree( xtext );
+
                        LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
                        if ( sendok & LDAP_BACK_SENDERR ) {
                                send_ldap_result( op, rs );
@@ -1701,10 +1712,13 @@ asyncmeta_dobind_init_with_retry(Operation *op, SlapReply *rs, bm_context_t *bc,
 retry_dobind:
        ldap_pvt_thread_mutex_lock( &mc->mc_om_mutex );
        rc = asyncmeta_dobind_init(op, rs, bc, mc, candidate);
-       if (rs->sr_err != LDAP_UNAVAILABLE && rs->sr_err != LDAP_BUSY) {
+       if (rs->sr_err != LDAP_UNAVAILABLE &&
+               rs->sr_err != LDAP_BUSY &&
+               rs->sr_err != LDAP_OTHER ) {
                ldap_pvt_thread_mutex_unlock( &mc->mc_om_mutex );
                return rc;
-       } else if (bc->nretries[candidate] == 0) {
+       } else if ( bc->nretries[candidate] == 0 ||
+                               rs->sr_err == LDAP_OTHER ) {
                char    buf[ SLAP_TEXT_BUFLEN ];
                snprintf( buf, sizeof( buf ), "called from %s:%d", __FILE__, __LINE__ );
                asyncmeta_reset_msc(NULL, mc, candidate, 0, buf);