Handle LDAP failures better.

--HG--
branch : HEAD

diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c
index 935a17d562d27ec6e528c2a7f2c3bf31e07ccba4..0c682536cfe5562b427cbd65f03f3682398b0ed2 100644 (file)
--- a/src/auth/db-ldap.c
+++ b/src/auth/db-ldap.c
@@ -55,6 +55,7 @@ struct ldap_settings default_ldap_settings = {
 static struct ldap_connection *ldap_connections = NULL;
 
 static int ldap_conn_open(struct ldap_connection *conn);
+static void ldap_conn_close(struct ldap_connection *conn);
 
 static int deref2str(const char *str)
 {
@@ -142,6 +143,8 @@ static void ldap_input(void *context)
                        if (ret < 0) {
                                i_error("LDAP: ldap_result() failed: %s",
                                        get_ldap_error(conn));
+                               /* reconnect */
+                               ldap_conn_close(conn);
                        }
                        return;
                }
@@ -195,8 +198,13 @@ static int ldap_conn_open(struct ldap_connection *conn)
           until it's done. */
        ret = ldap_simple_bind_s(conn->ld, conn->set.dn, conn->set.dnpass);
        if (ret != LDAP_SUCCESS) {
-               i_error("LDAP: ldap_simple_bind_s() failed: %s",
-                       ldap_err2string(ret));
+               if (ret == LDAP_SERVER_DOWN) {
+                       i_error("LDAP: Can't connect to server: %s",
+                               conn->set.hosts);
+               } else {
+                       i_error("LDAP: ldap_simple_bind_s() failed: %s",
+                               ldap_err2string(ret));
+               }
                return FALSE;
        }
 

diff --git a/src/auth/passdb-ldap.c b/src/auth/passdb-ldap.c
index 8011400f8e3f13cf23e4ed6da7d2d5e810546427..be606dadd1a3c0bb4abda46d6f1d11fd0b0e388f 100644 (file)
--- a/src/auth/passdb-ldap.c
+++ b/src/auth/passdb-ldap.c
@@ -66,10 +66,11 @@ static void handle_request(struct ldap_connection *conn,
 
        password = NULL;
 
-       entry = ldap_first_entry(conn->ld, res);
-       if (entry == NULL)
-               i_error("ldap(%s): unknown user", user);
-       else {
+       entry = res == NULL ? NULL : ldap_first_entry(conn->ld, res);
+       if (entry == NULL) {
+               if (res != NULL)
+                       i_error("ldap(%s): unknown user", user);
+       } else {
                attr = ldap_first_attribute(conn->ld, entry, &ber);
                while (attr != NULL) {
                        vals = ldap_get_values(conn->ld, entry, attr);

diff --git a/src/auth/userdb-ldap.c b/src/auth/userdb-ldap.c
index 70c508df8e007bbbb9400b8e13b4f5841bdbd3d9..fd755717c5cf09e0aac563ab6260863843a3c4cd 100644 (file)
--- a/src/auth/userdb-ldap.c
+++ b/src/auth/userdb-ldap.c
@@ -97,9 +97,10 @@ static void handle_request(struct ldap_connection *conn,
        BerElement *ber;
        char *attr, **vals;
 
-       entry = ldap_first_entry(conn->ld, res);
+       entry = res == NULL ? NULL : ldap_first_entry(conn->ld, res);
        if (entry == NULL) {
-               i_error("LDAP: ldap_first_entry failed()");
+               if (res != NULL)
+                       i_error("LDAP: Authenticated user not found");
                urequest->userdb_callback(NULL, request->context);
                return;
        }