v4: Two small fixes for LDAP reconnect when bind fails (#4412)

* Don't return members of a freed structure

* Add reconnection_delay to rlm_ldap

So that incorrect bind credentials don't result in a spinning
connection.

diff --git a/src/lib/ldap/state.c b/src/lib/ldap/state.c
index 92da48045cfd6fc433dbcaaf2305fd8907fd4097..9f91571b54eac96b575d5c003896badaaa882337 100644 (file)
--- a/src/lib/ldap/state.c
+++ b/src/lib/ldap/state.c
@@ -119,7 +119,10 @@ again:
        case FR_LDAP_STATE_ERROR:
                STATE_TRANSITION(FR_LDAP_STATE_INIT);
                fr_connection_signal_reconnect(c->conn, FR_CONNECTION_FAILED);
-               break;
+               /*
+                *      The old connection has been freed, so specifically return the INIT state
+                */
+               return FR_LDAP_STATE_INIT;
        }
 
        return c->state;

diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index 6f069e226eb749b51d7259ab004ac2dc04b5c3ea..22ed6720cf4fec38b44b67a3acf0e1a7744328d1 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -185,6 +185,8 @@ static CONF_PARSER option_config[] = {
 
        { FR_CONF_OFFSET("idle_timeout", FR_TYPE_TIME_DELTA, rlm_ldap_t, handle_config.idle_timeout), .dflt = "300" },
 
+       { FR_CONF_OFFSET("reconnection_delay", FR_TYPE_TIME_DELTA, rlm_ldap_t, handle_config.reconnection_delay), .dflt = "10" },
+
        CONF_PARSER_TERMINATOR
 };