From: Alan T. DeKok <aland@freeradius.org>
Date: Sun, 29 Apr 2012 13:17:09 +0000 (+0200)
Subject: Added "modules.ldap.fail" for trigger
X-Git-Tag: release_3_0_0_beta0~214
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa1bb99f6b5be8401f5799eac39ce81d161689d5;p=thirdparty%2Ffreeradius-server.git

Added "modules.ldap.fail" for trigger
---

diff --git a/raddb/trigger.conf b/raddb/trigger.conf
index 6919e2ec486..12b9639811e 100644
--- a/raddb/trigger.conf
+++ b/raddb/trigger.conf
@@ -177,6 +177,19 @@ trigger {
 	#  module.  You can have module-specific triggers, by placing a
 	#  "trigger" subsection in the module configuration.
 	modules {
+		# The LDAP module
+		ldap {
+			# Common arguments
+			args = "radiusdModuleName s ldap' radiusdModuleInstance s ''"
+
+			# Failed to open a new connection to the DB
+			fail = "${snmptrap}::serverModuleConnectionFail ${args}"
+
+			# There are no "open", "close", or "none" setting.
+			# This is because the LDAP module re-connects and closes
+			# the connection for every "bind as user" query.
+		}
+
 		# The SQL module
 		sql {
 			# Common arguments
@@ -211,6 +224,7 @@ trigger {
 # home_server.zombie
 # home_server_pool.fallback
 # home_server_pool.normal
+# modules.ldap.fail
 # modules.sql.close
 # modules.sql.fail
 # modules.sql.none
diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index 91d367a971e..19ef5713718 100644
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -122,6 +122,7 @@ typedef struct ldap_conn {
 } LDAP_CONN;
 
 typedef struct {
+	CONF_SECTION   *cs;
 	char           *server;
 	int             port;
 	int             timelimit;
@@ -436,6 +437,7 @@ ldap_instantiate(CONF_SECTION * conf, void **instance)
 	memset(inst, 0, sizeof(*inst));
 	inst->chase_referrals = 2; /* use OpenLDAP defaults */
 	inst->rebind = 2;
+	inst->cs = conf;
 
 	if (cf_section_parse(conf, inst, module_config) < 0) {
 		free(inst);
@@ -2223,6 +2225,7 @@ static LDAP *ldap_connect(void *instance, const char *dn, const char *password,
 #ifdef HAVE_LDAP_INITIALIZE
 		DEBUG("  [%s] (re)connect to %s, authentication %d", inst->xlat_name, inst->server, auth);
 		if (ldap_initialize(&ld, inst->server) != LDAP_SUCCESS) {
+			exec_trigger(NULL, inst->cs, "modules.ldap.fail");
 			radlog(L_ERR, "  [%s] ldap_initialize() failed", inst->xlat_name);
 			*result = RLM_MODULE_FAIL;
 			return (NULL);
@@ -2231,11 +2234,13 @@ static LDAP *ldap_connect(void *instance, const char *dn, const char *password,
 	} else {
 		DEBUG("  [%s] (re)connect to %s:%d, authentication %d", inst->xlat_name, inst->server, inst->port, auth);
 		if ((ld = ldap_init(inst->server, inst->port)) == NULL) {
+			exec_trigger(NULL, inst->cs, "modules.ldap.fail");
 			radlog(L_ERR, "  [%s] ldap_init() failed", inst->xlat_name);
 			*result = RLM_MODULE_FAIL;
 			return (NULL);
 		}
 	}
+
 	tv.tv_sec = inst->net_timeout;
 	tv.tv_usec = 0;
 	if (ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT,
@@ -2425,6 +2430,7 @@ static LDAP *ldap_connect(void *instance, const char *dn, const char *password,
 			       ldap_err2string(ldap_errno));
 			*result = RLM_MODULE_FAIL;
 			ldap_unbind_s(ld);
+			exec_trigger(NULL, inst->cs, "modules.ldap.fail");
 			return (NULL);
 		}
 	}