From: Nick Porter <nick@portercomputing.co.uk>
Date: Fri, 11 Mar 2022 14:27:30 +0000 (+0000)
Subject: v4: Two small fixes for LDAP reconnect when bind fails (#4412)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed595bb656230fd779d35dfd352b4d72443acd9e;p=thirdparty%2Ffreeradius-server.git

v4: Two small fixes for LDAP reconnect when bind fails (#4412)

* Don't return members of a freed structure

* Add reconnection_delay to rlm_ldap

So that incorrect bind credentials don't result in a spinning
connection.
---

diff --git a/src/lib/ldap/state.c b/src/lib/ldap/state.c
index 92da48045cf..9f91571b54e 100644
--- a/src/lib/ldap/state.c
+++ b/src/lib/ldap/state.c
@@ -119,7 +119,10 @@ again:
 	case FR_LDAP_STATE_ERROR:
 		STATE_TRANSITION(FR_LDAP_STATE_INIT);
 		fr_connection_signal_reconnect(c->conn, FR_CONNECTION_FAILED);
-		break;
+		/*
+		 *	The old connection has been freed, so specifically return the INIT state
+		 */
+		return FR_LDAP_STATE_INIT;
 	}
 
 	return c->state;
diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index 6f069e226eb..22ed6720cf4 100644
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -185,6 +185,8 @@ static CONF_PARSER option_config[] = {
 
 	{ FR_CONF_OFFSET("idle_timeout", FR_TYPE_TIME_DELTA, rlm_ldap_t, handle_config.idle_timeout), .dflt = "300" },
 
+	{ FR_CONF_OFFSET("reconnection_delay", FR_TYPE_TIME_DELTA, rlm_ldap_t, handle_config.reconnection_delay), .dflt = "10" },
+
 	CONF_PARSER_TERMINATOR
 };