/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2013 The OpenLDAP Foundation.
+ * Copyright 1999-2016 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
ldap_set_option( msc->msc_ld, LDAP_OPT_REFERRALS,
META_BACK_TGT_CHASE_REFERRALS( mt ) ? LDAP_OPT_ON : LDAP_OPT_OFF );
+ slap_client_keepalive(msc->msc_ld, &mt->mt_tls.sb_keepalive);
+
#ifdef HAVE_TLS
- if ( !is_ldaps ) {
+ {
slap_bindconf *sb = NULL;
if ( ispriv ) {
ldap_set_option( msc->msc_ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx );
}
- if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) {
- do_start_tls = 1;
+ if ( !is_ldaps ) {
+ if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) {
+ do_start_tls = 1;
- } else if ( META_BACK_TGT_USE_TLS( mt )
- || ( op->o_conn->c_is_tls && META_BACK_TGT_PROPAGATE_TLS( mt ) ) )
- {
- do_start_tls = 1;
+ } else if ( META_BACK_TGT_USE_TLS( mt )
+ || ( op->o_conn->c_is_tls && META_BACK_TGT_PROPAGATE_TLS( mt ) ) )
+ {
+ do_start_tls = 1;
+ }
}
}
rc = ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
switch ( rc ) {
case -1:
- rs->sr_err = LDAP_OTHER;
+ rs->sr_err = LDAP_UNAVAILABLE;
+ rs->sr_text = "Remote server down";
break;
case 0:
goto retry;
}
rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "Timeout, no more retries";
break;
default:
} else {
rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "Unknown response to StartTLS request :"
+ " an ExtendedResponse is expected";
}
if ( res != NULL ) {
}
if ( rs->sr_err != LDAP_SUCCESS ) {
+ /* Get the error message and print it in TRACE mode */
+ if ( LogTest( LDAP_DEBUG_TRACE ) ) {
+ Log4( LDAP_DEBUG_TRACE, ldap_syslog_level, "%s: meta_back_init_one_conn[%d] failed err=%d text=%s\n",
+ op->o_log_prefix, candidate, rs->sr_err, rs->sr_text );
+ }
+
rs->sr_err = slap_map_api2result( rs );
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
LDAP_BACK_CONN_BINDING_CLEAR( msc );
}
}
- }
+ }
+#if 0 /* ITS#7591, following stmt drops needed result msgs */
/* don't send twice */
sendok &= ~LDAP_BACK_SENDERR;
+#endif
}
if ( rc != LDAP_SUCCESS ) {
mc = NULL;
} else {
- if ( ( mi->mi_conn_ttl != 0 && op->o_time > mc->mc_create_time + mi->mi_conn_ttl )
- || ( mi->mi_idle_timeout != 0 && op->o_time > mc->mc_time + mi->mi_idle_timeout ) )
+ if ( mc->mc_refcnt == 0 && (( mi->mi_conn_ttl != 0 && op->o_time > mc->mc_create_time + mi->mi_conn_ttl )
+ || ( mi->mi_idle_timeout != 0 && op->o_time > mc->mc_time + mi->mi_idle_timeout )) )
{
#if META_BACK_PRINT_CONNTREE > 0
meta_back_print_conntree( mi,
err = lerr;
if ( lerr == LDAP_UNAVAILABLE && mt->mt_isquarantined != LDAP_BACK_FQ_NO ) {
- Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d] quarantined err=%d\n",
- op->o_log_prefix, i, lerr );
+ Log4( LDAP_DEBUG_TRACE, ldap_syslog_level, "%s: meta_back_getconn[%d] quarantined err=%d text=%s\n",
+ op->o_log_prefix, i, lerr, rs->sr_text );
} else {
- Debug( LDAP_DEBUG_ANY, "%s: meta_back_getconn[%d] failed err=%d\n",
- op->o_log_prefix, i, lerr );
+ Log4( LDAP_DEBUG_ANY, ldap_syslog, "%s: meta_back_getconn[%d] failed err=%d text=%s\n",
+ op->o_log_prefix, i, lerr, rs->sr_text );
}
if ( META_BACK_ONERR_STOP( mi ) ) {