From f6ecef4bdf8f5f99c89c0649232a230c28191869 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Fri, 7 Apr 2017 07:40:19 +0200 Subject: [PATCH] dsinstance: reconnect ldap2 after DS is restarted by certmonger DS is restarted by certmonger in the restart_dirsrv script after the DS certificate is saved. This breaks the ldap2 backend and makes any operation fail with NetworkError until it is reconnected. Reconnect ldap2 after the DS certificate request is finished to fix the issue. Make sure restart_dirsrv waits for the ldapi socket so that the reconnect does not fail. https://pagure.io/freeipa/issue/6757 Reviewed-By: Martin Babinsky --- install/restart_scripts/restart_dirsrv | 2 +- ipaserver/install/dsinstance.py | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/install/restart_scripts/restart_dirsrv b/install/restart_scripts/restart_dirsrv index b4c9490c10506aba60eee16c3f46ee7cb0474f50..ff476cac46f76d4964d39b12c04401dfc19c2d3a 100644 --- a/install/restart_scripts/restart_dirsrv +++ b/install/restart_scripts/restart_dirsrv @@ -41,7 +41,7 @@ def _main(): try: if services.knownservices.dirsrv.is_running(): - services.knownservices.dirsrv.restart(instance) + services.knownservices.dirsrv.restart(instance, ldapi=True) except Exception as e: syslog.syslog(syslog.LOG_ERR, "Cannot restart dirsrv (instance: '%s'): %s" % (instance, str(e))) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 79dc90e92cac49a2b64ff6645f75dc3a8cbcc104..fb5f925de8e658dca9370714413012527f00c39d 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -837,6 +837,10 @@ class DsInstance(service.Service): finally: certmonger.modify_ca_helper('IPA', prev_helper) + # restart_dirsrv in the request above restarts DS, reconnect ldap2 + api.Backend.ldap2.disconnect() + api.Backend.ldap2.connect() + self.dercert = dsdb.get_cert_from_db(self.nickname, pem=False) dsdb.create_pin_file() -- 2.9.3