ac7d03
From f6ecef4bdf8f5f99c89c0649232a230c28191869 Mon Sep 17 00:00:00 2001
ac7d03
From: Jan Cholasta <jcholast@redhat.com>
ac7d03
Date: Fri, 7 Apr 2017 07:40:19 +0200
ac7d03
Subject: [PATCH] dsinstance: reconnect ldap2 after DS is restarted by
ac7d03
 certmonger
ac7d03
ac7d03
DS is restarted by certmonger in the restart_dirsrv script after the DS
ac7d03
certificate is saved. This breaks the ldap2 backend and makes any operation
ac7d03
fail with NetworkError until it is reconnected.
ac7d03
ac7d03
Reconnect ldap2 after the DS certificate request is finished to fix the
ac7d03
issue. Make sure restart_dirsrv waits for the ldapi socket so that the
ac7d03
reconnect does not fail.
ac7d03
ac7d03
https://pagure.io/freeipa/issue/6757
ac7d03
ac7d03
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
ac7d03
---
ac7d03
 install/restart_scripts/restart_dirsrv | 2 +-
ac7d03
 ipaserver/install/dsinstance.py        | 4 ++++
ac7d03
 2 files changed, 5 insertions(+), 1 deletion(-)
ac7d03
ac7d03
diff --git a/install/restart_scripts/restart_dirsrv b/install/restart_scripts/restart_dirsrv
ac7d03
index b4c9490c10506aba60eee16c3f46ee7cb0474f50..ff476cac46f76d4964d39b12c04401dfc19c2d3a 100644
ac7d03
--- a/install/restart_scripts/restart_dirsrv
ac7d03
+++ b/install/restart_scripts/restart_dirsrv
ac7d03
@@ -41,7 +41,7 @@ def _main():
ac7d03
 
ac7d03
     try:
ac7d03
         if services.knownservices.dirsrv.is_running():
ac7d03
-            services.knownservices.dirsrv.restart(instance)
ac7d03
+            services.knownservices.dirsrv.restart(instance, ldapi=True)
ac7d03
     except Exception as e:
ac7d03
         syslog.syslog(syslog.LOG_ERR, "Cannot restart dirsrv (instance: '%s'): %s" % (instance, str(e)))
ac7d03
 
ac7d03
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
ac7d03
index 79dc90e92cac49a2b64ff6645f75dc3a8cbcc104..fb5f925de8e658dca9370714413012527f00c39d 100644
ac7d03
--- a/ipaserver/install/dsinstance.py
ac7d03
+++ b/ipaserver/install/dsinstance.py
ac7d03
@@ -837,6 +837,10 @@ class DsInstance(service.Service):
ac7d03
             finally:
ac7d03
                 certmonger.modify_ca_helper('IPA', prev_helper)
ac7d03
 
ac7d03
+            # restart_dirsrv in the request above restarts DS, reconnect ldap2
ac7d03
+            api.Backend.ldap2.disconnect()
ac7d03
+            api.Backend.ldap2.connect()
ac7d03
+
ac7d03
             self.dercert = dsdb.get_cert_from_db(self.nickname, pem=False)
ac7d03
 
ac7d03
         dsdb.create_pin_file()
ac7d03
-- 
ac7d03
2.9.3
ac7d03