From f6ecef4bdf8f5f99c89c0649232a230c28191869 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Fri, 7 Apr 2017 07:40:19 +0200
Subject: [PATCH] dsinstance: reconnect ldap2 after DS is restarted by
certmonger
DS is restarted by certmonger in the restart_dirsrv script after the DS
certificate is saved. This breaks the ldap2 backend and makes any operation
fail with NetworkError until it is reconnected.
Reconnect ldap2 after the DS certificate request is finished to fix the
issue. Make sure restart_dirsrv waits for the ldapi socket so that the
reconnect does not fail.
https://pagure.io/freeipa/issue/6757
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
---
install/restart_scripts/restart_dirsrv | 2 +-
ipaserver/install/dsinstance.py | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/install/restart_scripts/restart_dirsrv b/install/restart_scripts/restart_dirsrv
index b4c9490c10506aba60eee16c3f46ee7cb0474f50..ff476cac46f76d4964d39b12c04401dfc19c2d3a 100644
--- a/install/restart_scripts/restart_dirsrv
+++ b/install/restart_scripts/restart_dirsrv
@@ -41,7 +41,7 @@ def _main():
try:
if services.knownservices.dirsrv.is_running():
- services.knownservices.dirsrv.restart(instance)
+ services.knownservices.dirsrv.restart(instance, ldapi=True)
except Exception as e:
syslog.syslog(syslog.LOG_ERR, "Cannot restart dirsrv (instance: '%s'): %s" % (instance, str(e)))
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 79dc90e92cac49a2b64ff6645f75dc3a8cbcc104..fb5f925de8e658dca9370714413012527f00c39d 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -837,6 +837,10 @@ class DsInstance(service.Service):
finally:
certmonger.modify_ca_helper('IPA', prev_helper)
+ # restart_dirsrv in the request above restarts DS, reconnect ldap2
+ api.Backend.ldap2.disconnect()
+ api.Backend.ldap2.connect()
+
self.dercert = dsdb.get_cert_from_db(self.nickname, pem=False)
dsdb.create_pin_file()
--
2.9.3