From 925904b8724c50b6336c0cd17f5dbb2eb85be8a4 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Tue, 4 Nov 2014 15:59:50 +0100
Subject: [PATCH] Fix upgrade: do not use invalid ldap connection

Ticket: https://fedorahosted.org/freeipa/ticket/4670
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 ipaserver/install/ldapupdate.py           | 6 ++++++
 ipaserver/install/plugins/updateclient.py | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 6bed046d2661f48218b66c11e6f6a43c6dc0f6bf..47f0399b928b3b0da3954592d56750450454aac7 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -889,3 +889,9 @@ class LDAPUpdate:
         self._run_updates(updates)
 
         return self.modified
+
+    def close_connection(self):
+        """Close ldap connection"""
+        if self.conn:
+            self.conn.unbind()
+            self.conn = None
diff --git a/ipaserver/install/plugins/updateclient.py b/ipaserver/install/plugins/updateclient.py
index 7566b6cd807dafc3af5e7b51a1dfa68847ca91c2..8f5c5b5fdbc2b7bfec8be342ee267425c93b47cf 100644
--- a/ipaserver/install/plugins/updateclient.py
+++ b/ipaserver/install/plugins/updateclient.py
@@ -122,6 +122,9 @@ class updateclient(backend.Executioner):
         for update in self.order(updatetype):
             (restart, apply_now, res) = self.run(update.name, **kw)
             if restart:
+                # connection has to be closed before restart, otherwise
+                # ld instance will try to reuse old non-valid connection
+                ld.close_connection()
                 self.restart(dm_password, live_run)
 
             if apply_now:
-- 
2.1.0