idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN

All other ldap-querying methods in idmap_ad make a single retry attempt if they get
TLDAP_SERVER_DOWN. This patch brings idmap_ad_query_user in line with that design.

This fixes the symptom described in 12720 at the cost of an additional reconnect per
failed lookup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12720

Signed-off-by: Dustin L. Howett <dustin@howett.net>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 8c9e97bffc47106e2c6f2231f85aaaf7413fb782..315a9444a19ae16f66d1cdf899c567d31504bd99 100644 (file)
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -502,9 +502,26 @@ static NTSTATUS idmap_ad_query_user(struct idmap_domain *domain,
        return NT_STATUS_OK;
 }
 
+static NTSTATUS idmap_ad_query_user_retry(struct idmap_domain *domain,
+                                         struct wbint_userinfo *info)
+{
+       const NTSTATUS status_server_down =
+               NT_STATUS_LDAP(TLDAP_RC_V(TLDAP_SERVER_DOWN));
+       NTSTATUS status;
+
+       status = idmap_ad_query_user(domain, info);
+
+       if (NT_STATUS_EQUAL(status, status_server_down)) {
+               TALLOC_FREE(domain->private_data);
+               status = idmap_ad_query_user(domain, info);
+       }
+
+       return status;
+}
+
 static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom)
 {
-       dom->query_user = idmap_ad_query_user;
+       dom->query_user = idmap_ad_query_user_retry;
        dom->private_data = NULL;
        return NT_STATUS_OK;
 }