sdap: defer libldap global options setup to first connection#8709
sdap: defer libldap global options setup to first connection#8709alexey-tikhonov wants to merge 1 commit into
Conversation
alexey-tikhonov
added
no-backport
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors the initialization of global LDAP options by consolidating calls to setup_ldap_debug and setup_tls_config into a single function, sdap_setup_libldap_global_options, which is now called once during the connection process. This change affects the AD, IPA, and LDAP providers. Feedback suggests adding a NULL check for the basic_opts parameter in the new function to improve robustness and prevent potential null pointer dereferences.
During initialization LDAP/AD/IPA backends unconditionally call `setup_tls_config()` and `setup_ldap_debug()` that call `ldap_set_option()`. This triggers `ldap_int_initialize()` -> `getaddrinfo(local_hostname)`. If DNS is unresponsive, this blocks and the backend doesn't complete initialization in time, so that 'monitor' terminates the entire SSSD. Move these calls out of the module init path into a new `sdap_setup_libldap_global_options()` wrapper guarded by a static bool. Call it from `sdap_connect_send()` just before `sss_ldap_init_send()`, which is the single entry point for all LDAP connections. :fixes:Fixed an issue where SSSD fails to start when DNS is unresponsive. Assisted-By: Claude Code (Opus 4.6)
alexey-tikhonov
force-pushed
the
openldap-init
branch
from
166b457 to
7ac8608
Compare
alexey-tikhonov
added
coverity
|
Hi, thank you for the change. Why did you set bye, |
alexey-tikhonov
added
backport-to-sssd-2-13
and removed
no-backport
I missed sssd-2-13 by a mistake, thank you.
This will happen naturally during https://github.com/SSSD/sssd/tree/failover rebase |
3 participants
During initialization LDAP/AD/IPA backends unconditionally call
setup_tls_config()andsetup_ldap_debug()that callldap_set_option(). This triggersldap_int_initialize()->getaddrinfo(local_hostname). If DNS is unresponsive, this blocks and the backend doesn't complete initialization in time, so that 'monitor' terminates the entire SSSD.Move these calls out of the module init path into a new
sdap_setup_libldap_global_options()wrapper guarded by a static bool. Call it fromsdap_connect_send()just beforesss_ldap_init_send(), which is the single entry point for all LDAP connections.:fixes:Fixed an issue where SSSD fails to start when DNS is unresponsive.
Assisted-By: Claude Code (Opus 4.6)