dsinstance: reconnect ldap2 after DS is restarted by certmonger

DS is restarted by certmonger in the restart_dirsrv script after the DS certificate is saved. This breaks the ldap2 backend and makes any operation fail with NetworkError until it is reconnected. Reconnect ldap2 after the DS certificate request is finished to fix the issue. Make sure restart_dirsrv waits for the ldapi socket so that the reconnect does not fail. https://pagure.io/freeipa/issue/6757 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-04-07 07:40:19 +02:00 · 2017-04-07 07:40:19 +02:00 · b189be12ec
commit b189be12ec
parent 342dccea47
2 changed files with 5 additions and 1 deletions
--- a/install/restart_scripts/restart_dirsrv
+++ b/install/restart_scripts/restart_dirsrv
@ -41,7 +41,7 @@ def _main():

    try:
        if services.knownservices.dirsrv.is_running():
-            services.knownservices.dirsrv.restart(instance)
+            services.knownservices.dirsrv.restart(instance, ldapi=True)
    except Exception as e:
        syslog.syslog(syslog.LOG_ERR, "Cannot restart dirsrv (instance: '%s'): %s" % (instance, str(e)))

--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@ -837,6 +837,10 @@ class DsInstance(service.Service):
            finally:
                certmonger.modify_ca_helper('IPA', prev_helper)

+            # restart_dirsrv in the request above restarts DS, reconnect ldap2
+            api.Backend.ldap2.disconnect()
+            api.Backend.ldap2.connect()
+
            self.dercert = dsdb.get_cert_from_db(self.nickname, pem=False)

        dsdb.create_pin_file()