From 253f87c0c5c3bae1f0f6e392f8f8caed1475ddcb Mon Sep 17 00:00:00 2001
From: Graham Leggett <minfrin@apache.org>
Date: Fri, 27 Sep 2002 08:49:48 +0000
Subject: [PATCH] Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN
 PR: Obtained from: Submitted by:	Thomas Bennett
 <thomas.bennett@eds.com> Reviewed by:	Graham Leggett

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96988 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                              |  3 +++
 modules/experimental/mod_auth_ldap.c | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/CHANGES b/CHANGES
index 19a69c0685..219ac5c52c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 2.0.43
 
+  *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
+     [Thomas Bennett <thomas.bennett@eds.com>, Graham Leggett]
+
   *) Make sure the contents of the WWW-Authenticate header is
      passed on a 4xx error by proxy. Previously all headers
      were dropped, resulting in the browser being unable to
diff --git a/modules/experimental/mod_auth_ldap.c b/modules/experimental/mod_auth_ldap.c
index 357ae9866d..8f26f7015a 100644
--- a/modules/experimental/mod_auth_ldap.c
+++ b/modules/experimental/mod_auth_ldap.c
@@ -218,6 +218,7 @@ static apr_status_t mod_auth_ldap_cleanup_connection_close(void *param)
  */
 int mod_auth_ldap_check_user_id(request_rec *r)
 {
+    int failures = 0;
     const char **vals = NULL;
     char filtbuf[FILTER_LENGTH];
     mod_auth_ldap_config_t *sec =
@@ -243,6 +244,8 @@ int mod_auth_ldap_check_user_id(request_rec *r)
         return DECLINED;
     }
 
+start_over:
+
     /* There is a good AuthLDAPURL, right? */
     if (sec->host) {
         ldc = util_ldap_connection_find(r, sec->host, sec->port,
@@ -275,6 +278,15 @@ int mod_auth_ldap_check_user_id(request_rec *r)
                                          sec->attributes, filtbuf, sent_pw, &dn, &vals);
     util_ldap_connection_close(ldc);
 
+    /* sanity check - if server is down, retry it up to 5 times */
+    if (result == LDAP_SERVER_DOWN) {
+        util_ldap_connection_destroy(ldc);
+        if (failures++ <= 5) {
+            goto start_over;
+        }
+    }
+
+    /* handle bind failure */
     if (result != LDAP_SUCCESS) {
         ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r, 
                       "[%d] auth_ldap authenticate: "
-- 
2.40.0