adding max_down_retries for #136 and #51

main
dkiser 8 years ago
parent b809421604
commit 94462bf74f
  1. 13
      README.md
  2. 31
      ngx_http_auth_ldap_module.c

@ -97,6 +97,19 @@ expected value: valid_user, user, group
## satisfy ## satisfy
expected value: all, any expected value: all, any
## max_down_retries_count
expected value: a number, default 0
Retry count for attempting to reconnect to an LDAP server if it is considered
"DOWN". This may happen if a KEEP-ALIVE connection to an LDAP server times
out or is terminated by the server end after some amount of time.
This can usually help with the following error:
```
http_auth_ldap: ldap_result() failed (-1: Can't contact LDAP server)
```
## connections ## connections
expected value: a number greater than 0 expected value: a number greater than 0

@ -91,6 +91,8 @@ typedef struct {
ngx_flag_t referral; ngx_flag_t referral;
ngx_uint_t connections; ngx_uint_t connections;
ngx_uint_t max_down_retries;
ngx_uint_t max_down_retries_count;
ngx_msec_t connect_timeout; ngx_msec_t connect_timeout;
ngx_msec_t reconnect_timeout; ngx_msec_t reconnect_timeout;
ngx_msec_t bind_timeout; ngx_msec_t bind_timeout;
@ -205,6 +207,7 @@ static ngx_int_t ngx_http_auth_ldap_init(ngx_conf_t *cf);
static ngx_int_t ngx_http_auth_ldap_init_cache(ngx_cycle_t *cycle); static ngx_int_t ngx_http_auth_ldap_init_cache(ngx_cycle_t *cycle);
static void ngx_http_auth_ldap_close_connection(ngx_http_auth_ldap_connection_t *c); static void ngx_http_auth_ldap_close_connection(ngx_http_auth_ldap_connection_t *c);
static void ngx_http_auth_ldap_read_handler(ngx_event_t *rev); static void ngx_http_auth_ldap_read_handler(ngx_event_t *rev);
static void ngx_http_auth_ldap_reconnect_handler(ngx_event_t *);
static ngx_int_t ngx_http_auth_ldap_init_connections(ngx_cycle_t *cycle); static ngx_int_t ngx_http_auth_ldap_init_connections(ngx_cycle_t *cycle);
static ngx_int_t ngx_http_auth_ldap_handler(ngx_http_request_t *r); static ngx_int_t ngx_http_auth_ldap_handler(ngx_http_request_t *r);
static ngx_int_t ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t *ctx, static ngx_int_t ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t *ctx,
@ -409,6 +412,13 @@ ngx_http_auth_ldap_ldap_server(ngx_conf_t *cf, ngx_command_t *dummy, void *conf)
return ngx_http_auth_ldap_parse_satisfy(cf, server); return ngx_http_auth_ldap_parse_satisfy(cf, server);
} else if (ngx_strcmp(value[0].data, "referral") == 0) { } else if (ngx_strcmp(value[0].data, "referral") == 0) {
return ngx_http_auth_ldap_parse_referral(cf, server); return ngx_http_auth_ldap_parse_referral(cf, server);
} else if (ngx_strcmp(value[0].data, "max_down_retries") == 0) {
i = ngx_atoi(value[1].data, value[1].len);
if (i == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: 'max_down_retries' value must be an integer: using default of 0");
i = 0;
}
server->max_down_retries = i;
} else if (ngx_strcmp(value[0].data, "connections") == 0) { } else if (ngx_strcmp(value[0].data, "connections") == 0) {
i = ngx_atoi(value[1].data, value[1].len); i = ngx_atoi(value[1].data, value[1].len);
if (i == NGX_ERROR || i == 0) { if (i == NGX_ERROR || i == 0) {
@ -1499,6 +1509,25 @@ ngx_http_auth_ldap_read_handler(ngx_event_t *rev)
ngx_log_error(NGX_LOG_ERR, c->log, 0, "http_auth_ldap: ldap_result() failed (%d: %s)", ngx_log_error(NGX_LOG_ERR, c->log, 0, "http_auth_ldap: ldap_result() failed (%d: %s)",
rc, ldap_err2string(rc)); rc, ldap_err2string(rc));
ngx_http_auth_ldap_close_connection(c); ngx_http_auth_ldap_close_connection(c);
// if LDAP_SERVER_DOWN (usually timeouts or server disconnects)
if (rc == LDAP_SERVER_DOWN && \
c->server->max_down_retries_count < c->server->max_down_retries) {
/**
update counter (this is always reset in
ngx_http_auth_ldap_connect() for a successful ldap
connection
**/
c->server->max_down_retries_count++;
ngx_log_error(NGX_LOG_ERR, c->log, 0, "http_auth_ldap: LDAP_SERVER_DOWN: retry count: %d",
c->server->max_down_retries_count);
c->state = STATE_DISCONNECTED;
// immediate reconnect synchronously, this schedules another
// timer call to this read handler again
ngx_http_auth_ldap_reconnect_handler(rev);
return;
}
return; return;
} }
if (rc == 0) { if (rc == 0) {
@ -1638,7 +1667,7 @@ ngx_http_auth_ldap_connect(ngx_http_auth_ldap_connection_t *c)
ngx_add_timer(conn->read, c->server->connect_timeout); ngx_add_timer(conn->read, c->server->connect_timeout);
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "http_auth_ldap: connect_timeout=%d.", c->server->connect_timeout); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "http_auth_ldap: connect_timeout=%d.", c->server->connect_timeout);
c->server->max_down_retries_count = 0; /* reset retries count */
c->state = STATE_CONNECTING; c->state = STATE_CONNECTING;
} }

Loading…
Cancel
Save