1 autofs-5.0.4 - use srv query for domain dn
3 From: Ian Kent <raven@themaw.net>
5 Add the ability to use a domain dn in the LDAP_URI configuration
6 entry. If a domain dn is encountered in the LDAP_URI the list of
7 servers will be queried and used for the LDAP connection. The list
8 won't be queried again until the minimum ttl found in the SRV RR
9 records is reached or, if ttl isn't given in any SRV RR records,
14 include/dclist.h | 14 +
15 include/lookup_ldap.h | 3
16 man/auto.master.5.in | 8
18 modules/dclist.c | 785 ++++++++++++++++++++++++++++++++++++++++
19 modules/lookup_ldap.c | 86 ++++
20 redhat/autofs.sysconfig.in | 11 +
21 samples/autofs.conf.default.in | 11 +
22 9 files changed, 911 insertions(+), 13 deletions(-)
23 create mode 100644 include/dclist.h
24 create mode 100644 modules/dclist.c
27 diff --git a/CHANGELOG b/CHANGELOG
28 index 5000f0c..f49784a 100644
32 - dont fail on ipv6 address when adding host.
33 - always read file maps multi map fix.
34 - always read file maps key lookup fixes.
35 +- use srv query for domain dn.
37 4/11/2008 autofs-5.0.4
38 -----------------------
39 diff --git a/include/dclist.h b/include/dclist.h
41 index 0000000..ed89f97
43 +++ b/include/dclist.h
48 +#include <sys/types.h>
55 +struct dclist *get_dc_list(unsigned int logopt, const char *uri);
56 +void free_dclist(struct dclist *dclist);
59 diff --git a/include/lookup_ldap.h b/include/lookup_ldap.h
60 index b47bf5d..dcae220 100644
61 --- a/include/lookup_ldap.h
62 +++ b/include/lookup_ldap.h
72 @@ -57,6 +59,7 @@ struct lookup_context {
73 pthread_mutex_t uris_mutex;
74 struct list_head *uris;
76 + struct dclist *dclist;
78 struct ldap_searchdn *sdns;
80 diff --git a/man/auto.master.5.in b/man/auto.master.5.in
81 index 7b7004f..71c4402 100644
82 --- a/man/auto.master.5.in
83 +++ b/man/auto.master.5.in
84 @@ -271,6 +271,14 @@ Map entries that include a server name override this option and it is then
85 not used. Default is an empty list in which case either the server given
86 in a map entry or the LDAP configured default is used. This uri list is read at
87 startup and whenever the daemon receives a HUP signal.
89 +This configuration option can also be used to request autofs lookup SRV RRs
90 +for a domain of the form <proto>:///[<domain dn>]. Note that a trailing
91 +"/" is not allowed when using this form. If the domain dn is not specified
92 +the dns domain name (if any) is used to construct the domain dn for the
93 +SRV RR lookup. The server list returned from an SRV RR lookup is refreshed
94 +according to the minimum ttl found in the SRV RR records or after one hour,
98 The base dn to use when searching for amap base dn. This entry may be
99 diff --git a/modules/Makefile b/modules/Makefile
100 index 0d12f01..13b3bd8 100644
101 --- a/modules/Makefile
102 +++ b/modules/Makefile
103 @@ -86,9 +86,10 @@ lookup_hesiod.so: lookup_hesiod.c
104 cyrus-sasl.o: cyrus-sasl.c
105 $(CC) $(CFLAGS) $(LDAP_FLAGS) -c $<
107 -lookup_ldap.so: lookup_ldap.c $(SASL_OBJ)
108 +lookup_ldap.so: lookup_ldap.c dclist.o $(SASL_OBJ)
109 $(CC) $(SOLDFLAGS) $(CFLAGS) $(LDAP_FLAGS) -o lookup_ldap.so \
110 - lookup_ldap.c $(SASL_OBJ) $(AUTOFS_LIB) $(LIBLDAP)
111 + lookup_ldap.c dclist.o $(SASL_OBJ) \
112 + $(AUTOFS_LIB) $(LIBLDAP) $(LIBRESOLV)
113 $(STRIP) lookup_ldap.so
115 mount_nfs.so: mount_nfs.c replicated.o
116 diff --git a/modules/dclist.c b/modules/dclist.c
118 index 0000000..5b0e577
120 +++ b/modules/dclist.c
123 + * Copyright 2009 Ian Kent <raven@themaw.net>
124 + * Copyright 2009 Red Hat, Inc.
126 + * This module was apapted from code contained in the Samba distribution
127 + * file source/libads/dns.c which contained the following copyright
130 + * Unix SMB/CIFS implementation.
131 + * DNS utility library
132 + * Copyright (C) Gerald (Jerry) Carter 2006.
133 + * Copyright (C) Jeremy Allison 2007.
135 + * This program is free software; you can redistribute it and/or modify
136 + * it under the terms of the GNU General Public License as published by
137 + * the Free Software Foundation; either version 3 of the License, or
138 + * (at your option) any later version.
140 + * This program is distributed in the hope that it will be useful,
141 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
142 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
143 + * GNU General Public License for more details.
145 + * You should have received a copy of the GNU General Public License
146 + * along with this program. If not, see <http://www.gnu.org/licenses/>.
149 +#include <netinet/in.h>
150 +#include <arpa/nameser.h>
156 +#include <sys/param.h>
159 +#include "automount.h"
162 +#define MAX_DNS_PACKET_SIZE 0xffff
163 +#define MAX_DNS_NAME_LENGTH MAXHOSTNAMELEN
164 +/* The longest time we will cache dns srv records */
165 +#define MAX_TTL (60*60*1) /* 1 hours */
167 +#ifdef NS_HFIXEDSZ /* Bind 8/9 interface */
168 +#if !defined(C_IN) /* AIX 5.3 already defines C_IN */
169 +# define C_IN ns_c_in
171 +#if !defined(T_A) /* AIX 5.3 already defines T_A */
175 +# define T_SRV ns_t_srv
176 +#if !defined(T_NS) /* AIX 5.3 already defines T_NS */
177 +# define T_NS ns_t_ns
181 +# define NS_HFIXEDSZ HFIXEDSZ
183 +# define NS_HFIXEDSZ sizeof(HEADER)
184 +# endif /* HFIXEDSZ */
186 +# define NS_PACKETSZ PACKETSZ
187 +# else /* 512 is usually the default */
188 +# define NS_PACKETSZ 512
189 +# endif /* PACKETSZ */
193 +#define SVAL(buf, pos) (*(const uint16_t *)((const char *)(buf) + (pos)))
194 +#define IVAL(buf, pos) (*(const uint32_t *)((const char *)(buf) + (pos)))
196 +#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF))
197 +#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16)))
199 +#define RSVAL(buf, pos) SREV(SVAL(buf, pos))
200 +#define RIVAL(buf, pos) IREV(IVAL(buf, pos))
202 +#define QSORT_CAST (int (*)(const void *, const void *))
204 +/* DNS query section in replies */
207 + const char *hostname;
212 +/* DNS RR record in reply */
215 + const char *hostname;
226 + const char *hostname;
233 +static pthread_mutex_t dclist_mutex = PTHREAD_MUTEX_INITIALIZER;
235 +static void dclist_mutex_lock(void)
237 + int status = pthread_mutex_lock(&dclist_mutex);
243 +static void dclist_mutex_unlock(void)
245 + int status = pthread_mutex_unlock(&dclist_mutex);
251 +static int dns_parse_query(unsigned int logopt,
252 + uint8_t *start, uint8_t *end,
253 + uint8_t **ptr, struct dns_query *q)
256 + char hostname[MAX_DNS_NAME_LENGTH];
257 + char buf[MAX_ERR_BUF];
260 + if (!start || !end || !q || !*ptr)
263 + memset(q, 0, sizeof(*q));
265 + /* See RFC 1035 for details. If this fails, then return. */
267 + namelen = dn_expand(start, end, p, hostname, sizeof(hostname));
269 + error(logopt, "failed to expand query hostname");
274 + q->hostname = strdup(hostname);
276 + char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
277 + error(logopt, "strdup: %s", estr);
281 + /* check that we have space remaining */
284 + error(logopt, "insufficient buffer space for result");
285 + free((void *) q->hostname);
289 + q->type = RSVAL(p, 0);
290 + q->in_class = RSVAL(p, 2);
298 +static int dns_parse_rr(unsigned int logopt,
299 + uint8_t *start, uint8_t *end,
300 + uint8_t **ptr, struct dns_rr *rr)
303 + char hostname[MAX_DNS_NAME_LENGTH];
304 + char buf[MAX_ERR_BUF];
307 + if (!start || !end || !rr || !*ptr)
310 + memset(rr, 0, sizeof(*rr));
312 + /* pull the name from the answer */
314 + namelen = dn_expand(start, end, p, hostname, sizeof(hostname));
316 + error(logopt, "failed to expand query hostname");
320 + rr->hostname = strdup(hostname);
321 + if (!rr->hostname) {
322 + char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
323 + error(logopt, "strdup: %s", estr);
327 + /* check that we have space remaining */
329 + if (p + 10 > end) {
330 + error(logopt, "insufficient buffer space for result");
331 + free((void *) rr->hostname);
335 + /* pull some values and then skip onto the string */
337 + rr->type = RSVAL(p, 0);
338 + rr->in_class = RSVAL(p, 2);
339 + rr->ttl = RIVAL(p, 4);
340 + rr->rdatalen = RSVAL(p, 8);
344 + /* sanity check the available space */
346 + if (p + rr->rdatalen > end) {
347 + error(logopt, "insufficient buffer space for data");
348 + free((void *) rr->hostname);
352 + /* save a point to the rdata for this section */
362 +static int dns_parse_rr_srv(unsigned int logopt,
363 + uint8_t *start, uint8_t *end,
364 + uint8_t **ptr, struct dns_rr_srv *srv)
368 + char dcname[MAX_DNS_NAME_LENGTH];
369 + char buf[MAX_ERR_BUF];
372 + if (!start || !end || !srv || !*ptr)
375 + /* Parse the RR entry. Coming out of the this, ptr is at the beginning
376 + of the next record */
378 + if (!dns_parse_rr(logopt, start, end, ptr, &rr)) {
379 + error(logopt, "Failed to parse RR record");
383 + if (rr.type != T_SRV) {
384 + error(logopt, "Bad answer type (%d)", rr.type);
390 + srv->priority = RSVAL(p, 0);
391 + srv->weight = RSVAL(p, 2);
392 + srv->port = RSVAL(p, 4);
397 + namelen = dn_expand(start, end, p, dcname, sizeof(dcname));
399 + error(logopt, "Failed to expand dcname");
403 + srv->hostname = strdup(dcname);
404 + if (!srv->hostname) {
405 + char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
406 + error(logopt, "strdup: %s", estr);
410 + debug(logopt, "Parsed %s [%u, %u, %u]",
411 + srv->hostname, srv->priority, srv->weight, srv->port);
416 +/*********************************************************************
417 + Sort SRV record list based on weight and priority. See RFC 2782.
418 +*********************************************************************/
420 +static int dnssrvcmp(struct dns_rr_srv *a, struct dns_rr_srv *b)
422 + if (a->priority == b->priority) {
423 + /* randomize entries with an equal weight and priority */
424 + if (a->weight == b->weight)
427 + /* higher weights should be sorted lower */
428 + if (a->weight > b->weight)
434 + if (a->priority < b->priority)
440 +#define DNS_FAILED_WAITTIME 30
442 +static int dns_send_req(unsigned int logopt,
443 + const char *name, int q_type, uint8_t **rbuf,
446 + uint8_t *buffer = NULL;
447 + size_t buf_len = 0;
448 + int resp_len = NS_PACKETSZ;
449 + static time_t last_dns_check = 0;
450 + static unsigned int last_dns_status = 0;
451 + time_t now = time(NULL);
452 + char buf[MAX_ERR_BUF];
454 + /* Try to prevent bursts of DNS lookups if the server is down */
456 + /* Protect against large clock changes */
458 + if (last_dns_check > now)
459 + last_dns_check = 0;
461 + /* IF we had a DNS timeout or a bad server and we are still
462 + in the 30 second cache window, just return the previous
463 + status and save the network timeout. */
465 + if ((last_dns_status == ETIMEDOUT ||
466 + last_dns_status == ECONNREFUSED) &&
467 + ((last_dns_check + DNS_FAILED_WAITTIME) > now)) {
468 + char *estr = strerror_r(last_dns_status, buf, MAX_ERR_BUF);
469 + debug(logopt, "Returning cached status (%s)", estr);
470 + return last_dns_status;
473 + /* Send the Query */
478 + buf_len = resp_len * sizeof(uint8_t);
481 + buffer = malloc(buf_len);
483 + char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
484 + error(logopt, "malloc: %s", estr);
485 + last_dns_status = ENOMEM;
486 + last_dns_check = time(NULL);
487 + return last_dns_status;
491 + resp_len = res_query(name, C_IN, q_type, buffer, buf_len);
492 + if (resp_len < 0) {
493 + char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
494 + error(logopt, "Failed to resolve %s (%s)", name, estr);
496 + last_dns_status = ENOENT;
497 + last_dns_check = time(NULL);
498 + return last_dns_status;
501 + /* On AIX, Solaris, and possibly some older glibc systems (e.g. SLES8)
502 + truncated replies never give back a resp_len > buflen
503 + which ends up causing DNS resolve failures on large tcp DNS replies */
505 + if (buf_len == resp_len) {
506 + if (resp_len == MAX_DNS_PACKET_SIZE) {
508 + "DNS reply too large when resolving %s",
511 + last_dns_status = EMSGSIZE;
512 + last_dns_check = time(NULL);
513 + return last_dns_status;
516 + resp_len = MIN(resp_len * 2, MAX_DNS_PACKET_SIZE);
518 + } while (buf_len < resp_len && resp_len <= MAX_DNS_PACKET_SIZE);
521 + *resp_length = resp_len;
523 + last_dns_check = time(NULL);
524 + last_dns_status = 0;
529 +static int dns_lookup_srv(unsigned int logopt, const char *name,
530 + struct dns_rr_srv **dclist, int *numdcs)
532 + uint8_t *buffer = NULL;
534 + struct dns_rr_srv *dcs = NULL;
535 + int query_count, answer_count;
536 + uint8_t *p = buffer;
539 + char buf[MAX_ERR_BUF];
542 + if (!name || !dclist)
545 + /* Send the request. May have to loop several times in case
546 + of large replies */
548 + ret = dns_send_req(logopt, name, T_SRV, &buffer, &resp_len);
550 + error(logopt, "Failed to send DNS query");
555 + /* For some insane reason, the ns_initparse() et. al. routines are only
556 + available in libresolv.a, and not the shared lib. Who knows why....
557 + So we have to parse the DNS reply ourselves */
559 + /* Pull the answer RR's count from the header.
560 + * Use the NMB ordering macros */
562 + query_count = RSVAL(p, 4);
563 + answer_count = RSVAL(p, 6);
566 + "%d records returned in the answer section.",
569 + if (answer_count) {
570 + dcs = malloc(sizeof(struct dns_rr_srv) * answer_count);
572 + char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
573 + error(logopt, "malloc: %s", estr);
579 + /* now skip the header */
583 + /* parse the query section */
585 + for (rrnum = 0; rrnum < query_count; rrnum++) {
586 + struct dns_query q;
588 + ret = dns_parse_query(logopt, buffer, buffer+resp_len, &p, &q);
591 + "Failed to parse query record [%d]", rrnum);
598 + /* now we are at the answer section */
600 + for (rrnum = 0; rrnum < answer_count; rrnum++) {
601 + ret = dns_parse_rr_srv(logopt,
602 + buffer, buffer+resp_len,
606 + "Failed to parse answer record [%d]", rrnum);
614 + qsort(dcs, idx, sizeof(struct dns_rr_srv), QSORT_CAST dnssrvcmp);
622 +static char *escape_dn_commas(const char *uri)
624 + size_t len = strlen(uri);
625 + char *new, *tmp, *ptr;
627 + ptr = (char *) uri;
636 + new = malloc(len + 1);
639 + memset(new, 0, len + 1);
641 + ptr = (char *) uri;
644 + if (*ptr == '\\') {
650 + strcpy(tmp, "%2c");
661 +void free_dclist(struct dclist *dclist)
664 + free((void *) dclist->uri);
668 +static char *getdnsdomainname(unsigned int logopt)
670 + struct addrinfo hints, *ni;
671 + char name[MAX_DNS_NAME_LENGTH + 1];
672 + char buf[MAX_ERR_BUF];
673 + char *dnsdomain = NULL;
677 + memset(name, 0, sizeof(name));
678 + if (gethostname(name, MAX_DNS_NAME_LENGTH) == -1) {
679 + char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
680 + error(logopt, "gethostname: %s", estr);
684 + memset(&hints, 0, sizeof(hints));
685 + hints.ai_flags = AI_CANONNAME;
686 + hints.ai_family = AF_UNSPEC;
687 + hints.ai_socktype = SOCK_DGRAM;
689 + ret = getaddrinfo(name, NULL, &hints, &ni);
691 + error(logopt, "hostname lookup failed: %s", gai_strerror(ret));
695 + ptr = ni->ai_canonname;
696 + while (*ptr && *ptr != '.')
700 + dnsdomain = strdup(ptr);
707 +struct dclist *get_dc_list(unsigned int logopt, const char *uri)
709 + LDAPURLDesc *ludlist = NULL;
710 + LDAPURLDesc **ludp;
711 + struct dns_rr_srv *dcs;
712 + unsigned int min_ttl = MAX_TTL;
713 + struct dclist *dclist = NULL;;
714 + char buf[MAX_ERR_BUF];
715 + char *dn_uri, *esc_uri;
721 + if (strcmp(uri, "ldap:///") && strcmp(uri, "ldaps:///")) {
722 + dn_uri = strdup(uri);
724 + char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
725 + error(logopt, "strdup: %s", estr);
732 + dnsdomain = getdnsdomainname(logopt);
734 + error(logopt, "failed to get dns domainname");
738 + if (ldap_domain2dn(dnsdomain, &hdn) || hdn == NULL) {
740 + "Could not turn domain \"%s\" into a dn\n",
747 + dn_uri = malloc(strlen(uri) + strlen(hdn) + 1);
749 + char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
750 + error(logopt, "malloc: %s", estr);
755 + strcpy(dn_uri, uri);
756 + strcat(dn_uri, hdn);
760 + esc_uri = escape_dn_commas(dn_uri);
762 + error(logopt, "Could not escape commas in uri %s", dn_uri);
767 + ret = ldap_url_parse(esc_uri, &ludlist);
768 + if (ret != LDAP_URL_SUCCESS) {
769 + error(logopt, "Could not parse uri %s (%d)", dn_uri, ret);
778 + error(logopt, "No dn found in uri %s", dn_uri);
785 + dclist = malloc(sizeof(struct dclist));
787 + char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
788 + error(logopt, "malloc: %s", estr);
789 + ldap_free_urldesc(ludlist);
792 + memset(dclist, 0, sizeof(struct dclist));
795 + for (ludp = &ludlist; *ludp != NULL;) {
796 + LDAPURLDesc *lud = *ludp;
797 + size_t req_len, len;
798 + char *request = NULL;
802 + if (!lud->lud_dn && !lud->lud_dn[0] &&
803 + (!lud->lud_host || !lud->lud_host[0])) {
804 + *ludp = lud->lud_next;
809 + if (ldap_dn2domain(lud->lud_dn, &domain) || domain == NULL) {
811 + "Could not turn dn \"%s\" into a domain",
813 + *ludp = lud->lud_next;
817 + debug(logopt, "doing lookup of SRV RRs for domain %s", domain);
819 + req_len = sizeof("_ldap._tcp.") + strlen(domain);
820 + request = malloc(req_len);
822 + char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
823 + error(logopt, "malloc: %s", estr);
827 + ret = snprintf(request, req_len, "_ldap._tcp.%s", domain);
828 + if (ret >= req_len) {
833 + dclist_mutex_lock();
834 + if (dns_lookup_srv(logopt, request, &dcs, &numdcs)) {
836 + "DNS SRV query failed for domain %s", domain);
837 + dclist_mutex_unlock();
841 + dclist_mutex_unlock();
844 + len = strlen(lud->lud_scheme);
845 + len += sizeof("://");
848 + for (i = 0; i < numdcs; i++) {
849 + if (dcs[i].ttl > 0 && dcs[i].ttl < min_ttl)
850 + min_ttl = dcs[i].ttl;
851 + len += strlen(dcs[i].hostname);
852 + if (dcs[i].port > 0)
853 + len += sizeof(":65535");
856 + tmp = realloc(list, len);
858 + char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
859 + error(logopt, "realloc: %s", estr);
864 + memset(tmp, 0, len);
868 + for (i = 0; i < numdcs; i++) {
871 + strcat(tmp, lud->lud_scheme);
872 + strcat(tmp, "://");
873 + strcat(tmp, dcs[i].hostname);
874 + if (dcs[i].port > 0) {
876 + ret = snprintf(port, 7, ":%d", dcs[i].port);
879 + "invalid port: %u", dcs[i].port);
887 + *ludp = lud->lud_next;
888 + ber_memfree(domain);
891 + ldap_free_urldesc(ludlist);
893 + dclist->expire = time(NULL) + min_ttl;
894 + dclist->uri = list;
902 + ber_memfree(domain);
903 + ldap_free_urldesc(ludlist);
904 + free_dclist(dclist);
907 diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
908 index a847622..f6b3f42 100644
909 --- a/modules/lookup_ldap.c
910 +++ b/modules/lookup_ldap.c
911 @@ -643,14 +643,26 @@ static LDAP *find_server(unsigned logopt, struct lookup_context *ctxt)
913 struct ldap_uri *this;
914 struct list_head *p, *first;
915 + struct dclist *dclist = NULL;
918 - /* Try each uri in list, add connect fails to tmp list */
919 uris_mutex_lock(ctxt);
920 + if (ctxt->dclist) {
921 + dclist = ctxt->dclist;
922 + if (ctxt->dclist->expire < time(NULL)) {
923 + free_dclist(ctxt->dclist);
924 + ctxt->dclist = NULL;
931 first = &ctxt->uri->list;
932 uris_mutex_unlock(ctxt);
935 + /* Try each uri, save point in server list upon success */
939 @@ -659,25 +671,62 @@ static LDAP *find_server(unsigned logopt, struct lookup_context *ctxt)
942 this = list_entry(p, struct ldap_uri, list);
943 - debug(logopt, "trying server %s", this->uri);
944 - ldap = connect_to_server(logopt, this->uri, ctxt);
945 + if (!strstr(this->uri, ":///"))
946 + uri = strdup(this->uri);
949 + uri = strdup(dclist->uri);
951 + struct dclist *tmp;
952 + tmp = get_dc_list(logopt, this->uri);
958 + uri = strdup(dclist->uri);
965 + debug(logopt, "trying server uri %s", uri);
966 + ldap = connect_to_server(logopt, uri, ctxt);
968 - info(logopt, "connected to uri %s", this->uri);
969 - uris_mutex_lock(ctxt);
971 - uris_mutex_unlock(ctxt);
972 + info(logopt, "connected to uri %s", uri);
978 + free_dclist(dclist);
983 + uris_mutex_lock(ctxt);
988 + ctxt->dclist = dclist;
990 + if (ctxt->dclist != dclist) {
991 + free_dclist(ctxt->dclist);
992 + ctxt->dclist = dclist;
996 + uris_mutex_unlock(ctxt);
1001 static LDAP *do_reconnect(unsigned logopt, struct lookup_context *ctxt)
1003 - struct ldap_uri *this;
1007 if (ctxt->server || !ctxt->uris) {
1008 ldap = do_connect(logopt, ctxt->server, ctxt);
1009 @@ -692,9 +741,20 @@ static LDAP *do_reconnect(unsigned logopt, struct lookup_context *ctxt)
1012 uris_mutex_lock(ctxt);
1015 + uri = strdup(ctxt->dclist->uri);
1017 + uri = strdup(ctxt->uri->uri);
1018 uris_mutex_unlock(ctxt);
1019 - ldap = do_connect(logopt, this->uri, ctxt);
1022 + char buf[MAX_ERR_BUF];
1023 + char *estr = strerror_r(errno, buf, sizeof(buf));
1024 + crit(logopt, MODPREFIX "strdup: %s", estr);
1028 + ldap = do_connect(logopt, uri, ctxt);
1031 * Dispose of the sasl authentication connection and try the
1032 @@ -702,9 +762,11 @@ static LDAP *do_reconnect(unsigned logopt, struct lookup_context *ctxt)
1035 autofs_sasl_dispose(ctxt);
1036 - ldap = connect_to_server(logopt, this->uri, ctxt);
1037 + ldap = connect_to_server(logopt, uri, ctxt);
1045 @@ -1296,6 +1358,8 @@ static void free_context(struct lookup_context *ctxt)
1048 defaults_free_searchdns(ctxt->sdns);
1050 + free_dclist(ctxt->dclist);
1054 diff --git a/redhat/autofs.sysconfig.in b/redhat/autofs.sysconfig.in
1055 index 97e20fe..37448ea 100644
1056 --- a/redhat/autofs.sysconfig.in
1057 +++ b/redhat/autofs.sysconfig.in
1058 @@ -50,6 +50,17 @@ BROWSE_MODE="no"
1059 # Map entries that include a server name override
1062 +# This configuration option can also be used to
1063 +# request autofs lookup SRV RRs for a domain of
1064 +# the form <proto>:///[<domain dn>]. Note that a
1065 +# trailing "/" is not allowed when using this form.
1066 +# If the domain dn is not specified the dns domain
1067 +# name (if any) is used to construct the domain dn
1068 +# for the SRV RR lookup. The server list returned
1069 +# from an SRV RR lookup is refreshed according to
1070 +# the minimum ttl found in the SRV RR records or
1071 +# after one hour, whichever is less.
1075 # LDAP__TIMEOUT - timeout value for the synchronous API calls
1076 diff --git a/samples/autofs.conf.default.in b/samples/autofs.conf.default.in
1077 index 62084c2..7dee5fd 100644
1078 --- a/samples/autofs.conf.default.in
1079 +++ b/samples/autofs.conf.default.in
1080 @@ -48,6 +48,17 @@ BROWSE_MODE="no"
1081 # Map entries that include a server name override
1084 +# This configuration option can also be used to
1085 +# request autofs lookup SRV RRs for a domain of
1086 +# the form <proto>:///[<domain dn>]. Note that a
1087 +# trailing "/" is not allowed when using this form.
1088 +# If the domain dn is not specified the dns domain
1089 +# name (if any) is used to construct the domain dn
1090 +# for the SRV RR lookup. The server list returned
1091 +# from an SRV RR lookup is refreshed according to
1092 +# the minimum ttl found in the SRV RR records or
1093 +# after one hour, whichever is less.
1097 # LDAP__TIMEOUT - timeout value for the synchronous API calls