From patchwork Thu Jan 24 18:35:32 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 215470 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "userp1040.oracle.com", Issuer "VeriSign Class 3 International Server CA - G3" (not verified)) by ozlabs.org (Postfix) with ESMTPS id 9233C2C008C for ; Fri, 25 Jan 2013 05:35:42 +1100 (EST) Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by userp1040.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id r0OIZde5014201 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 24 Jan 2013 18:35:40 GMT Received: from oss.oracle.com (oss-external.oracle.com [137.254.96.51]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r0OIZcjo004299 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 24 Jan 2013 18:35:39 GMT Received: from localhost ([127.0.0.1] helo=oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1TyReE-0000QI-Rl; Thu, 24 Jan 2013 10:35:38 -0800 Received: from ucsinet21.oracle.com ([156.151.31.93]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1TyReB-0000Q8-PG for fedfs-utils-devel@oss.oracle.com; Thu, 24 Jan 2013 10:35:35 -0800 Received: from aserp1020.oracle.com (aserp1020.oracle.com [141.146.126.67]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r0OIZYF7020633 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 24 Jan 2013 18:35:35 GMT Received: from mail-ia0-f180.google.com (mail-ia0-f180.google.com [209.85.210.180]) by aserp1020.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id r0OIZXXB003183 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK) for ; Thu, 24 Jan 2013 18:35:34 GMT Received: by mail-ia0-f180.google.com with SMTP id f27so5333373iae.11 for ; Thu, 24 Jan 2013 10:35:33 -0800 (PST) X-Received: by 10.50.33.173 with SMTP id s13mr2191202igi.23.1359052533594; Thu, 24 Jan 2013 10:35:33 -0800 (PST) Received: from seurat.1015granger.net ([99.26.161.222]) by mx.google.com with ESMTPS id xn10sm1686471igb.4.2013.01.24.10.35.32 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 24 Jan 2013 10:35:33 -0800 (PST) From: Chuck Lever To: fedfs-utils-devel@oss.oracle.com Date: Thu, 24 Jan 2013 13:35:32 -0500 Message-ID: <20130124183531.13601.70474.stgit@seurat.1015granger.net> In-Reply-To: <20130124182619.13601.61251.stgit@seurat.1015granger.net> References: <20130124182619.13601.61251.stgit@seurat.1015granger.net> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 X-Flow-Control-Info: class=Default reputation=ipRepBelow100 ip=209.85.210.180 ct-class=R5 ct-vol1=-94 ct-vol2=8 ct-vol3=7 ct-risk=40 ct-spam1=60 ct-spam2=6 ct-bulk=5 rcpts=1 size=16991 X-MM-CT-Classification: not spam X-MM-CT-RefID: str=0001.0A090209.51017EF6.0094,ss=1,re=-2.300,fgs=0 Subject: [fedfs-utils] [PATCH 07/11] nsdbc: Handle LDAP_CONFIDENTIALITY_REQUIRED X-BeenThere: fedfs-utils-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: fedfs-utils Developers List-Id: fedfs-utils Developers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: fedfs-utils-devel-bounces@oss.oracle.com Errors-To: fedfs-utils-devel-bounces@oss.oracle.com X-Source-IP: acsinet21.oracle.com [141.146.126.237] If an NSDB is configured to reject FEDFS_SEC_NONE requests, but our client is configured to use FEDFS_SEC_NONE, libnsdb will return FEDFS_ERR_NSDB_LDAP_VAL with the LDAP error code LDAP_CONFIDENTIALITY_REQUIRED. Update the NSDB client tools to report this error meaningfully. Signed-off-by: Chuck Lever --- src/nfsref/lookup.c | 18 ++++++++++++------ src/nfsref/remove.c | 21 +++++++++++++++++---- src/nsdbc/nsdb-annotate.c | 4 ++++ src/nsdbc/nsdb-create-fsl.c | 12 +++++++++--- src/nsdbc/nsdb-create-fsn.c | 12 +++++++++--- src/nsdbc/nsdb-delete-fsl.c | 12 +++++++++--- src/nsdbc/nsdb-delete-fsn.c | 18 +++++++++++++----- src/nsdbc/nsdb-delete-nsdb.c | 12 +++++++++--- src/nsdbc/nsdb-describe.c | 4 ++++ src/nsdbc/nsdb-list.c | 18 ++++++++++++------ src/nsdbc/nsdb-nces.c | 12 +++++++++--- src/nsdbc/nsdb-remove-nci.c | 12 +++++++++--- src/nsdbc/nsdb-resolve-fsn.c | 18 ++++++++++++------ src/nsdbc/nsdb-simple-nce.c | 12 +++++++++--- src/nsdbc/nsdb-update-fsl.c | 12 +++++++++--- src/nsdbc/nsdb-update-nci.c | 12 +++++++++--- src/plug-ins/nfs-plugin.c | 22 ++++++++++++++-------- 17 files changed, 169 insertions(+), 62 deletions(-) diff --git a/src/nfsref/lookup.c b/src/nfsref/lookup.c index cc3e293..5d1817e 100644 --- a/src/nfsref/lookup.c +++ b/src/nfsref/lookup.c @@ -392,14 +392,20 @@ again: __func__, fsn_uuid); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: retval = nfsref_lookup_follow_ldap_referral(&host); - if (retval != FEDFS_OK) - break; - goto again; + if (retval == FEDFS_OK) + goto again; + break; + case LDAP_CONFIDENTIALITY_REQUIRED: + xlog(L_ERROR, "TLS security required for %s:%u", + nsdb_hostname(host), nsdb_port(host)); + break; + default: + xlog(L_ERROR, "%s: NSDB operation failed with %s", + __func__, ldap_err2string(ldap_err)); } - xlog(L_ERROR, "%s: NSDB operation failed with %s", - __func__, ldap_err2string(ldap_err)); break; default: xlog(L_ERROR, "%s: Failed to resolve FSN %s: %s", diff --git a/src/nfsref/remove.c b/src/nfsref/remove.c index a7bfca0..f7da1fc 100644 --- a/src/nfsref/remove.c +++ b/src/nfsref/remove.c @@ -230,10 +230,23 @@ nfsref_remove_delete_fsn(const char *junct_path) xlog(L_ERROR, "FSN %s still has FSL entries", fsn_uuid); break; case FEDFS_ERR_NSDB_LDAP_VAL: - /* XXX: "Operation not allowed on non-leaf" means - * this FSN still has children FSLs. */ - xlog(L_ERROR, "Failed to delete FSN %s: %s", - fsn_uuid, ldap_err2string(ldap_err)); + switch (ldap_err) { + case LDAP_REFERRAL: + xlog(L_ERROR, "Encountered LDAP referral on %s:%u", + nsdb_hostname(host), nsdb_port(host)); + break; + case LDAP_CONFIDENTIALITY_REQUIRED: + xlog(L_ERROR, "TLS security required for %s:%u", + nsdb_hostname(host), nsdb_port(host)); + break; + case LDAP_NOT_ALLOWED_ON_NONLEAF: + xlog(L_ERROR, "Failed to delete: " + "this FSN may have children"); + break; + default: + xlog(L_ERROR, "Failed to delete FSN %s: %s", + fsn_uuid, ldap_err2string(ldap_err)); + } break; default: xlog(L_ERROR, "Failed to delete FSN %s: %s", diff --git a/src/nsdbc/nsdb-annotate.c b/src/nsdbc/nsdb-annotate.c index acf6a94..c14b8f5 100644 --- a/src/nsdbc/nsdb-annotate.c +++ b/src/nsdbc/nsdb-annotate.c @@ -315,6 +315,10 @@ main(int argc, char **argv) fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; case LDAP_NO_SUCH_ATTRIBUTE: fprintf(stderr, "Annotation \"%s\" = \"%s\" not found\n", keyword, value); diff --git a/src/nsdbc/nsdb-create-fsl.c b/src/nsdbc/nsdb-create-fsl.c index 573d99b..0e15e15 100644 --- a/src/nsdbc/nsdb-create-fsl.c +++ b/src/nsdbc/nsdb-create-fsl.c @@ -300,13 +300,19 @@ main(int argc, char **argv) fprintf(stderr, "NCE %s does not exist\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to create FSL %s: %s\n", + fsl_uuid, ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to create FSL %s: %s\n", - fsl_uuid, ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to create FSL %s: %s\n", diff --git a/src/nsdbc/nsdb-create-fsn.c b/src/nsdbc/nsdb-create-fsn.c index 48e0099..5f8fd21 100644 --- a/src/nsdbc/nsdb-create-fsn.c +++ b/src/nsdbc/nsdb-create-fsn.c @@ -277,13 +277,19 @@ main(int argc, char **argv) fprintf(stderr, "NCE %s does not exist\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to create FSN: %s\n", + ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to create FSN: %s\n", - ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to create FSN: %s\n", diff --git a/src/nsdbc/nsdb-delete-fsl.c b/src/nsdbc/nsdb-delete-fsl.c index d051da2..9355606 100644 --- a/src/nsdbc/nsdb-delete-fsl.c +++ b/src/nsdbc/nsdb-delete-fsl.c @@ -263,13 +263,19 @@ main(int argc, char **argv) nsdbname, nsdbport, fsl_uuid); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to delete FSL %s: %s\n", + fsl_uuid, ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to delete FSL %s: %s\n", - fsl_uuid, ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to delete FSL %s: %s\n", diff --git a/src/nsdbc/nsdb-delete-fsn.c b/src/nsdbc/nsdb-delete-fsn.c index f52bd24..20518bf 100644 --- a/src/nsdbc/nsdb-delete-fsn.c +++ b/src/nsdbc/nsdb-delete-fsn.c @@ -272,15 +272,23 @@ main(int argc, char **argv) fprintf(stderr, "FSN %s still has FSL entries\n", fsn_uuid); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + case LDAP_NOT_ALLOWED_ON_NONLEAF: + fprintf(stderr, "Failed to delete: " + "this FSN may have children\n"); + break; + default: + fprintf(stderr, "Failed to delete FSN %s: %s\n", + fsn_uuid, ldap_err2string(ldap_err)); } - /* XXX: "Operation not allowed on non-leaf" means - * this FSN still has children FSLs. */ - fprintf(stderr, "Failed to delete FSN %s: %s\n", - fsn_uuid, ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to delete FSN %s: %s\n", diff --git a/src/nsdbc/nsdb-delete-nsdb.c b/src/nsdbc/nsdb-delete-nsdb.c index 5f330f6..2e25a31 100644 --- a/src/nsdbc/nsdb-delete-nsdb.c +++ b/src/nsdbc/nsdb-delete-nsdb.c @@ -229,13 +229,19 @@ main(int argc, char **argv) fprintf(stderr, "NCE %s does not exist\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to remove NCE %s: %s\n", + nce, ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to remove NCE %s: %s\n", - nce, ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to remove NCE %s: %s\n", diff --git a/src/nsdbc/nsdb-describe.c b/src/nsdbc/nsdb-describe.c index 70b9eee..deaec2d 100644 --- a/src/nsdbc/nsdb-describe.c +++ b/src/nsdbc/nsdb-describe.c @@ -258,6 +258,10 @@ main(int argc, char **argv) fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; case LDAP_NO_SUCH_OBJECT: fprintf(stderr, "Entry \"%s\" not found\n", entry); break; diff --git a/src/nsdbc/nsdb-list.c b/src/nsdbc/nsdb-list.c index 5659a44..72b05a2 100644 --- a/src/nsdbc/nsdb-list.c +++ b/src/nsdbc/nsdb-list.c @@ -328,14 +328,20 @@ again: fprintf(stderr, "NCE %s does not exist\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: retval = nsdb_list_follow_ldap_referral(&host); - if (retval != FEDFS_OK) - break; - goto again; + if (retval == FEDFS_OK) + goto again; + break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to list FSNs: %s\n", + ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to list FSNs: %s\n", - ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to list FSNs: %s\n", diff --git a/src/nsdbc/nsdb-nces.c b/src/nsdbc/nsdb-nces.c index 77b00f1..d31cacc 100644 --- a/src/nsdbc/nsdb-nces.c +++ b/src/nsdbc/nsdb-nces.c @@ -200,13 +200,19 @@ main(int argc, char **argv) case FEDFS_OK: break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to list NCEs: %s\n", + ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to list NCEs: %s\n", - ldap_err2string(ldap_err)); goto out_close; default: fprintf(stderr, "Failed to list NCEs: %s\n", diff --git a/src/nsdbc/nsdb-remove-nci.c b/src/nsdbc/nsdb-remove-nci.c index 2e0dcad..0224314 100644 --- a/src/nsdbc/nsdb-remove-nci.c +++ b/src/nsdbc/nsdb-remove-nci.c @@ -226,13 +226,19 @@ main(int argc, char **argv) fprintf(stderr, "NCE %s does not exist\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to remove NCI for NCE %s: %s\n", + nce, ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to remove NCI for NCE %s: %s\n", - nce, ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to remove NCI for NCE %s: %s\n", diff --git a/src/nsdbc/nsdb-resolve-fsn.c b/src/nsdbc/nsdb-resolve-fsn.c index efeb327..5a004fb 100644 --- a/src/nsdbc/nsdb-resolve-fsn.c +++ b/src/nsdbc/nsdb-resolve-fsn.c @@ -380,14 +380,20 @@ again: fprintf(stderr, "Failed to find FSN %s\n", fsn_uuid); goto out_close; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: retval = nsdb_resolve_fsn_follow_ldap_referral(&host); - if (retval != FEDFS_OK) - goto out_close; - goto again; + if (retval == FEDFS_OK) + goto again; + break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "NSDB LDAP error: %s\n", + ldap_err2string(ldap_err)); } - fprintf(stderr, "NSDB LDAP error: %s\n", - ldap_err2string(ldap_err)); goto out_close; default: fprintf(stderr, "FedFsStatus code " diff --git a/src/nsdbc/nsdb-simple-nce.c b/src/nsdbc/nsdb-simple-nce.c index c7174c0..e70c604 100644 --- a/src/nsdbc/nsdb-simple-nce.c +++ b/src/nsdbc/nsdb-simple-nce.c @@ -240,13 +240,19 @@ main(int argc, char **argv) "for this NSDB\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to update NCI: %s\n", + ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to update NCI: %s\n", - ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to update NCI: %s\n", diff --git a/src/nsdbc/nsdb-update-fsl.c b/src/nsdbc/nsdb-update-fsl.c index e2fb2f0..406373d 100644 --- a/src/nsdbc/nsdb-update-fsl.c +++ b/src/nsdbc/nsdb-update-fsl.c @@ -271,13 +271,19 @@ main(int argc, char **argv) fprintf(stderr, "NCE %s does not exist\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to update FSL %s: %s\n", + fsl_uuid, ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to update FSL %s: %s\n", - fsl_uuid, ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to update FSL %s: %s\n", diff --git a/src/nsdbc/nsdb-update-nci.c b/src/nsdbc/nsdb-update-nci.c index e2c0b37..1d3c833 100644 --- a/src/nsdbc/nsdb-update-nci.c +++ b/src/nsdbc/nsdb-update-nci.c @@ -245,13 +245,19 @@ main(int argc, char **argv) "for this NSDB\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to update NCI: %s\n", + ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to update NCI: %s\n", - ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to update NCI: %s\n", diff --git a/src/plug-ins/nfs-plugin.c b/src/plug-ins/nfs-plugin.c index c50c648..7f0127f 100644 --- a/src/plug-ins/nfs-plugin.c +++ b/src/plug-ins/nfs-plugin.c @@ -413,8 +413,20 @@ again: __func__, fsn_uuid); goto out_close; case FEDFS_ERR_NSDB_LDAP_VAL: - nfs_jp_debug("%s: NSDB operation failed with %s\n", - __func__, ldap_err2string(ldap_err)); + switch (ldap_err) { + case LDAP_REFERRAL: + retval = nfs_jp_follow_ldap_referral(&host); + if (retval == FEDFS_OK) + goto again; + break; + case LDAP_CONFIDENTIALITY_REQUIRED: + nfs_jp_debug("TLS security required for %s:%u\n", + nsdb_hostname(host), nsdb_port(host)); + break; + default: + nfs_jp_debug("%s: NSDB operation failed with %s\n", + __func__, ldap_err2string(ldap_err)); + } goto out_close; default: nfs_jp_debug("%s: Failed to resolve FSN %s: %s\n", @@ -441,12 +453,6 @@ again: __func__, fsn_uuid); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { - retval = nfs_jp_follow_ldap_referral(&host); - if (retval != FEDFS_OK) - break; - goto again; - } nfs_jp_debug("%s: NSDB operation failed with %s\n", __func__, ldap_err2string(ldap_err)); break;