@@ -967,12 +967,14 @@ fedfsd_test_nsdb(const char *hostname, unsigned short port)
case FEDFS_ERR_NSDB_LDAP_VAL:
xlog(D_GENERAL, "%s: failed to ping NSDB %s:%u: %s\n",
__func__, hostname, port,
- ldap_err2string(ldap_err));
+ ldap_err2string(ldap_err));
+ retval = FEDFS_ERR_NSDB_CONN;
break;
default:
xlog(D_GENERAL, "%s: failed to ping NSDB %s:%u: %s",
__func__, hostname, port,
nsdb_display_fedfsstatus(retval));
+ retval = FEDFS_ERR_NSDB_CONN;
}
return retval;
@@ -1018,7 +1020,6 @@ fedfsd_svc_set_nsdb_params_1(SVCXPRT *xprt)
case FEDFS_ERR_NSDB_AUTH:
if (args.params.secType == FEDFS_SEC_NONE)
goto out;
- result = FEDFS_OK;
break;
default:
goto out;
FEDFS_ERR_NSDB_LDAP_VAL is allowed by the spec only for the FEDFS_LOOKUP_JUNCTION and FEDFS_LOOKUP_REPLICATION operations. And besides, there's no room in the FEDFS_SET_NSDB_PARAMS result for an LDAP error side car value. Still, it would be nice to report that an NSDB is not reachable when it is added to a fileserver's NSDB connection parameters database. It's a good sanity check that junctions created on that fileserver that target that NSDB will be resolvable. The ADMIN protocol spec, however, does not allow the FEDFS_SET_NSDB_PARAMS operation to return any status code that signifies whether fedfsd was able to connect with or verify the passed-in NSDB. For now, rpc.fedfsd will return FEDFS_ERR_NSDB_CONN if it cannot reach the NSDB, or FEDFS_ERR_NSDB_AUTH if the client has not provided a certificate and the NSDB requires TLS. If the LDAP server is reachable but does not contain an NSDB Container Entry rpc.fedfsd will return FEDFS_ERR_NSDB_NONCE. This behavior is useful, in my opinion, but it clearly does not comply with the ADMIN protocol specification. I don't see how it would greatly harm interoperability, however. If there are clients that balk, I will remove the NSDB ping test entirely. fedfsd_test_nsdb() was added in commit b055c16b "rpc.fedfsd: SET_NSDB_PARAMS should fail if LDAP server isn't an NSDB", Sep 3 12:11:11 2011. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> --- src/fedfsd/svc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)