Print this page
NEX-20555 idmap fall-back to DC discovery is broken
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-3155 idmap in a loop spamming its svc log
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
Reviewed by: Alek Pinchuk <alek.pinchuk@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Tony Nguyen <tony.nguyen@nexenta.com>
NEX-2892 NexentaStor losing connectivity to multihomed AD servers
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
NEX-2225 Unable to join NexentaStor to 2008 AD
NEX-1638 Updated DC Locator
Includes work by: matt.barden@nexenta.com, kevin.crowe@nexenta.com
*** 19,29 ****
* CDDL HEADER END
*/
/*
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
! * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
*/
/*
* Active Directory Auto-Discovery.
*
--- 19,29 ----
* CDDL HEADER END
*/
/*
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
! * Copyright 2019 Nexenta Systems, Inc. All rights reserved.
*/
/*
* Active Directory Auto-Discovery.
*
*** 1220,1231 ****
/* If the values is fixed there will not be a site specific version */
if (is_fixed(&ctx->domain_controller))
return (&ctx->domain_controller);
domain_name_item = validate_DomainName(ctx);
! if (domain_name_item == NULL)
return (NULL);
domain_name = (char *)domain_name_item->value;
/* Get (optional) preferred DC. */
prefer_dc_item = validate_PreferredDC(ctx);
if (prefer_dc_item != NULL)
--- 1220,1233 ----
/* If the values is fixed there will not be a site specific version */
if (is_fixed(&ctx->domain_controller))
return (&ctx->domain_controller);
domain_name_item = validate_DomainName(ctx);
! if (domain_name_item == NULL) {
! DEBUG1STATUS(ctx, "(no domain name)");
return (NULL);
+ }
domain_name = (char *)domain_name_item->value;
/* Get (optional) preferred DC. */
prefer_dc_item = validate_PreferredDC(ctx);
if (prefer_dc_item != NULL)
*** 1234,1266 ****
if (req == AD_DISC_GLOBAL)
validate_global = B_TRUE;
else {
if (is_fixed(&ctx->site_name))
validate_site = B_TRUE;
! else if (req == AD_DISC_PREFER_SITE)
validate_global = B_TRUE;
}
! if (validate_global) {
! if (!is_valid(&ctx->domain_controller) ||
! is_changed(&ctx->domain_controller, PARAM1,
! domain_name_item)) {
/*
* Lookup DNS SRV RR named
! * _ldap._tcp.dc._msdcs.<DomainName>
*/
! DEBUG1STATUS(ctx, "DNS SRV query, dom=%s",
! domain_name);
DO_RES_NINIT(ctx);
! cdc = srv_query(&ctx->res_state,
! LDAP_SRV_HEAD DC_SRV_TAIL,
domain_name, prefer_dc);
if (cdc == NULL) {
DEBUG1STATUS(ctx, "(no DNS response)");
! return (NULL);
}
log_cds(ctx, cdc);
/*
* Filter out unresponsive servers, and
--- 1236,1280 ----
if (req == AD_DISC_GLOBAL)
validate_global = B_TRUE;
else {
if (is_fixed(&ctx->site_name))
validate_site = B_TRUE;
! if (req == AD_DISC_PREFER_SITE)
validate_global = B_TRUE;
}
! /*
! * If we're trying both site-specific and global,
! * try the site-specific first, then fall-back.
! */
! if (validate_site) {
! site_name_item = &ctx->site_name;
! site_name = (char *)site_name_item->value;
+ if (!is_valid(&ctx->site_domain_controller) ||
+ is_changed(&ctx->site_domain_controller, PARAM1,
+ domain_name_item) ||
+ is_changed(&ctx->site_domain_controller, PARAM2,
+ site_name_item)) {
+ char rr_name[DNS_MAX_NAME];
+
/*
* Lookup DNS SRV RR named
! * _ldap._tcp.<SiteName>._sites.dc._msdcs.<DomainName>
*/
! DEBUG1STATUS(ctx, "DNS SRV query, dom=%s, site=%s",
! domain_name, site_name);
! (void) snprintf(rr_name, sizeof (rr_name),
! LDAP_SRV_HEAD SITE_SRV_MIDDLE DC_SRV_TAIL,
! site_name);
DO_RES_NINIT(ctx);
! cdc = srv_query(&ctx->res_state, rr_name,
domain_name, prefer_dc);
if (cdc == NULL) {
DEBUG1STATUS(ctx, "(no DNS response)");
! goto try_global;
}
log_cds(ctx, cdc);
/*
* Filter out unresponsive servers, and
*** 1274,1317 ****
srv_free(cdc);
cdc = NULL;
if (dc == NULL) {
DEBUG1STATUS(ctx, "(no LDAP response)");
! return (NULL);
}
log_ds(ctx, dc);
! update_item(&ctx->domain_controller, dc,
AD_STATE_AUTO, dc->ttl);
! update_version(&ctx->domain_controller, PARAM1,
domain_name_item);
}
! return (&ctx->domain_controller);
}
! if (validate_site) {
! site_name_item = &ctx->site_name;
! site_name = (char *)site_name_item->value;
! if (!is_valid(&ctx->site_domain_controller) ||
! is_changed(&ctx->site_domain_controller, PARAM1,
! domain_name_item) ||
! is_changed(&ctx->site_domain_controller, PARAM2,
! site_name_item)) {
! char rr_name[DNS_MAX_NAME];
/*
* Lookup DNS SRV RR named
! * _ldap._tcp.<SiteName>._sites.dc._msdcs.<DomainName>
*/
! DEBUG1STATUS(ctx, "DNS SRV query, dom=%s, site=%s",
! domain_name, site_name);
! (void) snprintf(rr_name, sizeof (rr_name),
! LDAP_SRV_HEAD SITE_SRV_MIDDLE DC_SRV_TAIL,
! site_name);
DO_RES_NINIT(ctx);
! cdc = srv_query(&ctx->res_state, rr_name,
domain_name, prefer_dc);
if (cdc == NULL) {
DEBUG1STATUS(ctx, "(no DNS response)");
return (NULL);
--- 1288,1327 ----
srv_free(cdc);
cdc = NULL;
if (dc == NULL) {
DEBUG1STATUS(ctx, "(no LDAP response)");
! goto try_global;
}
log_ds(ctx, dc);
! update_item(&ctx->site_domain_controller, dc,
AD_STATE_AUTO, dc->ttl);
! update_version(&ctx->site_domain_controller, PARAM1,
domain_name_item);
+ update_version(&ctx->site_domain_controller, PARAM2,
+ site_name_item);
}
! return (&ctx->site_domain_controller);
}
! try_global:
! if (validate_global) {
! if (!is_valid(&ctx->domain_controller) ||
! is_changed(&ctx->domain_controller, PARAM1,
! domain_name_item)) {
/*
* Lookup DNS SRV RR named
! * _ldap._tcp.dc._msdcs.<DomainName>
*/
! DEBUG1STATUS(ctx, "DNS SRV query, dom=%s",
! domain_name);
DO_RES_NINIT(ctx);
! cdc = srv_query(&ctx->res_state,
! LDAP_SRV_HEAD DC_SRV_TAIL,
domain_name, prefer_dc);
if (cdc == NULL) {
DEBUG1STATUS(ctx, "(no DNS response)");
return (NULL);
*** 1334,1352 ****
DEBUG1STATUS(ctx, "(no LDAP response)");
return (NULL);
}
log_ds(ctx, dc);
! update_item(&ctx->site_domain_controller, dc,
AD_STATE_AUTO, dc->ttl);
! update_version(&ctx->site_domain_controller, PARAM1,
domain_name_item);
- update_version(&ctx->site_domain_controller, PARAM2,
- site_name_item);
}
! return (&ctx->site_domain_controller);
}
return (NULL);
}
ad_disc_ds_t *
ad_disc_get_DomainController(ad_disc_t ctx, enum ad_disc_req req,
--- 1344,1361 ----
DEBUG1STATUS(ctx, "(no LDAP response)");
return (NULL);
}
log_ds(ctx, dc);
! update_item(&ctx->domain_controller, dc,
AD_STATE_AUTO, dc->ttl);
! update_version(&ctx->domain_controller, PARAM1,
domain_name_item);
}
! return (&ctx->domain_controller);
}
+
return (NULL);
}
ad_disc_ds_t *
ad_disc_get_DomainController(ad_disc_t ctx, enum ad_disc_req req,
*** 1514,1573 ****
/* If the values is fixed there will not be a site specific version */
if (is_fixed(&ctx->global_catalog))
return (&ctx->global_catalog);
forest_name_item = validate_ForestName(ctx);
! if (forest_name_item == NULL)
return (NULL);
forest_name = (char *)forest_name_item->value;
if (req == AD_DISC_GLOBAL)
validate_global = B_TRUE;
else {
if (is_fixed(&ctx->site_name))
validate_site = B_TRUE;
! else if (req == AD_DISC_PREFER_SITE)
validate_global = B_TRUE;
}
! if (validate_global) {
! if (!is_valid(&ctx->global_catalog) ||
! is_changed(&ctx->global_catalog, PARAM1,
! forest_name_item)) {
/*
* See if our DC is also a GC.
*/
dc_item = validate_DomainController(ctx, req);
if (dc_item != NULL) {
ad_disc_ds_t *ds = dc_item->value;
if ((ds->flags & DS_GC_FLAG) != 0) {
DEBUG1STATUS(ctx,
! "DC is also a GC for %s",
! forest_name);
gc = ds_dup(ds);
if (gc != NULL) {
gc->port = GC_PORT;
! goto update_global;
}
}
}
/*
* Lookup DNS SRV RR named:
! * _ldap._tcp.gc._msdcs.<ForestName>
*/
! DEBUG1STATUS(ctx, "DNS SRV query, forest=%s",
! forest_name);
DO_RES_NINIT(ctx);
! cgc = srv_query(&ctx->res_state,
! LDAP_SRV_HEAD GC_SRV_TAIL,
forest_name, NULL);
if (cgc == NULL) {
DEBUG1STATUS(ctx, "(no DNS response)");
! return (NULL);
}
log_cds(ctx, cgc);
/*
* Filter out unresponsive servers, and
--- 1523,1597 ----
/* If the values is fixed there will not be a site specific version */
if (is_fixed(&ctx->global_catalog))
return (&ctx->global_catalog);
forest_name_item = validate_ForestName(ctx);
! if (forest_name_item == NULL) {
! DEBUG1STATUS(ctx, "(no forrest name)");
return (NULL);
+ }
forest_name = (char *)forest_name_item->value;
if (req == AD_DISC_GLOBAL)
validate_global = B_TRUE;
else {
if (is_fixed(&ctx->site_name))
validate_site = B_TRUE;
! if (req == AD_DISC_PREFER_SITE)
validate_global = B_TRUE;
}
! /*
! * If we're trying both site-specific and global,
! * try the site-specific first, then fall-back.
! */
! if (validate_site) {
! site_name_item = &ctx->site_name;
! site_name = (char *)site_name_item->value;
+ if (!is_valid(&ctx->site_global_catalog) ||
+ is_changed(&ctx->site_global_catalog, PARAM1,
+ forest_name_item) ||
+ is_changed(&ctx->site_global_catalog, PARAM2,
+ site_name_item)) {
+ char rr_name[DNS_MAX_NAME];
+
/*
* See if our DC is also a GC.
*/
dc_item = validate_DomainController(ctx, req);
if (dc_item != NULL) {
ad_disc_ds_t *ds = dc_item->value;
if ((ds->flags & DS_GC_FLAG) != 0) {
DEBUG1STATUS(ctx,
! "DC is also a GC for %s in %s",
! forest_name, site_name);
gc = ds_dup(ds);
if (gc != NULL) {
gc->port = GC_PORT;
! goto update_site;
}
}
}
/*
* Lookup DNS SRV RR named:
! * _ldap._tcp.<siteName>._sites.gc.
! * _msdcs.<ForestName>
*/
! DEBUG1STATUS(ctx, "DNS SRV query, forest=%s, site=%s",
! forest_name, site_name);
! (void) snprintf(rr_name, sizeof (rr_name),
! LDAP_SRV_HEAD SITE_SRV_MIDDLE GC_SRV_TAIL,
! site_name);
DO_RES_NINIT(ctx);
! cgc = srv_query(&ctx->res_state, rr_name,
forest_name, NULL);
if (cgc == NULL) {
DEBUG1STATUS(ctx, "(no DNS response)");
! goto try_global;
}
log_cds(ctx, cgc);
/*
* Filter out unresponsive servers, and
*** 1581,1644 ****
srv_free(cgc);
cgc = NULL;
if (gc == NULL) {
DEBUG1STATUS(ctx, "(no LDAP response)");
! return (NULL);
}
log_ds(ctx, gc);
! update_global:
! update_item(&ctx->global_catalog, gc,
AD_STATE_AUTO, gc->ttl);
! update_version(&ctx->global_catalog, PARAM1,
forest_name_item);
}
! return (&ctx->global_catalog);
}
! if (validate_site) {
! site_name_item = &ctx->site_name;
! site_name = (char *)site_name_item->value;
! if (!is_valid(&ctx->site_global_catalog) ||
! is_changed(&ctx->site_global_catalog, PARAM1,
! forest_name_item) ||
! is_changed(&ctx->site_global_catalog, PARAM2,
! site_name_item)) {
! char rr_name[DNS_MAX_NAME];
/*
* See if our DC is also a GC.
*/
dc_item = validate_DomainController(ctx, req);
if (dc_item != NULL) {
ad_disc_ds_t *ds = dc_item->value;
if ((ds->flags & DS_GC_FLAG) != 0) {
DEBUG1STATUS(ctx,
! "DC is also a GC for %s in %s",
! forest_name, site_name);
gc = ds_dup(ds);
if (gc != NULL) {
gc->port = GC_PORT;
! goto update_site;
}
}
}
/*
* Lookup DNS SRV RR named:
! * _ldap._tcp.<siteName>._sites.gc.
! * _msdcs.<ForestName>
*/
! DEBUG1STATUS(ctx, "DNS SRV query, forest=%s, site=%s",
! forest_name, site_name);
! (void) snprintf(rr_name, sizeof (rr_name),
! LDAP_SRV_HEAD SITE_SRV_MIDDLE GC_SRV_TAIL,
! site_name);
DO_RES_NINIT(ctx);
! cgc = srv_query(&ctx->res_state, rr_name,
forest_name, NULL);
if (cgc == NULL) {
DEBUG1STATUS(ctx, "(no DNS response)");
return (NULL);
--- 1605,1663 ----
srv_free(cgc);
cgc = NULL;
if (gc == NULL) {
DEBUG1STATUS(ctx, "(no LDAP response)");
! goto try_global;
}
log_ds(ctx, gc);
! update_site:
! update_item(&ctx->site_global_catalog, gc,
AD_STATE_AUTO, gc->ttl);
! update_version(&ctx->site_global_catalog, PARAM1,
forest_name_item);
+ update_version(&ctx->site_global_catalog, PARAM2,
+ site_name_item);
}
! return (&ctx->site_global_catalog);
}
! try_global:
! if (validate_global) {
! if (!is_valid(&ctx->global_catalog) ||
! is_changed(&ctx->global_catalog, PARAM1,
! forest_name_item)) {
/*
* See if our DC is also a GC.
*/
dc_item = validate_DomainController(ctx, req);
if (dc_item != NULL) {
ad_disc_ds_t *ds = dc_item->value;
if ((ds->flags & DS_GC_FLAG) != 0) {
DEBUG1STATUS(ctx,
! "DC is also a GC for %s",
! forest_name);
gc = ds_dup(ds);
if (gc != NULL) {
gc->port = GC_PORT;
! goto update_global;
}
}
}
/*
* Lookup DNS SRV RR named:
! * _ldap._tcp.gc._msdcs.<ForestName>
*/
! DEBUG1STATUS(ctx, "DNS SRV query, forest=%s",
! forest_name);
DO_RES_NINIT(ctx);
! cgc = srv_query(&ctx->res_state,
! LDAP_SRV_HEAD GC_SRV_TAIL,
forest_name, NULL);
if (cgc == NULL) {
DEBUG1STATUS(ctx, "(no DNS response)");
return (NULL);
*** 1661,1679 ****
DEBUG1STATUS(ctx, "(no LDAP response)");
return (NULL);
}
log_ds(ctx, gc);
! update_site:
! update_item(&ctx->site_global_catalog, gc,
AD_STATE_AUTO, gc->ttl);
! update_version(&ctx->site_global_catalog, PARAM1,
forest_name_item);
- update_version(&ctx->site_global_catalog, PARAM2,
- site_name_item);
}
! return (&ctx->site_global_catalog);
}
return (NULL);
}
--- 1680,1696 ----
DEBUG1STATUS(ctx, "(no LDAP response)");
return (NULL);
}
log_ds(ctx, gc);
! update_global:
! update_item(&ctx->global_catalog, gc,
AD_STATE_AUTO, gc->ttl);
! update_version(&ctx->global_catalog, PARAM1,
forest_name_item);
}
! return (&ctx->global_catalog);
}
return (NULL);
}