in common/util.hpp [599:642]
static std::pair<int, std::string> execute_ldapsearch( std::string gmsa_account_name,
std::string distinguished_name,
std::string fqdn,
std::string search_string )
{
std::string cmd;
std::pair<int, std::string> ldap_search_result;
// -N: Do not use reverse DNS to canonicalize SASL host name.
// With this flag, ldapsearch uses the IP address directly for identification purposes, rather than trying to resolve it to a hostname.
cmd = std::string( "ldapsearch -o ldif_wrap=no -LLL -Y GSSAPI -H ldap://" ) + fqdn;
cmd += std::string( " -b '" ) + distinguished_name + std::string( "' " ) + search_string;
cmd += std::string( " -N" );
std::cerr << Util::getCurrentTime() << '\t' << "INFO: " << cmd << std::endl;
std::cerr << cmd << std::endl;
for ( int i = 0; i < 2; i++ )
{
ldap_search_result = Util::exec_shell_cmd( cmd );
cmd += ldap_search_result.second;
ldap_search_result.second = cmd;
// Add retry, ldapsearch seems to fail and then succeed on retry
if ( ldap_search_result.first != 0 )
{
std::string err_msg = std::string( "ERROR: ldapsearch failed with FQDN = " ) + fqdn;
std::cerr << err_msg << std::endl;
err_msg = Util::getCurrentTime() +
std::string( "ERROR: ldapsearch failed to get gMSA credentials: " +
ldap_search_result.second );
std::cerr << err_msg << std::endl;
err_msg = ldap_search_result.second + err_msg;
ldap_search_result.second = err_msg;
}
else
{
std::string err_msg = "INFO: ldapsearch succeeded with FQDN = ";
std::cerr << err_msg << fqdn << std::endl;
ldap_search_result.first = 0;
ldap_search_result.second = ldap_search_result.second + err_msg;
break;
}
}
return ldap_search_result;
}