From d6697b683d3f3517c41e5bbb4b9033fa860fd9d0 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Nov 06 2014 09:45:16 +0000
Subject: Fix upgrade: do not use invalid ldap connection


Ticket: https://fedorahosted.org/freeipa/ticket/4670
Reviewed-By: Jan Cholasta <jcholast@redhat.com>

---

diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 6bed046..47f0399 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -889,3 +889,9 @@ class LDAPUpdate:
         self._run_updates(updates)
 
         return self.modified
+
+    def close_connection(self):
+        """Close ldap connection"""
+        if self.conn:
+            self.conn.unbind()
+            self.conn = None
diff --git a/ipaserver/install/plugins/updateclient.py b/ipaserver/install/plugins/updateclient.py
index 7566b6c..8f5c5b5 100644
--- a/ipaserver/install/plugins/updateclient.py
+++ b/ipaserver/install/plugins/updateclient.py
@@ -122,6 +122,9 @@ class updateclient(backend.Executioner):
         for update in self.order(updatetype):
             (restart, apply_now, res) = self.run(update.name, **kw)
             if restart:
+                # connection has to be closed before restart, otherwise
+                # ld instance will try to reuse old non-valid connection
+                ld.close_connection()
                 self.restart(dm_password, live_run)
 
             if apply_now: