Hello,
Improve LDAP error logging.
Diagnostic error message is logged when it is available.
Plugin with this patch produces messages like:
LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind to LDAP
server failed
intead of
bind to LDAP server failed: Server is unwilling to perform
Second example is:
LDAP error: Object class violation: attribute "mgrecord" not allowed
: while modifying(add) entry 'idnsName=pspacek,
idnsname=example.com,cn=dns,dc=e,dc=test'
instead of
""
:-D
--
Petr^2 Spacek
From 183a8019c8217b6db79766e0ac93c48344fb2498 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Tue, 9 Apr 2013 15:19:36 +0200
Subject: [PATCH] Improve LDAP error logging.
Diagnostic error message is logged when it is available.
Signed-off-by: Petr Spacek <pspa...@redhat.com>
---
src/ldap_entry.c | 2 +-
src/ldap_helper.c | 11 +++++------
src/log.h | 33 ++++++++++++++++++++++++---------
3 files changed, 30 insertions(+), 16 deletions(-)
diff --git a/src/ldap_entry.c b/src/ldap_entry.c
index 3e82b39d31c7ed13255de61d0763800b4d01efef..2a2c7b5291d446c248389ca37b4b51405b213aad 100644
--- a/src/ldap_entry.c
+++ b/src/ldap_entry.c
@@ -217,7 +217,7 @@ ldap_entry_create(isc_mem_t *mctx, LDAP *ld, LDAPMessage *ldap_entry,
entry->dn = ldap_get_dn(ld, ldap_entry);
if (entry->dn == NULL) {
- log_ldap_error(ld);
+ log_ldap_error(ld, "unable to get entry DN");
CLEANUP_WITH(ISC_R_FAILURE);
}
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 385bc4710e9c431904ab99b2405b34c69ea8775d..e86060b0ca4ee2b5646324ae82770947c150b5ae 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -2412,8 +2412,7 @@ force_reconnect:
}
if (ret != LDAP_SUCCESS) {
- log_error("bind to LDAP server failed: %s",
- ldap_err2string(ret));
+ log_ldap_error(ldap_conn->handle, "bind to LDAP server failed");
/*
* Clean the connection handle.
@@ -2475,12 +2474,13 @@ handle_connection_error(ldap_instance_t *ldap_inst, ldap_connection_t *ldap_conn
break;
case LDAP_INVALID_DN_SYNTAX:
case LDAP_INVALID_SYNTAX:
- log_bug("Invalid syntax in handle_connection_error indicates a bug");
+ log_ldap_error(ldap_conn->handle, "invalid syntax in "
+ "handle_connection_error indicates a bug");
result = ISC_R_UNEXPECTEDTOKEN;
break;
default:
/* Try to reconnect on other errors. */
- log_error("LDAP error: %s", ldap_err2string(err_code));
+ log_ldap_error(ldap_conn->handle, "connection error");
reconnect:
if (ldap_conn->tries == 0)
log_error("connection to the LDAP server was lost");
@@ -2579,8 +2579,7 @@ ldap_modify_do(ldap_instance_t *ldap_inst, const char *dn, LDAPMod **mods,
operation_str = "adding";
}
- log_debug(2, "error(%s) %s entry %s", ldap_err2string(err_code),
- operation_str, dn);
+ log_ldap_error(ldap_conn->handle, "while %s entry '%s'", operation_str, dn);
/* do not error out if we are trying to delete an
* unexisting attribute */
diff --git a/src/log.h b/src/log.h
index 312f24322fd0c6f9943c6beb810ac0bcd8f3896c..cbf1a3faaaccea7391d65d018e80d8ec688fc111 100644
--- a/src/log.h
+++ b/src/log.h
@@ -55,15 +55,30 @@
log_write(GET_LOG_LEVEL(level), format, ##__VA_ARGS__)
/* LDAP logging functions */
-#define log_ldap_error(ld) \
- do { \
- int err; \
- char *errmsg = "<UNKNOWN>"; \
- if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &err) \
- == LDAP_OPT_SUCCESS) \
- errmsg = ldap_err2string(err); \
- log_error_position("LDAP error: %s", errmsg); \
- } while (0); \
+#define LOG_LDAP_ERR_PREFIX "LDAP error: "
+#define log_ldap_error(ld, desc, ...) \
+ do { \
+ int err; \
+ char *errmsg = NULL; \
+ char *diagmsg = NULL; \
+ if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &err) \
+ == LDAP_OPT_SUCCESS) { \
+ errmsg = ldap_err2string(err); \
+ if (ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, &diagmsg) \
+ == LDAP_OPT_SUCCESS && diagmsg != NULL) { \
+ errmsg = ldap_err2string(err); \
+ log_error(LOG_LDAP_ERR_PREFIX "%s: %s: " desc, \
+ errmsg, diagmsg, ##__VA_ARGS__); \
+ ldap_memfree(diagmsg); \
+ } else \
+ log_error(LOG_LDAP_ERR_PREFIX "%s: " desc, \
+ errmsg, ##__VA_ARGS__); \
+ } else { \
+ log_error(LOG_LDAP_ERR_PREFIX \
+ "<unable to obtain LDAP error code>: " \
+ desc, ##__VA_ARGS__); \
+ } \
+ } while (0);
void
log_write(int level, const char *format, ...) ISC_FORMAT_PRINTF(2, 3);
--
1.7.11.7
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel