Hello list.
People from SSSD would like to have a better information when some TLS
operation in OpenLDAP library fails, instead of a general
LDAP_CONNECT_ERROR. I already mentioned it on this list some time ago:
http://www.openldap.org/lists/openldap-devel/201105/msg00011.html
I can write a patch for this, but I would like to discuss it with you
before.
I already tried something. I added LDAP_TLS_INITIALIZATION_ERROR (-19)
and LDAP_TLS_NEGOTIATION_ERROR (-20) API error codes and slightly
modified the TLS code in OpenLDAP to propagate the errors. These two new
error codes are sufficient for SSSD.
Currently I have covered only the code for Mozilla NSS backend and it
still needs some tunings. I would like to know, if adding the error
codes this way is acceptable. Should I proceed? Or should it be done a
different way?
Thanks & regards,
Jan
