closing thread:: Hi P,
I would like to thank you and Howard for your help/direction and all others for the hard work on openldap. Thanx for not simply giving the code and instead instigating the investigation process. I've got the additionally info using ldap_get_option/ LDAP_OPT_DIAGNOSTIC_MESSAGE. will evaluate and try rewriting it using async calls. But for now, i'm very happy i got it working. Appreciated for the patience and help. -wm On 09/03/2014, at 05:46, Pierangelo Masarati <[email protected]> wrote: > On 03/08/2014 11:39 PM, Werner M wrote: >> >> On 08/03/2014, at 18:01, Pierangelo Masarati <[email protected]> >> wrote: >> >>> On 03/08/2014 09:27 PM, Werner - Google wrote: >>>> Hi, >>>> >>>> I've the sample code bellow, and when i intentionally put the wrong >>>> credentials, i get from "ldap_err2string( rc ) the error message: >>>> "Invalid credentials". >>>> >>>> But monitoring network traffic with wireshark, i can see that on the >>>> bindResponse packet that returns from the server, i also get a more >>>> detailed message. In my/this test case, >>>> >>>> "errorMessage: 80090308: LdapErr: DSID-0C0903AA, comment: >>>> AcceptSecurityContext error, data 525, v1772" >>>> >>>> attached is also an image of the wireshark showing what i mean. >>> >>> ldap_err2string() (deprecated, BTW, like most of the functions you're using >>> in your example code) maps an error code onto a static string. What you're >>> looking for is the contents of the diagnosticMessage in a LDAP result. You >>> can get it with ldap_parse_result(), but you need a LDAPMessage first. >>> >>> See the client tools for an example of usage of non-deprecated functions >>> that return the contents of the diagnosticMessage. >>> >>> p. >>> >> >> Hi Pierangelo, >> I have looking a lot at the client tools, but all of them use the >> asynchronous functions/metodoly (ldap_bind/ldap_search_ext()..), and the >> code i'm trying to fix , has it's entire logic written based on the >> synchronous versions of bind/search. >> >> And i could not find a way of using ldap_parse_result in this >> situation. I'm probably overlooking and/or not understanding how this works >> correctly. If you could point me in the correct direction if it's doable >> with the synchronous versions, i would appreciate it much. > > If the LDAP handle is being used exclusively for one operation at a time (as > it is presumably, since it uses synchronous operations) you can get that > message using ldap_get_option() with LDAP_OPT_DIAGNOSTIC_MESSAGE after the > operation completed, as already indicated by Howard. > > We already pointed you in the right direction: look at the client tools, they > usually do everything is worth doing in what is thought to be the right way. > If you want a quick'n'dirty answer, use the synchronous calls. If you want > more information, it's a lot of work to collect it using calls like > ldap_get_option(), which is basically a workaround. Asynchronous calls are > way much powerful. Yes, you'll probably have to redesign and then rewrite > your code. > > p. > >> >> Thanks >> -wm >> >> >> >>>> >>>> Question is, is there a way i could retrieve this more detailed message? >>>> >>>> Thanks in advance for any help >>>> Regards. >>>> >>>> --- >>>> sample code: >>>> >>>> >>>> if ( (ld = (LDAP *)ldap_init( pHostName, iPortNum )) == NULL ) { >>>> perror( "ldap_init failed. Reason?:" ); >>>> exit ( 1 ); >>>> } >>>> >>>> if ( (rc=ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != >>>> LDAP_SUCCESS ){ >>>> fprintf( stderr, "ldap_set_option(LDAP_OPT_PROTOCOL_VERSION): %s\n", >>>> ldap_err2string( rc ) ); >>>> exit( 1 ); >>>> } >>>> >>>> if ( (rc=ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF)) != >>>> LDAP_SUCCESS){ >>>> fprintf( stderr, "ldap_set_option(LDAP_OPT_REFERRALS): %s\n", >>>> ldap_err2string( rc )); >>>> exit( 1 ); >>>> } >>>> >>>> rc = ldap_simple_bind_s( ld, "auth_dn", "auth_pw" ); >>>> >>>> >>>> if ( rc != LDAP_SUCCESS ) { >>>> fprintf( stderr, "ldap_simple_bind_s() Failed: %s [%d]\n", >>>> ldap_err2string(rc), rc); >>>> ldap_unbind_s(ld); /* try unbind the failed connection anyway */ >>>> exit ( 1 ); >>>> } >>>> >>>> >>> >>> >>> -- >>> Pierangelo Masarati >>> Associate Professor >>> Dipartimento di Scienze e Tecnologie Aerospaziali >>> Politecnico di Milano >>> >> >> >> > > > -- > Pierangelo Masarati > Associate Professor > Dipartimento di Scienze e Tecnologie Aerospaziali > Politecnico di Milano >
