On 4/13/2023 10:36 AM, Quanah Gibson-Mount wrote: > > > --On Thursday, April 13, 2023 6:33 PM +0000 Jordan Brown > <openl...@jordan.maileater.net> wrote: > >> I'm already dumping that. But it is not very detailed. I believe >> that's what ldapsearch is dumping; here's some sample output in various >> error cases: > > Those are the result codes that are provided to the client per RFC. > Feel free to write a new RFC expanding on the result codes.
OpenLDAP could have additional non-RFC features that would allow you to retrieve more error information. There are dozens of OpenLDAP-specific options. An OpenLDAP-specific option could retrieve additional error information. There could be a variation on LDAP_OPT_CONNECT_CB - for discussion, call it LDAP_OPT_ERROR_CB - that calls back with error information on any failing connection. (That would be more right than a "get error" option, because it would work when there's more than one server specified.) So the first question is "does OpenLDAP have such a thing?". It sounds like the answer is "no". In that case, please consider this to be a request for such a feature. Diagnosing LDAP client connection problems is a significant cost; anything that we can do to make it easier would be worthwhile. I would be happy to participate in the design and implementation of such a feature. -- Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
