Re: [Freeipa-devel] [PATCH 0142] Improve LDAP error logging
On 05/07/2013 09:36 AM, Tomas Hozza wrote:
On 04/09/2013 03:27 PM, Petr Spacek wrote:
Hello,
Improve LDAP error logging.
Diagnostic error message is logged when it is available.
Plugin with this patch produces messages like:
LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind
to LDAP server failed
intead of
bind to LDAP server failed: Server is unwilling to perform
Second example is:
LDAP error: Object class violation: attribute mgrecord not allowed
: while modifying(add) entry 'idnsName=pspacek,
idnsname=example.com,cn=dns,dc=e,dc=test'
instead of
:-D
snip
diff --git a/src/log.h b/src/log.h
index
312f24322fd0c6f9943c6beb810ac0bcd8f3896c..cbf1a3faaaccea7391d65d018e80d8ec688fc111
100644
--- a/src/log.h
+++ b/src/log.h
@@ -55,16 +55,30 @@
log_write(GET_LOG_LEVEL(level), format, ##__VA_ARGS__)
/* LDAP logging functions */
-#define log_ldap_error(ld) \
- do {\
- int err;\
- char *errmsg = UNKNOWN; \
- if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \
- == LDAP_OPT_SUCCESS)\
- errmsg = ldap_err2string(err); \
- log_error_position(LDAP error: %s, errmsg); \
- } while (0);\
+#define LOG_LDAP_ERR_PREFIX LDAP error:
+#define log_ldap_error(ld, desc, ...)
\
+ do {
\
+ int err;
\
+ char *errmsg = NULL;
\
+ char *diagmsg = NULL;
\
+ if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err)
\
+ == LDAP_OPT_SUCCESS) {
\
+ errmsg = ldap_err2string(err);
\
Getting error msg for the first time here.
+ if (ldap_get_option(ld,
LDAP_OPT_DIAGNOSTIC_MESSAGE, diagmsg) \
+ == LDAP_OPT_SUCCESS diagmsg != NULL)
{ \
+ errmsg = ldap_err2string(err);
\
Again getting error msg with the same err. Maybe a copy-paste error?
+ log_error(LOG_LDAP_ERR_PREFIX %s:
%s: desc,\
+ errmsg, diagmsg,
##__VA_ARGS__);\
+ ldap_memfree(diagmsg);
\
+ } else
\
+ log_error(LOG_LDAP_ERR_PREFIX %s:
desc,\
+ errmsg, ##__VA_ARGS__);
\
+ } else {
\
+ log_error(LOG_LDAP_ERR_PREFIX
\
+ unable to obtain LDAP error code:
\
+ desc, ##__VA_ARGS__);
\
+ }
\
+ } while (0);
void
log_write(int level, const char *format, ...) ISC_FORMAT_PRINTF(2, 3);
Regards,
Tomas Hozza
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK, provides the desired info.
Tomas
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0142] Improve LDAP error logging
On 14.5.2013 11:46, Tomas Babej wrote:
On 05/07/2013 09:36 AM, Tomas Hozza wrote:
On 04/09/2013 03:27 PM, Petr Spacek wrote:
Hello,
Improve LDAP error logging.
Diagnostic error message is logged when it is available.
Plugin with this patch produces messages like:
LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind
to LDAP server failed
intead of
bind to LDAP server failed: Server is unwilling to perform
Second example is:
LDAP error: Object class violation: attribute mgrecord not allowed
: while modifying(add) entry 'idnsName=pspacek,
idnsname=example.com,cn=dns,dc=e,dc=test'
instead of
:-D
snip
diff --git a/src/log.h b/src/log.h
index
312f24322fd0c6f9943c6beb810ac0bcd8f3896c..cbf1a3faaaccea7391d65d018e80d8ec688fc111
100644
--- a/src/log.h
+++ b/src/log.h
@@ -55,16 +55,30 @@
log_write(GET_LOG_LEVEL(level), format, ##__VA_ARGS__)
/* LDAP logging functions */
-#define log_ldap_error(ld) \
- do { \
- int err; \
- char *errmsg = UNKNOWN; \
- if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \
- == LDAP_OPT_SUCCESS) \
- errmsg = ldap_err2string(err); \
- log_error_position(LDAP error: %s, errmsg); \
- } while (0); \
+#define LOG_LDAP_ERR_PREFIX LDAP error:
+#define log_ldap_error(ld, desc, ...) \
+ do { \
+ int err; \
+ char *errmsg = NULL; \
+ char *diagmsg = NULL; \
+ if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE,
err) \
+ == LDAP_OPT_SUCCESS) { \
+ errmsg = ldap_err2string(err); \
Getting error msg for the first time here.
+ if (ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE,
diagmsg) \
+ == LDAP_OPT_SUCCESS diagmsg != NULL) { \
+ errmsg = ldap_err2string(err);\
Again getting error msg with the same err. Maybe a copy-paste error?
+ log_error(LOG_LDAP_ERR_PREFIX %s: %s: desc, \
+ errmsg, diagmsg, ##__VA_ARGS__); \
+ ldap_memfree(diagmsg); \
+ } else \
+ log_error(LOG_LDAP_ERR_PREFIX %s: desc, \
+ errmsg, ##__VA_ARGS__); \
+ } else { \
+ log_error(LOG_LDAP_ERR_PREFIX \
+ unable to obtain LDAP error code: \
+ desc, ##__VA_ARGS__); \
+ } \
+ } while (0);
void
log_write(int level, const char *format, ...) ISC_FORMAT_PRINTF(2, 3);
Regards,
Tomas Hozza
ACK, provides the desired info.
Pushed to master: af83758cb3f91129399494c95a1847814b1d71a8
--
Petr^2 Spacek
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0142] Improve LDAP error logging
On 7.5.2013 09:36, Tomas Hozza wrote:
On 04/09/2013 03:27 PM, Petr Spacek wrote:
Hello,
Improve LDAP error logging.
Diagnostic error message is logged when it is available.
Plugin with this patch produces messages like:
LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind
to LDAP server failed
intead of
bind to LDAP server failed: Server is unwilling to perform
Second example is:
LDAP error: Object class violation: attribute mgrecord not allowed
: while modifying(add) entry 'idnsName=pspacek,
idnsname=example.com,cn=dns,dc=e,dc=test'
instead of
:-D
snip
diff --git a/src/log.h b/src/log.h
snip
+#define LOG_LDAP_ERR_PREFIX LDAP error:
+#define log_ldap_error(ld, desc, ...)
\
+ do {
\
+ int err;
\
+ char *errmsg = NULL;
\
+ char *diagmsg = NULL;
\
+ if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err)
\
+ == LDAP_OPT_SUCCESS) {
\
+ errmsg = ldap_err2string(err);
\
Getting error msg for the first time here.
+ if (ldap_get_option(ld,
LDAP_OPT_DIAGNOSTIC_MESSAGE, diagmsg) \
+ == LDAP_OPT_SUCCESS diagmsg != NULL)
{ \
+ errmsg = ldap_err2string(err);
\
Again getting error msg with the same err. Maybe a copy-paste error?
+ log_error(LOG_LDAP_ERR_PREFIX %s:
%s: desc,\
+ errmsg, diagmsg,
##__VA_ARGS__);\
+ ldap_memfree(diagmsg);
\
+ } else
\
Revised version of the patch is attached. Thank you for catching it.
--
Petr Spacek
From 0e4785ed024f67a220c13242a5b071509d25a960 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Tue, 9 Apr 2013 15:19:36 +0200
Subject: [PATCH] Improve LDAP error logging.
Diagnostic error message is logged when it is available.
Signed-off-by: Petr Spacek pspa...@redhat.com
---
src/ldap_entry.c | 2 +-
src/ldap_helper.c | 11 +--
src/log.h | 32 +++-
3 files changed, 29 insertions(+), 16 deletions(-)
diff --git a/src/ldap_entry.c b/src/ldap_entry.c
index 3e82b39d31c7ed13255de61d0763800b4d01efef..2a2c7b5291d446c248389ca37b4b51405b213aad 100644
--- a/src/ldap_entry.c
+++ b/src/ldap_entry.c
@@ -217,7 +217,7 @@ ldap_entry_create(isc_mem_t *mctx, LDAP *ld, LDAPMessage *ldap_entry,
entry-dn = ldap_get_dn(ld, ldap_entry);
if (entry-dn == NULL) {
- log_ldap_error(ld);
+ log_ldap_error(ld, unable to get entry DN);
CLEANUP_WITH(ISC_R_FAILURE);
}
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 385bc4710e9c431904ab99b2405b34c69ea8775d..e86060b0ca4ee2b5646324ae82770947c150b5ae 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -2412,8 +2412,7 @@ force_reconnect:
}
if (ret != LDAP_SUCCESS) {
- log_error(bind to LDAP server failed: %s,
- ldap_err2string(ret));
+ log_ldap_error(ldap_conn-handle, bind to LDAP server failed);
/*
* Clean the connection handle.
@@ -2475,12 +2474,13 @@ handle_connection_error(ldap_instance_t *ldap_inst, ldap_connection_t *ldap_conn
break;
case LDAP_INVALID_DN_SYNTAX:
case LDAP_INVALID_SYNTAX:
- log_bug(Invalid syntax in handle_connection_error indicates a bug);
+ log_ldap_error(ldap_conn-handle, invalid syntax in
+ handle_connection_error indicates a bug);
result = ISC_R_UNEXPECTEDTOKEN;
break;
default:
/* Try to reconnect on other errors. */
- log_error(LDAP error: %s, ldap_err2string(err_code));
+ log_ldap_error(ldap_conn-handle, connection error);
reconnect:
if (ldap_conn-tries == 0)
log_error(connection to the LDAP server was lost);
@@ -2579,8 +2579,7 @@ ldap_modify_do(ldap_instance_t *ldap_inst, const char *dn, LDAPMod **mods,
operation_str = adding;
}
- log_debug(2, error(%s) %s entry %s, ldap_err2string(err_code),
- operation_str, dn);
+ log_ldap_error(ldap_conn-handle, while %s entry '%s', operation_str, dn);
/* do not error out if we are trying to delete an
* unexisting attribute */
diff --git a/src/log.h b/src/log.h
index 312f24322fd0c6f9943c6beb810ac0bcd8f3896c..3325455fcbf4253b0250749561667468c76fabe4 100644
--- a/src/log.h
+++ b/src/log.h
@@ -55,15 +55,29 @@
Re: [Freeipa-devel] [PATCH 0142] Improve LDAP error logging
On 04/09/2013 03:27 PM, Petr Spacek wrote:
Hello,
Improve LDAP error logging.
Diagnostic error message is logged when it is available.
Plugin with this patch produces messages like:
LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind
to LDAP server failed
intead of
bind to LDAP server failed: Server is unwilling to perform
Second example is:
LDAP error: Object class violation: attribute mgrecord not allowed
: while modifying(add) entry 'idnsName=pspacek,
idnsname=example.com,cn=dns,dc=e,dc=test'
instead of
:-D
snip
diff --git a/src/log.h b/src/log.h
index
312f24322fd0c6f9943c6beb810ac0bcd8f3896c..cbf1a3faaaccea7391d65d018e80d8ec688fc111
100644
--- a/src/log.h
+++ b/src/log.h
@@ -55,16 +55,30 @@
log_write(GET_LOG_LEVEL(level), format, ##__VA_ARGS__)
/* LDAP logging functions */
-#define log_ldap_error(ld) \
- do {\
- int err;\
- char *errmsg = UNKNOWN; \
- if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \
- == LDAP_OPT_SUCCESS)\
- errmsg = ldap_err2string(err); \
- log_error_position(LDAP error: %s, errmsg); \
- } while (0);\
+#define LOG_LDAP_ERR_PREFIX LDAP error:
+#define log_ldap_error(ld, desc, ...)
\
+ do {
\
+ int err;
\
+ char *errmsg = NULL;
\
+ char *diagmsg = NULL;
\
+ if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err)
\
+ == LDAP_OPT_SUCCESS) {
\
+ errmsg = ldap_err2string(err);
\
Getting error msg for the first time here.
+ if (ldap_get_option(ld,
LDAP_OPT_DIAGNOSTIC_MESSAGE, diagmsg) \
+ == LDAP_OPT_SUCCESS diagmsg != NULL)
{ \
+ errmsg = ldap_err2string(err);
\
Again getting error msg with the same err. Maybe a copy-paste error?
+ log_error(LOG_LDAP_ERR_PREFIX
%s: %s: desc, \
+ errmsg, diagmsg,
##__VA_ARGS__);\
+ ldap_memfree(diagmsg);
\
+ } else
\
+ log_error(LOG_LDAP_ERR_PREFIX
%s: desc, \
+ errmsg, ##__VA_ARGS__);
\
+ } else {
\
+ log_error(LOG_LDAP_ERR_PREFIX
\
+ unable to obtain LDAP error code:
\
+ desc, ##__VA_ARGS__);
\
+ }
\
+ } while (0);
void
log_write(int level, const char *format, ...) ISC_FORMAT_PRINTF(2, 3);
Regards,
Tomas Hozza
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH 0142] Improve LDAP error logging
Hello,
Improve LDAP error logging.
Diagnostic error message is logged when it is available.
Plugin with this patch produces messages like:
LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind to LDAP
server failed
intead of
bind to LDAP server failed: Server is unwilling to perform
Second example is:
LDAP error: Object class violation: attribute mgrecord not allowed
: while modifying(add) entry 'idnsName=pspacek,
idnsname=example.com,cn=dns,dc=e,dc=test'
instead of
:-D
--
Petr^2 Spacek
From 183a8019c8217b6db79766e0ac93c48344fb2498 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Tue, 9 Apr 2013 15:19:36 +0200
Subject: [PATCH] Improve LDAP error logging.
Diagnostic error message is logged when it is available.
Signed-off-by: Petr Spacek pspa...@redhat.com
---
src/ldap_entry.c | 2 +-
src/ldap_helper.c | 11 +--
src/log.h | 33 -
3 files changed, 30 insertions(+), 16 deletions(-)
diff --git a/src/ldap_entry.c b/src/ldap_entry.c
index 3e82b39d31c7ed13255de61d0763800b4d01efef..2a2c7b5291d446c248389ca37b4b51405b213aad 100644
--- a/src/ldap_entry.c
+++ b/src/ldap_entry.c
@@ -217,7 +217,7 @@ ldap_entry_create(isc_mem_t *mctx, LDAP *ld, LDAPMessage *ldap_entry,
entry-dn = ldap_get_dn(ld, ldap_entry);
if (entry-dn == NULL) {
- log_ldap_error(ld);
+ log_ldap_error(ld, unable to get entry DN);
CLEANUP_WITH(ISC_R_FAILURE);
}
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 385bc4710e9c431904ab99b2405b34c69ea8775d..e86060b0ca4ee2b5646324ae82770947c150b5ae 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -2412,8 +2412,7 @@ force_reconnect:
}
if (ret != LDAP_SUCCESS) {
- log_error(bind to LDAP server failed: %s,
- ldap_err2string(ret));
+ log_ldap_error(ldap_conn-handle, bind to LDAP server failed);
/*
* Clean the connection handle.
@@ -2475,12 +2474,13 @@ handle_connection_error(ldap_instance_t *ldap_inst, ldap_connection_t *ldap_conn
break;
case LDAP_INVALID_DN_SYNTAX:
case LDAP_INVALID_SYNTAX:
- log_bug(Invalid syntax in handle_connection_error indicates a bug);
+ log_ldap_error(ldap_conn-handle, invalid syntax in
+ handle_connection_error indicates a bug);
result = ISC_R_UNEXPECTEDTOKEN;
break;
default:
/* Try to reconnect on other errors. */
- log_error(LDAP error: %s, ldap_err2string(err_code));
+ log_ldap_error(ldap_conn-handle, connection error);
reconnect:
if (ldap_conn-tries == 0)
log_error(connection to the LDAP server was lost);
@@ -2579,8 +2579,7 @@ ldap_modify_do(ldap_instance_t *ldap_inst, const char *dn, LDAPMod **mods,
operation_str = adding;
}
- log_debug(2, error(%s) %s entry %s, ldap_err2string(err_code),
- operation_str, dn);
+ log_ldap_error(ldap_conn-handle, while %s entry '%s', operation_str, dn);
/* do not error out if we are trying to delete an
* unexisting attribute */
diff --git a/src/log.h b/src/log.h
index 312f24322fd0c6f9943c6beb810ac0bcd8f3896c..cbf1a3faaaccea7391d65d018e80d8ec688fc111 100644
--- a/src/log.h
+++ b/src/log.h
@@ -55,15 +55,30 @@
log_write(GET_LOG_LEVEL(level), format, ##__VA_ARGS__)
/* LDAP logging functions */
-#define log_ldap_error(ld) \
- do {\
- int err; \
- char *errmsg = UNKNOWN;\
- if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \
- == LDAP_OPT_SUCCESS)\
- errmsg = ldap_err2string(err); \
- log_error_position(LDAP error: %s, errmsg); \
- } while (0); \
+#define LOG_LDAP_ERR_PREFIX LDAP error:
+#define log_ldap_error(ld, desc, ...) \
+ do { \
+ int err; \
+ char *errmsg = NULL; \
+ char *diagmsg = NULL; \
+ if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \
+ == LDAP_OPT_SUCCESS) { \
+ errmsg = ldap_err2string(err);\
+ if (ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, diagmsg) \
+ == LDAP_OPT_SUCCESS diagmsg != NULL) { \
+errmsg = ldap_err2string(err); \
+log_error(LOG_LDAP_ERR_PREFIX %s: %s: desc, \
+ errmsg, diagmsg, ##__VA_ARGS__); \
+ldap_memfree(diagmsg);\
+ } else \
+log_error(LOG_LDAP_ERR_PREFIX %s: desc, \
+ errmsg, ##__VA_ARGS__); \
+ } else { \
+ log_error(LOG_LDAP_ERR_PREFIX\
+ unable to obtain LDAP error code: \
+ desc, ##__VA_ARGS__);\
+ }\
+ } while (0);
void
log_write(int level, const char *format, ...) ISC_FORMAT_PRINTF(2, 3);
--
1.7.11.7
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
