Re: [Freeipa-devel] [PATCH 0142] Improve LDAP error logging
On 05/07/2013 09:36 AM, Tomas Hozza wrote: On 04/09/2013 03:27 PM, Petr Spacek wrote: Hello, Improve LDAP error logging. Diagnostic error message is logged when it is available. Plugin with this patch produces messages like: LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind to LDAP server failed intead of bind to LDAP server failed: Server is unwilling to perform Second example is: LDAP error: Object class violation: attribute mgrecord not allowed : while modifying(add) entry 'idnsName=pspacek, idnsname=example.com,cn=dns,dc=e,dc=test' instead of :-D snip diff --git a/src/log.h b/src/log.h index 312f24322fd0c6f9943c6beb810ac0bcd8f3896c..cbf1a3faaaccea7391d65d018e80d8ec688fc111 100644 --- a/src/log.h +++ b/src/log.h @@ -55,16 +55,30 @@ log_write(GET_LOG_LEVEL(level), format, ##__VA_ARGS__) /* LDAP logging functions */ -#define log_ldap_error(ld) \ - do {\ - int err;\ - char *errmsg = UNKNOWN; \ - if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \ - == LDAP_OPT_SUCCESS)\ - errmsg = ldap_err2string(err); \ - log_error_position(LDAP error: %s, errmsg); \ - } while (0);\ +#define LOG_LDAP_ERR_PREFIX LDAP error: +#define log_ldap_error(ld, desc, ...) \ + do { \ + int err; \ + char *errmsg = NULL; \ + char *diagmsg = NULL; \ + if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \ + == LDAP_OPT_SUCCESS) { \ + errmsg = ldap_err2string(err); \ Getting error msg for the first time here. + if (ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, diagmsg) \ + == LDAP_OPT_SUCCESS diagmsg != NULL) { \ + errmsg = ldap_err2string(err); \ Again getting error msg with the same err. Maybe a copy-paste error? + log_error(LOG_LDAP_ERR_PREFIX %s: %s: desc,\ + errmsg, diagmsg, ##__VA_ARGS__);\ + ldap_memfree(diagmsg); \ + } else \ + log_error(LOG_LDAP_ERR_PREFIX %s: desc,\ + errmsg, ##__VA_ARGS__); \ + } else { \ + log_error(LOG_LDAP_ERR_PREFIX \ + unable to obtain LDAP error code: \ + desc, ##__VA_ARGS__); \ + } \ + } while (0); void log_write(int level, const char *format, ...) ISC_FORMAT_PRINTF(2, 3); Regards, Tomas Hozza ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK, provides the desired info. Tomas ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0142] Improve LDAP error logging
On 14.5.2013 11:46, Tomas Babej wrote: On 05/07/2013 09:36 AM, Tomas Hozza wrote: On 04/09/2013 03:27 PM, Petr Spacek wrote: Hello, Improve LDAP error logging. Diagnostic error message is logged when it is available. Plugin with this patch produces messages like: LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind to LDAP server failed intead of bind to LDAP server failed: Server is unwilling to perform Second example is: LDAP error: Object class violation: attribute mgrecord not allowed : while modifying(add) entry 'idnsName=pspacek, idnsname=example.com,cn=dns,dc=e,dc=test' instead of :-D snip diff --git a/src/log.h b/src/log.h index 312f24322fd0c6f9943c6beb810ac0bcd8f3896c..cbf1a3faaaccea7391d65d018e80d8ec688fc111 100644 --- a/src/log.h +++ b/src/log.h @@ -55,16 +55,30 @@ log_write(GET_LOG_LEVEL(level), format, ##__VA_ARGS__) /* LDAP logging functions */ -#define log_ldap_error(ld) \ - do { \ - int err; \ - char *errmsg = UNKNOWN; \ - if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \ - == LDAP_OPT_SUCCESS) \ - errmsg = ldap_err2string(err); \ - log_error_position(LDAP error: %s, errmsg); \ - } while (0); \ +#define LOG_LDAP_ERR_PREFIX LDAP error: +#define log_ldap_error(ld, desc, ...) \ + do { \ + int err; \ + char *errmsg = NULL; \ + char *diagmsg = NULL; \ + if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \ + == LDAP_OPT_SUCCESS) { \ + errmsg = ldap_err2string(err); \ Getting error msg for the first time here. + if (ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, diagmsg) \ + == LDAP_OPT_SUCCESS diagmsg != NULL) { \ + errmsg = ldap_err2string(err);\ Again getting error msg with the same err. Maybe a copy-paste error? + log_error(LOG_LDAP_ERR_PREFIX %s: %s: desc, \ + errmsg, diagmsg, ##__VA_ARGS__); \ + ldap_memfree(diagmsg); \ + } else \ + log_error(LOG_LDAP_ERR_PREFIX %s: desc, \ + errmsg, ##__VA_ARGS__); \ + } else { \ + log_error(LOG_LDAP_ERR_PREFIX \ + unable to obtain LDAP error code: \ + desc, ##__VA_ARGS__); \ + } \ + } while (0); void log_write(int level, const char *format, ...) ISC_FORMAT_PRINTF(2, 3); Regards, Tomas Hozza ACK, provides the desired info. Pushed to master: af83758cb3f91129399494c95a1847814b1d71a8 -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0142] Improve LDAP error logging
On 7.5.2013 09:36, Tomas Hozza wrote: On 04/09/2013 03:27 PM, Petr Spacek wrote: Hello, Improve LDAP error logging. Diagnostic error message is logged when it is available. Plugin with this patch produces messages like: LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind to LDAP server failed intead of bind to LDAP server failed: Server is unwilling to perform Second example is: LDAP error: Object class violation: attribute mgrecord not allowed : while modifying(add) entry 'idnsName=pspacek, idnsname=example.com,cn=dns,dc=e,dc=test' instead of :-D snip diff --git a/src/log.h b/src/log.h snip +#define LOG_LDAP_ERR_PREFIX LDAP error: +#define log_ldap_error(ld, desc, ...) \ + do { \ + int err; \ + char *errmsg = NULL; \ + char *diagmsg = NULL; \ + if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \ + == LDAP_OPT_SUCCESS) { \ + errmsg = ldap_err2string(err); \ Getting error msg for the first time here. + if (ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, diagmsg) \ + == LDAP_OPT_SUCCESS diagmsg != NULL) { \ + errmsg = ldap_err2string(err); \ Again getting error msg with the same err. Maybe a copy-paste error? + log_error(LOG_LDAP_ERR_PREFIX %s: %s: desc,\ + errmsg, diagmsg, ##__VA_ARGS__);\ + ldap_memfree(diagmsg); \ + } else \ Revised version of the patch is attached. Thank you for catching it. -- Petr Spacek From 0e4785ed024f67a220c13242a5b071509d25a960 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Tue, 9 Apr 2013 15:19:36 +0200 Subject: [PATCH] Improve LDAP error logging. Diagnostic error message is logged when it is available. Signed-off-by: Petr Spacek pspa...@redhat.com --- src/ldap_entry.c | 2 +- src/ldap_helper.c | 11 +-- src/log.h | 32 +++- 3 files changed, 29 insertions(+), 16 deletions(-) diff --git a/src/ldap_entry.c b/src/ldap_entry.c index 3e82b39d31c7ed13255de61d0763800b4d01efef..2a2c7b5291d446c248389ca37b4b51405b213aad 100644 --- a/src/ldap_entry.c +++ b/src/ldap_entry.c @@ -217,7 +217,7 @@ ldap_entry_create(isc_mem_t *mctx, LDAP *ld, LDAPMessage *ldap_entry, entry-dn = ldap_get_dn(ld, ldap_entry); if (entry-dn == NULL) { - log_ldap_error(ld); + log_ldap_error(ld, unable to get entry DN); CLEANUP_WITH(ISC_R_FAILURE); } diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 385bc4710e9c431904ab99b2405b34c69ea8775d..e86060b0ca4ee2b5646324ae82770947c150b5ae 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -2412,8 +2412,7 @@ force_reconnect: } if (ret != LDAP_SUCCESS) { - log_error(bind to LDAP server failed: %s, - ldap_err2string(ret)); + log_ldap_error(ldap_conn-handle, bind to LDAP server failed); /* * Clean the connection handle. @@ -2475,12 +2474,13 @@ handle_connection_error(ldap_instance_t *ldap_inst, ldap_connection_t *ldap_conn break; case LDAP_INVALID_DN_SYNTAX: case LDAP_INVALID_SYNTAX: - log_bug(Invalid syntax in handle_connection_error indicates a bug); + log_ldap_error(ldap_conn-handle, invalid syntax in + handle_connection_error indicates a bug); result = ISC_R_UNEXPECTEDTOKEN; break; default: /* Try to reconnect on other errors. */ - log_error(LDAP error: %s, ldap_err2string(err_code)); + log_ldap_error(ldap_conn-handle, connection error); reconnect: if (ldap_conn-tries == 0) log_error(connection to the LDAP server was lost); @@ -2579,8 +2579,7 @@ ldap_modify_do(ldap_instance_t *ldap_inst, const char *dn, LDAPMod **mods, operation_str = adding; } - log_debug(2, error(%s) %s entry %s, ldap_err2string(err_code), - operation_str, dn); + log_ldap_error(ldap_conn-handle, while %s entry '%s', operation_str, dn); /* do not error out if we are trying to delete an * unexisting attribute */ diff --git a/src/log.h b/src/log.h index 312f24322fd0c6f9943c6beb810ac0bcd8f3896c..3325455fcbf4253b0250749561667468c76fabe4 100644 --- a/src/log.h +++ b/src/log.h @@ -55,15 +55,29 @@
Re: [Freeipa-devel] [PATCH 0142] Improve LDAP error logging
On 04/09/2013 03:27 PM, Petr Spacek wrote: Hello, Improve LDAP error logging. Diagnostic error message is logged when it is available. Plugin with this patch produces messages like: LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind to LDAP server failed intead of bind to LDAP server failed: Server is unwilling to perform Second example is: LDAP error: Object class violation: attribute mgrecord not allowed : while modifying(add) entry 'idnsName=pspacek, idnsname=example.com,cn=dns,dc=e,dc=test' instead of :-D snip diff --git a/src/log.h b/src/log.h index 312f24322fd0c6f9943c6beb810ac0bcd8f3896c..cbf1a3faaaccea7391d65d018e80d8ec688fc111 100644 --- a/src/log.h +++ b/src/log.h @@ -55,16 +55,30 @@ log_write(GET_LOG_LEVEL(level), format, ##__VA_ARGS__) /* LDAP logging functions */ -#define log_ldap_error(ld) \ - do {\ - int err;\ - char *errmsg = UNKNOWN; \ - if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \ - == LDAP_OPT_SUCCESS)\ - errmsg = ldap_err2string(err); \ - log_error_position(LDAP error: %s, errmsg); \ - } while (0);\ +#define LOG_LDAP_ERR_PREFIX LDAP error: +#define log_ldap_error(ld, desc, ...) \ + do { \ + int err; \ + char *errmsg = NULL; \ + char *diagmsg = NULL; \ + if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \ + == LDAP_OPT_SUCCESS) { \ + errmsg = ldap_err2string(err); \ Getting error msg for the first time here. + if (ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, diagmsg) \ + == LDAP_OPT_SUCCESS diagmsg != NULL) { \ + errmsg = ldap_err2string(err); \ Again getting error msg with the same err. Maybe a copy-paste error? + log_error(LOG_LDAP_ERR_PREFIX %s: %s: desc, \ + errmsg, diagmsg, ##__VA_ARGS__);\ + ldap_memfree(diagmsg); \ + } else \ + log_error(LOG_LDAP_ERR_PREFIX %s: desc, \ + errmsg, ##__VA_ARGS__); \ + } else { \ + log_error(LOG_LDAP_ERR_PREFIX \ + unable to obtain LDAP error code: \ + desc, ##__VA_ARGS__); \ + } \ + } while (0); void log_write(int level, const char *format, ...) ISC_FORMAT_PRINTF(2, 3); Regards, Tomas Hozza ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH 0142] Improve LDAP error logging
Hello, Improve LDAP error logging. Diagnostic error message is logged when it is available. Plugin with this patch produces messages like: LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind to LDAP server failed intead of bind to LDAP server failed: Server is unwilling to perform Second example is: LDAP error: Object class violation: attribute mgrecord not allowed : while modifying(add) entry 'idnsName=pspacek, idnsname=example.com,cn=dns,dc=e,dc=test' instead of :-D -- Petr^2 Spacek From 183a8019c8217b6db79766e0ac93c48344fb2498 Mon Sep 17 00:00:00 2001 From: Petr Spacek pspa...@redhat.com Date: Tue, 9 Apr 2013 15:19:36 +0200 Subject: [PATCH] Improve LDAP error logging. Diagnostic error message is logged when it is available. Signed-off-by: Petr Spacek pspa...@redhat.com --- src/ldap_entry.c | 2 +- src/ldap_helper.c | 11 +-- src/log.h | 33 - 3 files changed, 30 insertions(+), 16 deletions(-) diff --git a/src/ldap_entry.c b/src/ldap_entry.c index 3e82b39d31c7ed13255de61d0763800b4d01efef..2a2c7b5291d446c248389ca37b4b51405b213aad 100644 --- a/src/ldap_entry.c +++ b/src/ldap_entry.c @@ -217,7 +217,7 @@ ldap_entry_create(isc_mem_t *mctx, LDAP *ld, LDAPMessage *ldap_entry, entry-dn = ldap_get_dn(ld, ldap_entry); if (entry-dn == NULL) { - log_ldap_error(ld); + log_ldap_error(ld, unable to get entry DN); CLEANUP_WITH(ISC_R_FAILURE); } diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 385bc4710e9c431904ab99b2405b34c69ea8775d..e86060b0ca4ee2b5646324ae82770947c150b5ae 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -2412,8 +2412,7 @@ force_reconnect: } if (ret != LDAP_SUCCESS) { - log_error(bind to LDAP server failed: %s, - ldap_err2string(ret)); + log_ldap_error(ldap_conn-handle, bind to LDAP server failed); /* * Clean the connection handle. @@ -2475,12 +2474,13 @@ handle_connection_error(ldap_instance_t *ldap_inst, ldap_connection_t *ldap_conn break; case LDAP_INVALID_DN_SYNTAX: case LDAP_INVALID_SYNTAX: - log_bug(Invalid syntax in handle_connection_error indicates a bug); + log_ldap_error(ldap_conn-handle, invalid syntax in + handle_connection_error indicates a bug); result = ISC_R_UNEXPECTEDTOKEN; break; default: /* Try to reconnect on other errors. */ - log_error(LDAP error: %s, ldap_err2string(err_code)); + log_ldap_error(ldap_conn-handle, connection error); reconnect: if (ldap_conn-tries == 0) log_error(connection to the LDAP server was lost); @@ -2579,8 +2579,7 @@ ldap_modify_do(ldap_instance_t *ldap_inst, const char *dn, LDAPMod **mods, operation_str = adding; } - log_debug(2, error(%s) %s entry %s, ldap_err2string(err_code), - operation_str, dn); + log_ldap_error(ldap_conn-handle, while %s entry '%s', operation_str, dn); /* do not error out if we are trying to delete an * unexisting attribute */ diff --git a/src/log.h b/src/log.h index 312f24322fd0c6f9943c6beb810ac0bcd8f3896c..cbf1a3faaaccea7391d65d018e80d8ec688fc111 100644 --- a/src/log.h +++ b/src/log.h @@ -55,15 +55,30 @@ log_write(GET_LOG_LEVEL(level), format, ##__VA_ARGS__) /* LDAP logging functions */ -#define log_ldap_error(ld) \ - do {\ - int err; \ - char *errmsg = UNKNOWN;\ - if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \ - == LDAP_OPT_SUCCESS)\ - errmsg = ldap_err2string(err); \ - log_error_position(LDAP error: %s, errmsg); \ - } while (0); \ +#define LOG_LDAP_ERR_PREFIX LDAP error: +#define log_ldap_error(ld, desc, ...) \ + do { \ + int err; \ + char *errmsg = NULL; \ + char *diagmsg = NULL; \ + if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, err) \ + == LDAP_OPT_SUCCESS) { \ + errmsg = ldap_err2string(err);\ + if (ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, diagmsg) \ + == LDAP_OPT_SUCCESS diagmsg != NULL) { \ +errmsg = ldap_err2string(err); \ +log_error(LOG_LDAP_ERR_PREFIX %s: %s: desc, \ + errmsg, diagmsg, ##__VA_ARGS__); \ +ldap_memfree(diagmsg);\ + } else \ +log_error(LOG_LDAP_ERR_PREFIX %s: desc, \ + errmsg, ##__VA_ARGS__); \ + } else { \ + log_error(LOG_LDAP_ERR_PREFIX\ + unable to obtain LDAP error code: \ + desc, ##__VA_ARGS__);\ + }\ + } while (0); void log_write(int level, const char *format, ...) ISC_FORMAT_PRINTF(2, 3); -- 1.7.11.7 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel