summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-05-18 15:37:21 -0400
committerStephen Gallagher <sgallagh@redhat.com>2010-05-20 14:09:56 -0400
commit88f059faa6742fa84750127fcc9307cd319c6f7d (patch)
tree9c0b81d3f7beed7336edc8c8d46b74229bc233a7
parentc9b3c2d376669fe6776b61113682efbd7e9c22b5 (diff)
downloadsssd-88f059faa6742fa84750127fcc9307cd319c6f7d.tar.gz
sssd-88f059faa6742fa84750127fcc9307cd319c6f7d.tar.bz2
sssd-88f059faa6742fa84750127fcc9307cd319c6f7d.zip
Add a better error message for TLS failures
-rw-r--r--src/providers/ldap/sdap_async_connection.c35
1 files changed, 32 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index 2748ed51..98249ea6 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -55,8 +55,10 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx,
struct timeval tv;
int ver;
int lret;
+ int optret;
int ret = EOK;
int msgid;
+ char *errmsg = NULL;
bool ldap_referrals;
req = tevent_req_create(memctx, &state, struct sdap_connect_state);
@@ -144,7 +146,19 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx,
lret = ldap_start_tls(state->sh->ldap, NULL, NULL, &msgid);
if (lret != LDAP_SUCCESS) {
- DEBUG(3, ("ldap_start_tls failed: [%s]\n", ldap_err2string(lret)));
+ optret = ldap_get_option(state->sh->ldap,
+ LDAP_OPT_DIAGNOSTIC_MESSAGE,
+ (void*)&errmsg);
+ if (optret == LDAP_SUCCESS) {
+ DEBUG(3, ("ldap_start_tls failed: [%s] [%s]\n",
+ ldap_err2string(lret),
+ errmsg));
+ ldap_memfree(errmsg);
+ }
+ else {
+ DEBUG(3, ("ldap_start_tls failed: [%s]\n",
+ ldap_err2string(lret)));
+ }
goto fail;
}
@@ -183,7 +197,9 @@ static void sdap_connect_done(struct sdap_op *op,
struct sdap_connect_state *state = tevent_req_data(req,
struct sdap_connect_state);
char *errmsg;
+ char *tlserr;
int ret;
+ int optret;
if (error) {
tevent_req_error(req, error);
@@ -212,8 +228,21 @@ static void sdap_connect_done(struct sdap_op *op,
/* FIXME: take care that ldap_install_tls might block */
ret = ldap_install_tls(state->sh->ldap);
if (ret != LDAP_SUCCESS) {
- DEBUG(1, ("ldap_install_tls failed: [%d][%s]\n", ret,
- ldap_err2string(ret)));
+
+ optret = ldap_get_option(state->sh->ldap,
+ LDAP_OPT_DIAGNOSTIC_MESSAGE,
+ (void*)&tlserr);
+ if (optret == LDAP_SUCCESS) {
+ DEBUG(3, ("ldap_install_tls failed: [%s] [%s]\n",
+ ldap_err2string(ret),
+ tlserr));
+ ldap_memfree(tlserr);
+ }
+ else {
+ DEBUG(3, ("ldap_install_tls failed: [%s]\n",
+ ldap_err2string(ret)));
+ }
+
state->result = ret;
tevent_req_error(req, EIO);
return;