On 03/08/2014 11:39 PM, Werner M wrote:
On 08/03/2014, at 18:01, Pierangelo Masarati <[email protected]>
wrote:
On 03/08/2014 09:27 PM, Werner - Google wrote:
Hi,
I've the sample code bellow, and when i intentionally put the wrong
credentials, i get from "ldap_err2string( rc ) the error message:
"Invalid credentials".
But monitoring network traffic with wireshark, i can see that on the
bindResponse packet that returns from the server, i also get a more
detailed message. In my/this test case,
"errorMessage: 80090308: LdapErr: DSID-0C0903AA, comment:
AcceptSecurityContext error, data 525, v1772"
attached is also an image of the wireshark showing what i mean.
ldap_err2string() (deprecated, BTW, like most of the functions you're using in
your example code) maps an error code onto a static string. What you're looking
for is the contents of the diagnosticMessage in a LDAP result. You can get it
with ldap_parse_result(), but you need a LDAPMessage first.
See the client tools for an example of usage of non-deprecated functions that
return the contents of the diagnosticMessage.
p.
Hi Pierangelo,
I have looking a lot at the client tools, but all of them use the
asynchronous functions/metodoly (ldap_bind/ldap_search_ext()..), and the code
i'm trying to fix , has it's entire logic written based on the synchronous
versions of bind/search.
And i could not find a way of using ldap_parse_result in this
situation. I'm probably overlooking and/or not understanding how this works
correctly. If you could point me in the correct direction if it's doable with
the synchronous versions, i would appreciate it much.
If the LDAP handle is being used exclusively for one operation at a time
(as it is presumably, since it uses synchronous operations) you can get
that message using ldap_get_option() with LDAP_OPT_DIAGNOSTIC_MESSAGE
after the operation completed, as already indicated by Howard.
We already pointed you in the right direction: look at the client tools,
they usually do everything is worth doing in what is thought to be the
right way. If you want a quick'n'dirty answer, use the synchronous
calls. If you want more information, it's a lot of work to collect it
using calls like ldap_get_option(), which is basically a workaround.
Asynchronous calls are way much powerful. Yes, you'll probably have to
redesign and then rewrite your code.
p.
Thanks
-wm
Question is, is there a way i could retrieve this more detailed message?
Thanks in advance for any help
Regards.
---
sample code:
if ( (ld = (LDAP *)ldap_init( pHostName, iPortNum )) == NULL ) {
perror( "ldap_init failed. Reason?:" );
exit ( 1 );
}
if ( (rc=ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version)) !=
LDAP_SUCCESS ){
fprintf( stderr, "ldap_set_option(LDAP_OPT_PROTOCOL_VERSION): %s\n",
ldap_err2string( rc ) );
exit( 1 );
}
if ( (rc=ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF)) !=
LDAP_SUCCESS){
fprintf( stderr, "ldap_set_option(LDAP_OPT_REFERRALS): %s\n",
ldap_err2string( rc ));
exit( 1 );
}
rc = ldap_simple_bind_s( ld, "auth_dn", "auth_pw" );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "ldap_simple_bind_s() Failed: %s [%d]\n",
ldap_err2string(rc), rc);
ldap_unbind_s(ld); /* try unbind the failed connection anyway */
exit ( 1 );
}
--
Pierangelo Masarati
Associate Professor
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano
--
Pierangelo Masarati
Associate Professor
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano
