Stephen Gallagher wrote:
> On 07/08/2010 10:43 AM, Stephen Gallagher wrote:
> > This patch replaces the patches in the threads "Log TLS errors to
> > syslog" and "Add syslog messages for LDAP GSSAPI bind"
>
> > Patch 0001: Add sss_log() function
> > Right now, this log function writes to the syslog. In the future,
> > it could be modified to work with ELAPI or another logging API.
>
> > Patch 0002: Add log notifications for startup and shutdown.
>
> > Patch 0003: Add syslog messages for LDAP GSSAPI bind
> > We will now emit a level 0 debug message on keytab errors, and
> > also write to the syslog (LOG_DAEMON)
>
> > Patch 0004: Log TLS errors to syslog
> > Also adds support for detecting LDAPS errors by adding a check for
> > SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
>
> > These patches address https://bugzilla.redhat.com/show_bug.cgi?id=591715
>
>
> A new set of patches are attached, based on off-list code-review by Sumit.
>
Well, it is a step into the right direction but if we really want to use
ELAPI later we will have to change things once again.
We will not be able to just replace the sss_log function at least if we
want to take advantage of the full strength of ELAPI.
The main conceptual difference is that each argument for the functions
needs to have a name. So the right approach would be to have
#define SSS_LOG_LEVEL "level"
#define SSS_LOG_MESSAGE "message"
#define SSS_LOG_REASON "reason"
#define SSS_LOG_KEYTAB_FILE "keytab"
#define SSS_LOG_KERB_ERROR "krberr"
#define SSS_LOG_KERB_ERROR_MESSAGE "krberrmessage"
And instead this
sss_log(SSS_LOG_ERR, "Error reading keytab file [%s]: [%d][%s]. "
"Unable to create GSSAPI-encrypted LDAP connection.",
keytab_name, krberr,
sss_krb5_get_error_message(context, krberr));
have this:
sss_log(SSS_LOG_LEVEL, SSS_LOG_ERR,
SSS_LOG_MESSAGE, "Error reading keytab file [%s]: [%d][%s]. "
SSS_LOG_REASON, "Unable to create GSSAPI-encrypted LDAP
connection.",
SSS_LOG_KEYTAB_FILE, keytab_name,
SSS_LOG_KERB_ERROR, krberr,
SSS_LOG_KERB_ERROR_MESSAGE, sss_krb5_get_error_message(context,
krberr));
Inside the function you can just skip every second parameter since it
has no meaning for syslog but if you do it this way we would not need to
redo the whole thing once again when we move to ELAPI.
But since ELAPI is a bit ephemeral it is up to you to decide what action
is best to take now.
-------------------------
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
