This should help us diagnose issues with ldap_result() returning -1. The only catch is that it relies on the openldap libraries setting the error code properly, which they do not always do.*
* As part of my tests, I reverted the openldap libraries to the 2.4.29 release that was broken with SSSD, causing ldap_result to return -1 all the time. The LDAP_OPT_RESULT_CODE in that case was LDAP_SUCCESS.
From 8c96b4c9eba6590a905f43b2d0b2e1610c8171f6 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Wed, 21 Mar 2012 09:24:13 -0400
Subject: [PATCH] LDAP: Add better error logging when ldap_result() fails
---
src/providers/ldap/sdap_async.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 306d76227b0add6dd4ad9a675dcfbb2b359544f6..076a3f22006eb2c27c295aa50bff1e2b3f58bfa9 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -185,7 +185,9 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt)
}
if (ret == -1) {
- DEBUG(4, ("ldap_result gave -1, something bad happend!\n"));
+ ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &ret);
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("ldap_result error: [%s]\n", ldap_err2string(ret)));
sdap_handle_release(sh);
return;
}
--
1.7.7.6
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
