This should help us diagnose issues with ldap_result() returning -1. The only catch is that it relies on the openldap libraries setting the error code properly, which they do not always do.*
* As part of my tests, I reverted the openldap libraries to the 2.4.29 release that was broken with SSSD, causing ldap_result to return -1 all the time. The LDAP_OPT_RESULT_CODE in that case was LDAP_SUCCESS.
From 8c96b4c9eba6590a905f43b2d0b2e1610c8171f6 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Wed, 21 Mar 2012 09:24:13 -0400 Subject: [PATCH] LDAP: Add better error logging when ldap_result() fails --- src/providers/ldap/sdap_async.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 306d76227b0add6dd4ad9a675dcfbb2b359544f6..076a3f22006eb2c27c295aa50bff1e2b3f58bfa9 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -185,7 +185,9 @@ static void sdap_process_result(struct tevent_context *ev, void *pvt) } if (ret == -1) { - DEBUG(4, ("ldap_result gave -1, something bad happend!\n")); + ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &ret); + DEBUG(SSSDBG_OP_FAILURE, + ("ldap_result error: [%s]\n", ldap_err2string(ret))); sdap_handle_release(sh); return; } -- 1.7.7.6
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel