[Freeipa-devel] [PATCH 0142] Improve LDAP error logging

Tomas Babej tbabej at redhat.com
Tue May 14 09:46:53 UTC 2013 

On 05/07/2013 09:36 AM, Tomas Hozza wrote:
> On 04/09/2013 03:27 PM, Petr Spacek wrote:
>> Hello,
>>
>> Improve LDAP error logging.
>>
>> Diagnostic error message is logged when it is available.
>>
>>
>> Plugin with this patch produces messages like:
>>
>> LDAP error: Server is unwilling to perform: Minimum SSF not met.: bind
>> to LDAP server failed
>>
>> intead of
>>
>> bind to LDAP server failed: Server is unwilling to perform
>>
>>
>> Second example is:
>>
>> LDAP error: Object class violation: attribute "mgrecord" not allowed
>> : while modifying(add) entry 'idnsName=pspacek,
>> idnsname=example.com,cn=dns,dc=e,dc=test'
>>
>> instead of
>>
>> ""
>>
>> :-D
>>
> <snip>
>> diff --git a/src/log.h b/src/log.h
>> index 312f24322fd0c6f9943c6beb810ac0bcd8f3896c..cbf1a3faaaccea7391d65d018e80d8ec688fc111 100644
>>
>> --- a/src/log.h
>>
>> +++ b/src/log.h
>>
>> @@ -55,16 +55,30 @@
>>
>> log_write(GET_LOG_LEVEL(level), format, ##__VA_ARGS__)
>> /* LDAP logging functions */
>> -#define log_ldap_error(ld) 						\
>> - 	do { 								\
>> - 		int err; 						\
>> - 		char *errmsg = "<UNKNOWN>"; 				\
>> - 		if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &err) 	\
>> - 			== LDAP_OPT_SUCCESS) 				\
>> - 				errmsg = ldap_err2string(err); 		\
>> - 		log_error_position("LDAP error: %s", errmsg); 		\
>> - 	} while (0); 							\
>> +#define LOG_LDAP_ERR_PREFIX "LDAP error: "
>> +#define log_ldap_error(ld, desc, ...) 							\
>> + 	do { 											\
>> + 		int err; 									\
>> + 		char *errmsg = NULL; 								\
>> + 		char *diagmsg = NULL; 								\
>> + 		if (ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &err) 				\
>> + 			== LDAP_OPT_SUCCESS) { 							\
>> + 				errmsg = ldap_err2string(err); 					\
> Getting error msg for the first time here.
>
>> + 				if (ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, &diagmsg) 	\
>> + 					== LDAP_OPT_SUCCESS && diagmsg != NULL) { 		\
>> + 						errmsg = ldap_err2string(err);			\
> Again getting error msg with the same "err". Maybe a copy-paste error?
>
>> + 						log_error(LOG_LDAP_ERR_PREFIX "%s: %s: " desc, 	\
>> + 							errmsg, diagmsg, ##__VA_ARGS__); 	\
>> + 						ldap_memfree(diagmsg); 				\
>> + 				} else 								\
>> + 						log_error(LOG_LDAP_ERR_PREFIX "%s: " desc, 	\
>> + 							errmsg, ##__VA_ARGS__); 		\
>> + 		} else { 									\
>> + 				log_error(LOG_LDAP_ERR_PREFIX 					\
>> + 					"<unable to obtain LDAP error code>: " 			\
>> + 					desc, ##__VA_ARGS__); 					\
>> + 		} 										\
>> + 	} while (0);
>> void
>> log_write(int level, const char *format, ...) ISC_FORMAT_PRINTF(2, 3);
>
> Regards,
>
> Tomas Hozza
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK, provides the desired info.

Tomas

More information about the Freeipa-devel mailing list