Project

General

Profile

Actions

Bug #16268

closed

libadutils: open_conn could print additional ldap error information

Added by Toomas Soome 14 days ago. Updated 13 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
cifs - CIFS server and client
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
External Bug:
racktop:BSR-14694

Description

Both ldap_lookup_init() and open_conn() in libadutils call ldap_sasl_interactive_bind_s(), and on failure, print ldap_err2string(). However, that error is often a generic error. ldap_lookup_init() calls ldap_perror(), which often contains more specific error information. open_conn() should call this as well to help us diagnose any issues we run into.

Testing:

1. svcadm refresh idmap
2. nltest /dsgetdcname
3. route add -host <'DC Addr' from nltest> 127.0.0.1 -blackhole
4. idmap show -cv winuser:testuser@domain
Check the idmap log (less `svcs -L idmap`) for log lines like the following:
Wed Dec 20 23:27:10 2023
ldap_sasl_interactive_bind_s() to server dc-02.domain port 3268 failed. (Can't connect to the LDAP server)
dc-02.domain: Can't connect to the LDAP server - Operation now in progress
Wed Dec 20 23:27:12 2023
ldap_sasl_interactive_bind_s() to server dc-02.domain port 3268 failed. (Can't connect to the LDAP server)
dc-02.domain: Can't connect to the LDAP server - Operation now in progress
@ Wed Dec 20 23:27:16 2023
ldap_sasl_interactive_bind_s() to server dc-02.domain port 3268 failed. (Can't connect to the LDAP server)
dc-02.domain: Can't connect to the LDAP server - Operation now in progress
Couldn't open an LDAP connection to any global catalog server!
The lines starting with the DC FQDN are new.
You can undo the blackhole route with 'route delete <DC Addr> 127.0.0.1'.

Actions #1

Updated by Electric Monk 14 days ago

  • Gerrit CR set to 3284
Actions #2

Updated by Toomas Soome 13 days ago

  • Status changed from In Progress to Pending RTI
Actions #3

Updated by Electric Monk 13 days ago

  • Status changed from Pending RTI to Closed
  • % Done changed from 90 to 100

git commit 67fccfff28f489c43f3df530e10c2d2075336f16

commit  67fccfff28f489c43f3df530e10c2d2075336f16
Author: Matt Barden <mbarden@racktopsystems.com>
Date:   2024-02-11T06:52:54.000Z

    16268 libadutils: open_conn could print additional ldap error information
    Reviewed by: Gordon Ross <gwr@racktopsystems.com>
    Reviewed by: Andy Fiddaman <illumos@fiddaman.net>
    Reviewed by: Bill Sommerfeld <sommerfeld@hamachi.org>
    Approved by: Robert Mustacchi <rm@fingolfin.org>

Actions

Also available in: Atom PDF