[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8059) In client code, set option LDAP_OPT_DEBUG_LEVEL LDAP_DEBUG_ANY does not set option.

To: openldap-its@OpenLDAP.org
Subject: (ITS#8059) In client code, set option LDAP_OPT_DEBUG_LEVEL LDAP_DEBUG_ANY does not set option.
From: peter.driscoll@dionglobal.com
Date: Tue, 17 Feb 2015 04:18:18 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Peter John Driscoll
Version: openldap-2.4.40
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (203.3.133.17)


Set this option does not turn on debugging.

    #define LDAP_DEBUG_ANY          0xffff 
    const int optionValue = LDAP_DEBUG_ANY;
    CHECK_RESULT(ldap_set_option(m_ld, LDAP_OPT_DEBUG_LEVEL, &optionValue),
"ldap_set_option debug level");

Calling ldap_get_option confirms the change. But in  libraries/libldap/sbind.c

int
ldap_simple_bind_s( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd )

The call,
    Debug( LDAP_DEBUG_TRACE, "ldap_simple_bind_s\n", 0, 0, 0 );

Does not log any debug information, because ldap_debug does not returns 0
instead of 0xFFFF. Debug is defined,

#define Debug( level, fmt, arg1, arg2, arg3 ) \
		Log3( (level), 0, (fmt), (arg1), (arg2), (arg3) )

#define Log3( level, severity, fmt, arg1, arg2, arg3 ) \
	do { \
		if ( ldap_debug & (level) ) \
	    		lutil_debug( ldap_debug, (level), (fmt), (arg1), (arg2), (arg3) ); \
	} while ( 0 )

#define ldap_debug	((LDAP_INT_GLOBAL_OPT())->ldo_debug)

The option is set in,  libraries/libldap/options.c

int
ldap_set_option(
        LDAP    *ld,
        int             option,
        LDAP_CONST void *invalue)

starts with

        lo = LDAP_INT_GLOBAL_OPT();

but a few lines down,

        if(ld != NULL) {
                assert( LDAP_VALID( ld ) );

                if( !LDAP_VALID( ld ) ) {
                        return LDAP_OPT_ERROR;
                }

                lo = &ld->ld_options;
        }

This code breaks the logic so that the option is not set in the right place. So
later in the method,
        case LDAP_OPT_DEBUG_LEVEL:
                lo->ldo_debug = * (const int *) invalue;
                rc = LDAP_OPT_SUCCESS;
                break;

is writing to the wrong place, because lo != LDAP_INT_GLOBAL_OPT()

FYI my methods, doing the calling is,

void NovaLdap::Connect()
{
    NovaString ldaps = "ldap://";;
    if (m_SSL)
    {
        ldaps = "ldaps://";
    }
    NovaString server = ldaps + m_IpAddress + ":" + ToNovaString(m_IpPort);
    JOURNAL(SECURITYSERVER,DTL) << "Security Server : Connect " << server <<
endl;
#ifdef _WIN32
    m_ld = ldap_sslinit((LDAP_PCHAR) m_IpAddress.data(), m_IpPort, m_SSL);
#else
    CHECK_RESULT(ldap_initialize(&m_ld, server), "ldap_initialize(\2"22 + server
+ "\")");
#endif
    JOURNAL(SECURITYSERVER,DTL) << "Security Server : Connected - OK " << endl;
    if (!m_ld)
    {
        JOURNAL(SECURITYSERVER,DTL) << "Security Server : Connect - NULL LD " <<
endl;D0D
        throw NovaError(ISSFactory::Error_LDAP_INIT_NULL);
    }
    JOURNAL(SECURITYSERVER,DTL) << "Security Server : Connect - set option" <<
endl;
    int myVersion =LDAP_VERSION3;
    CHECK_RESULT(ldap_set_option(m_ld, LDAP_OPT_PROTOCOL_VERSION, &myVersion),
"ldap_set_option version");
    //CHECK_RESULT(ldap_set_option(m_ld, LDAP_OPT_TLS, &reqcert),
"ldap_set_option TLS requires certificate");
#ifdef LDAP_OPT_DEBUG_LEVEL
    const int optionValue = LDAP_DEBUG_ANY;
    CHECK_RESULT(ldap_set_option(m_ld, LDAP_OPT_DEBUG_LEVEL, &optionValue),
"ldap_set_option debug level");

    int optionValueReturned = 0;
    CHECK_RESULT(ldap_get_option(m_ld, LDAP_OPT_DEBUG_LEVEL,
&optionValueReturned), "ldap_set_option debug level");
    JOURNAL(SECURITYSERVER,DTL) << "Security Server : Set debug level: " <<
optionValueReturned << endl;
#endif

#ifdef LDAP_OPT_CONNECT_ASYNC
   ldap_set_option( m_ld, LDAP_OPT_CONNECT_ASYNC, LDAP_OPT_OFF );
#endif
   ldap_set_option(m_ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
   ldap_set_option(m_ld, LDAP_OPT_RESTART, LDAP_OPT_ON );
   JOURNAL(SECURITYSERVER,DTL) << "Security Server : Connect - OK " << endl;

#ifdef _WIN32
    CHECK_RESULT(ldap_connect(m_ld, NULL), "ldap_connect");
#endif
    if (m_StartTLS)
    {
        JOURNAL(SECURITYSERVER,DTL) << "Security Server : Connect - Start TLS"
<< endl;
#ifdef _WIN32
        CHECK_RESULT(ldap_start_tls_s(m_ld, NULL, NULL, NULL, NULL),
"ldap_start_tls_s");
// WINLDAPAPI ULONG LDAPAPI ldap_start_tls_sA (
//     IN   PLDAP          ExternalHandle,
//     OUT  PULONG         ServerReturnValue,
//     OUT  LDAPMessage    **result,
//     IN   PLDAPControlA  *ServerControls,
//     IN   PLDAPControlA  *ClientControls
// );
#else
        CHECK_RESULT(ldap_start_tls(m_ld, NULL, NULL, NULL),
"ldap_start_tls_s");
#endif
    }
}

void NovaLdap::CheckConnection()
{
    JOURNAL(SECURITYSERVER,DTL) << "NovaLdap::CheckConnection: Checking
connection" << endl;
    Connect();
    // See if can bind to the DN.
    if (!m_ServiceAccountUsername.isNull())
    {
        JOURNAL(SECURITYSERVER,DTL) << "Security Server :
GetDistinguishedNameForUserName Service service login " <<
m_ServiceAccountUsername << endl;
        puts("Security Server : GetDistinguishedNameForUserName Service service
login\n");
        LDAP_RESULT result = ldap_simple_bind_s(m_ld, (LDAP_PCHAR)
m_ServiceAccountUsername.data(), (LDAP_PCHAR) m_ServiceAccountPassword.data());
        if (result != (LDAP_RESULT) LDAP_SUCCESS)
        {
            NovaString errorMessage(ldap_err2string(result));
            throw NovaError(ISSFactory::Error_LDAP_FAILURE, "bind as service
user: ", errorMessage);
            char sevLevel;
        }
        ldap_unbind(m_ld);
    }
    JOURNAL(SECURITYSERVER,DTL) << "NovaLdap::ececkConnection: Success" <<
endl;
}

Prev by Date: Re: (ITS#8058) OpenLDAP: module autogroup (memberof)
Next by Date: AW: (ITS#8058) OpenLDAP: module autogroup (memberof)
Index(es):
- Chronological
- Thread