[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls-related ldap_perror misleading in clients

At 01:26 AM 2001-09-02, Kurt D. Zeilenga wrote:
>At 12:48 AM 2001-09-02, Pierangelo Masarati wrote:
>>I got a nasty behavior out of the clients when using -ZZ, because I was
>>having failure of the tls with reason ": Success". This is because the
>>failure occurred in ldap_int_tls_start() which didn't properly set the 
>>error in the LDAP structure. So ldap_start_tls_s returns an error code,
>>but when the ldap_perror is invoked by the ldap*.c client the string is
>>success. I fixed it by using ldap_err2string() instead of ldap_perror 
>>(which is deprecated in the code according to a comment); 
>>if there's consensus I'll patch all the clients.
>For now, this is likely the best solution.

Actually, use of just ldap_err2string() will not print the
server provided additional information.  So, I suggest using
ldap_get_option() to get the resultCode and error message.  If
resultCode is not success, then one can mimic ldap_perror()
(w/ error message).  If resultCode is success, then then a
similar error message should be printed using the