[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How get more detailed error information than the provided by ldap_err2string?

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: How get more detailed error information than the provided by ldap_err2string?
From: Werner M <wxxx333@gmail.com>
Date: Sat, 8 Mar 2014 19:39:53 -0300
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=POgpYS1p55FezQZipkVpsoDHqp89S/Dq3+lLohy3AHk=; b=o+f+bdozGKaKRxEmSvy6/WBNtKxVP2fmxyi4jiY/pJHBIiwB3bgDSFfrAsAvKRnUdw qOuU6xZXgowag9liHoM/1Q/v74og/8PJazVpN0mWnrszJfCUWQU3jSgNQBdZ3sb/mLZ7 UYVgFXvwhJOWiIFpdvyNwek2g45XhDnHB8ZxRFIr2qql8K9delmjgcqcIVBv1wsH2GSV agAHeGROLnCZajQNj5Xpu8vq2yzV9JjFVV3S1+kyNiCXg4P63SO6RKTRg6uJ1HK3ya/P +gCMKCos/u091x2Vu1xXwE0byQHUHGbJGiYAYUW00pIsBNNNadNC7uN41opDw3AwpH4d hL1w==
In-reply-to: <531B853E.2010606@polimi.it>
References: <CAF4vVMRTd6St8RS3nnnY_Po0dxdjZpbjEOdD4fGsOB+Q8UGRCg@mail.gmail.com> <531B853E.2010606@polimi.it>

On 08/03/2014, at 18:01, Pierangelo Masarati <pierangelo.masarati@polimi.it> wrote:

> On 03/08/2014 09:27 PM, Werner - Google wrote:
>> Hi,
>> 
>> I've the sample code bellow, and when i intentionally put the wrong
>> credentials, i get from "ldap_err2string( rc ) the error message:
>> "Invalid credentials".
>> 
>> But monitoring network traffic with wireshark, i can see that on the
>> bindResponse packet that returns from the server, i also get a more
>> detailed message. In my/this test case,
>> 
>> "errorMessage: 80090308: LdapErr: DSID-0C0903AA, comment:
>> AcceptSecurityContext error, data 525, v1772"
>> 
>> attached is also an image of the wireshark showing what i mean.
> 
> ldap_err2string() (deprecated, BTW, like most of the functions you're using in your example code) maps an error code onto a static string. What you're looking for is the contents of the diagnosticMessage in a LDAP result.  You can get it with ldap_parse_result(), but you need a LDAPMessage first.
> 
> See the client tools for an example of usage of non-deprecated functions that return the contents of the diagnosticMessage.
> 
> p.
> 

Hi Pierangelo,
	I have looking a lot at the client tools, but all of them use the asynchronous functions/metodoly (ldap_bind/ldap_search_ext()..), and the code i'm trying to fix , has it's entire logic written based on the synchronous versions of bind/search.

	And i could not find a way of using ldap_parse_result in this situation. I'm probably overlooking and/or not understanding how this works correctly. If you could point me in the correct direction if it's doable with the synchronous versions, i would appreciate it much.

	Thanks
	-wm



>> 
>> Question is, is there a way i could retrieve this more detailed message?
>> 
>> Thanks in advance for any help
>> Regards.
>> 
>> ---
>> sample code:
>> 
>> 
>> if ( (ld = (LDAP *)ldap_init( pHostName, iPortNum )) == NULL ) {
>> perror( "ldap_init failed. Reason?:" );
>> exit ( 1 );
>> }
>> 
>> if ( (rc=ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version)) !=
>> LDAP_SUCCESS ){
>> fprintf( stderr, "ldap_set_option(LDAP_OPT_PROTOCOL_VERSION): %s\n",
>> ldap_err2string( rc ) );
>> exit( 1 );
>> }
>> 
>> if ( (rc=ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF)) !=
>> LDAP_SUCCESS){
>> fprintf( stderr, "ldap_set_option(LDAP_OPT_REFERRALS): %s\n",
>> ldap_err2string( rc ));
>> exit( 1 );
>> }
>> 
>> rc = ldap_simple_bind_s( ld, "auth_dn", "auth_pw" );
>> 
>> 
>> if ( rc != LDAP_SUCCESS ) {
>> fprintf( stderr, "ldap_simple_bind_s() Failed: %s [%d]\n",
>> ldap_err2string(rc), rc);
>> ldap_unbind_s(ld); /* try unbind the failed connection anyway */
>> exit ( 1 );
>> }
>> 
>> 
> 
> 
> -- 
> Pierangelo Masarati
> Associate Professor
> Dipartimento di Scienze e Tecnologie Aerospaziali
> Politecnico di Milano
>

Follow-Ups:
- Re: How get more detailed error information than the provided by ldap_err2string?
  - From: Pierangelo Masarati <pierangelo.masarati@polimi.it>

References:
- How get more detailed error information than the provided by ldap_err2string?
  - From: Werner - Google <wxxx333@gmail.com>
- Re: How get more detailed error information than the provided by ldap_err2string?
  - From: Pierangelo Masarati <pierangelo.masarati@polimi.it>

Prev by Date: Re: How get more detailed error information than the provided by ldap_err2string?
Next by Date: Re: Works with ldapsearch, but can't get it to work with ldap_search_ext_s()
Index(es):
- Chronological
- Thread