Improve LDAP KDB initialization error messages

In krb5_ldap_initialize, don't just blat the LDAP error into the
extended message; give an indication of which LDAP operation we were
trying to do and show what parameters we gave to it.

(Also, krb5_set_error_message can handle a null context argument, so
don't bother to check before calling.)

(cherry picked from commit 5a77bb85294f37d1dfa4c7faedfdfb0d7faaf8dc)

ticket: 7750 (new)
version_fixed: 1.10.7
status: resolved

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
index 5896724391b1f4f19cbe2b183273806a39e1d722..be8f07c00128fab5a5857a39f835c28a8afd0284 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -157,9 +157,9 @@ krb5_ldap_initialize(krb5_ldap_context *ldap_context,
 
     /* ldap init */
     if ((st = ldap_initialize(&ldap_server_handle->ldap_handle, server_info->server_name)) != 0) {
-        if (ldap_context->kcontext)
-            krb5_set_error_message (ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR, "%s",
-                                    ldap_err2string(st));
+        krb5_set_error_message(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR,
+                               _("Cannot create LDAP handle for '%s': %s"),
+                               server_info->server_name, ldap_err2string(st));
         st = KRB5_KDB_ACCESS_ERROR;
         goto err_out;
     }
@@ -169,10 +169,10 @@ krb5_ldap_initialize(krb5_ldap_context *ldap_context,
         server_info->server_status = ON;
         krb5_update_ldap_handle(ldap_server_handle, server_info);
     } else {
-        if (ldap_context->kcontext)
-            krb5_set_error_message (ldap_context->kcontext,
-                                    KRB5_KDB_ACCESS_ERROR, "%s",
-                                    ldap_err2string(st));
+        krb5_set_error_message(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR,
+                               _("Cannot bind to LDAP server '%s' as '%s'"
+                                 ": %s"), server_info->server_name,
+                               ldap_context->bind_dn, ldap_err2string(st));
         st = KRB5_KDB_ACCESS_ERROR;
         server_info->server_status = OFF;
         time(&server_info->downtime);