Add a DB option in the LDAP KDB module to turn on debugging messages.
Adapted from a patch by Zoran Pericic <zpericic@inet.hr>.
ticket: 7551 (new)
password using the **stashsrvpw** command of
:ref:`kdb5_ldap_util(8)`.
+ **-x debug=**\ *level*
+ sets the OpenLDAP client library debug level. *level* is an
+ integer to be interpreted by the library. Debugging messages
+ are printed to standard error.
+
.. _kadmin_options_end:
stash the password using the **stashsrvpw** command of
:ref:`kdb5_ldap_util(8)`.
+ **-x debug=**\ *level*
+ sets the OpenLDAP client library debug level. *level* is
+ an integer to be interpreted by the library. Debugging
+ messages are printed to standard error, so this option
+ must be used with the **-nofork** option to be useful.
+
SEE ALSO
--------
password using the **stashsrvpw** command of
:ref:`kdb5_ldap_util(8)`.
+ **-x debug=**\ *level*
+ sets the OpenLDAP client library debug level. *level* is an
+ integer to be interpreted by the library. Debugging messages
+ are printed to standard error, so this option must be used
+ with the **-n** option to be useful.
+
The **-T** *offset* option specifies a time offset, in seconds, which
the KDC will operate under. It is intended only for testing purposes.
krb5_ldap_realm_params *lrparams;
krb5_boolean disable_last_success;
krb5_boolean disable_lockout;
+ int ldap_debug;
krb5_context kcontext; /* to set the error code and message */
} krb5_ldap_context;
if ((st=krb5_validate_ldap_context(context, ldap_context)) != 0)
goto err_out;
+ ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_context->ldap_debug);
ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
#ifdef LDAP_OPT_NETWORK_TIMEOUT
ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &local_timelimit);
status = add_server_entry(context, val);
if (status)
goto cleanup;
+ } else if (!strcmp(opt, "debug")) {
+ lctx->ldap_debug = atoi(val);
} else {
status = EINVAL;
krb5_set_error_message(context, status, _("unknown option '%s'"),
projects / thirdparty / krb5.git / commitdiff
