From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 28 Oct 2013 15:23:11 +0000 (-0400)
Subject: Improve LDAP KDB initialization error messages
X-Git-Tag: krb5-1.10.7-final~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=054d3ae1284d9e29ba93e2fa7a26bf4d75c75ff0;p=thirdparty%2Fkrb5.git

Improve LDAP KDB initialization error messages

In krb5_ldap_initialize, don't just blat the LDAP error into the
extended message; give an indication of which LDAP operation we were
trying to do and show what parameters we gave to it.

(Also, krb5_set_error_message can handle a null context argument, so
don't bother to check before calling.)

(cherry picked from commit 5a77bb85294f37d1dfa4c7faedfdfb0d7faaf8dc)

ticket: 7750 (new)
version_fixed: 1.10.7
status: resolved
---

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
index 5896724391..be8f07c001 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -157,9 +157,9 @@ krb5_ldap_initialize(krb5_ldap_context *ldap_context,
 
     /* ldap init */
     if ((st = ldap_initialize(&ldap_server_handle->ldap_handle, server_info->server_name)) != 0) {
-        if (ldap_context->kcontext)
-            krb5_set_error_message (ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR, "%s",
-                                    ldap_err2string(st));
+        krb5_set_error_message(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR,
+                               _("Cannot create LDAP handle for '%s': %s"),
+                               server_info->server_name, ldap_err2string(st));
         st = KRB5_KDB_ACCESS_ERROR;
         goto err_out;
     }
@@ -169,10 +169,10 @@ krb5_ldap_initialize(krb5_ldap_context *ldap_context,
         server_info->server_status = ON;
         krb5_update_ldap_handle(ldap_server_handle, server_info);
     } else {
-        if (ldap_context->kcontext)
-            krb5_set_error_message (ldap_context->kcontext,
-                                    KRB5_KDB_ACCESS_ERROR, "%s",
-                                    ldap_err2string(st));
+        krb5_set_error_message(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR,
+                               _("Cannot bind to LDAP server '%s' as '%s'"
+                                 ": %s"), server_info->server_name,
+                               ldap_context->bind_dn, ldap_err2string(st));
         st = KRB5_KDB_ACCESS_ERROR;
         server_info->server_status = OFF;
         time(&server_info->downtime);