ldap/servers/slapd/ldaputil.c | 4 +-
2 files changed, 24 insertions(+), 15 deletions(-)
New commits:
commit 2fce6cb6f1df0000a920ff1779b2bca1f7b951e6
Author: Mark Reynolds <mreynolds@redhat.com>
Date: Wed Jun 15 13:19:20 2016 -0400
Ticket 48346 - log too verbose when re-acquiring expired
ticket
Bug Description: Replication using GSSAPI can report -2 (local error)
for minor issues. These errors are causing confusion
for customers.
Fix Description: In ldaputil.c change the bind errors to "connection"
logging. These errors are generic and the calling
function always checks for errors.
In repl5_connection.c we only report connection errors
at the default log level if they are not "local errors".
https://fedorahosted.org/389/ticket/48346
Reviewed by: nhosoi(Thanks!)
diff --git a/ldap/servers/plugins/replication/repl5_connection.c b/ldap/servers/plugins/replication/repl5_connection.c
index 1a491ef..3a3c22f 100644
--- a/ldap/servers/plugins/replication/repl5_connection.c
+++ b/ldap/servers/plugins/replication/repl5_connection.c
@@ -2072,11 +2072,19 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password)
{
if (conn->last_ldap_error != rc)
{
+ int log_level = SLAPI_LOG_FATAL;
+ if (conn->last_ldap_error == LDAP_LOCAL_ERROR){
+ /*
+ * Local errors are not logged by default, so when we recover
+ * from local errors we must also not log it by default.
+ */
+ log_level = SLAPI_LOG_REPL;
+ }
conn->last_ldap_error = rc;
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Replication bind with %s auth resumed\n",
- agmt_get_long_name(conn->agmt),
- mech ? mech : "SIMPLE");
+ slapi_log_error(log_level, repl_plugin_name,
+ "%s: Replication bind with %s auth resumed\n",
+ agmt_get_long_name(conn->agmt),
+ mech ? mech : "SIMPLE");
}
if ( ctrls )
@@ -2122,20 +2130,21 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password)
conn->last_ldap_error = rc;
/* errmsg is a pointer directly into the ld structure - do not free */
rc = slapi_ldap_get_lderrno( ld, NULL, &errmsg );
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Replication bind with %s auth failed: LDAP error %d (%s) (%s)\n",
- agmt_get_long_name(conn->agmt),
- mech ? mech : "SIMPLE", rc,
- ldap_err2string(rc), errmsg ? errmsg : "");
+ slapi_log_error(rc == LDAP_LOCAL_ERROR ? SLAPI_LOG_REPL : SLAPI_LOG_FATAL,
+ repl_plugin_name,
+ "%s: Replication bind with %s auth failed: LDAP error %d (%s) (%s)\n",
+ agmt_get_long_name(conn->agmt),
+ mech ? mech : "SIMPLE", rc,
+ ldap_err2string(rc), errmsg ? errmsg : "");
} else {
char *errmsg = NULL;
/* errmsg is a pointer directly into the ld structure - do not free */
rc = slapi_ldap_get_lderrno( ld, NULL, &errmsg );
slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- "%s: Replication bind with %s auth failed: LDAP error %d (%s) (%s)\n",
- agmt_get_long_name(conn->agmt),
- mech ? mech : "SIMPLE", rc,
- ldap_err2string(rc), errmsg ? errmsg : "");
+ "%s: Replication bind with %s auth failed: LDAP error %d (%s) (%s)\n",
+ agmt_get_long_name(conn->agmt),
+ mech ? mech : "SIMPLE", rc,
+ ldap_err2string(rc), errmsg ? errmsg : "");
}
return (CONN_OPERATION_FAILED);
diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c
index 138be1e..c556fc1 100644
--- a/ldap/servers/slapd/ldaputil.c
+++ b/ldap/servers/slapd/ldaputil.c
@@ -1248,7 +1248,7 @@ slapi_ldap_bind(
serverctrls, returnedctrls,
msgidp);
if (LDAP_SUCCESS != rc) {
- slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
+ slapi_log_error(SLAPI_LOG_CONNS, "slapi_ldap_bind",
"Error: could not perform interactive bind for id "
"[%s] authentication mechanism [%s]: error %d (%s)\n",
bindid ? bindid : "(anon)",
@@ -1575,7 +1575,7 @@ slapd_ldap_sasl_interactive_bind(
if (LDAP_SUCCESS != rc) {
char *errmsg = NULL;
rc = slapi_ldap_get_lderrno(ld, NULL, &errmsg);
- slapi_log_error(SLAPI_LOG_FATAL, "slapd_ldap_sasl_interactive_bind",
+ slapi_log_error(SLAPI_LOG_CONNS, "slapd_ldap_sasl_interactive_bind",
"Error: could not perform interactive bind for id "
"[%s] mech [%s]: LDAP error %d (%s) (%s) "
"errno %d (%s)\n",
--
389-commits mailing list
389-commits@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/389-commits@lists.fedoraproject.org
No comments:
Post a Comment