krb5 commit: Add LDAP debug DB option

Greg Hudson ghudson at MIT.EDU
Mon Jan 28 22:56:40 EST 2013 

https://github.com/krb5/krb5/commit/8cbbd80f11d85fb733fb1522cd19eb686b6d3fe8
commit 8cbbd80f11d85fb733fb1522cd19eb686b6d3fe8
Author: Greg Hudson <ghudson at mit.edu>
Date:   Mon Jan 28 22:30:41 2013 -0500

    Add LDAP debug DB option
    
    Add a DB option in the LDAP KDB module to turn on debugging messages.
    Adapted from a patch by Zoran Pericic <zpericic at inet.hr>.
    
    ticket: 7551 (new)

 doc/admin/admin_commands/kadmin_local.rst        |    5 +++++
 doc/admin/admin_commands/kadmind.rst             |    6 ++++++
 doc/admin/admin_commands/krb5kdc.rst             |    6 ++++++
 src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h      |    1 +
 src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c |    1 +
 src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c     |    2 ++
 6 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/doc/admin/admin_commands/kadmin_local.rst b/doc/admin/admin_commands/kadmin_local.rst
index 6fee616..0fb7723 100644
--- a/doc/admin/admin_commands/kadmin_local.rst
+++ b/doc/admin/admin_commands/kadmin_local.rst
@@ -158,6 +158,11 @@ OPTIONS
         password using the **stashsrvpw** command of
         :ref:`kdb5_ldap_util(8)`.
 
+    **-x debug=**\ *level*
+        sets the OpenLDAP client library debug level.  *level* is an
+        integer to be interpreted by the library.  Debugging messages
+        are printed to standard error.
+
 .. _kadmin_options_end:
 
 
diff --git a/doc/admin/admin_commands/kadmind.rst b/doc/admin/admin_commands/kadmind.rst
index 10fc672..dd496fe 100644
--- a/doc/admin/admin_commands/kadmind.rst
+++ b/doc/admin/admin_commands/kadmind.rst
@@ -123,6 +123,12 @@ OPTIONS
             stash the password using the **stashsrvpw** command of
             :ref:`kdb5_ldap_util(8)`.
 
+        **-x debug=**\ *level*
+            sets the OpenLDAP client library debug level.  *level* is
+            an integer to be interpreted by the library.  Debugging
+            messages are printed to standard error, so this option
+            must be used with the **-nofork** option to be useful.
+
 SEE ALSO
 --------
 
diff --git a/doc/admin/admin_commands/krb5kdc.rst b/doc/admin/admin_commands/krb5kdc.rst
index f5b37bc..7aebf6e 100644
--- a/doc/admin/admin_commands/krb5kdc.rst
+++ b/doc/admin/admin_commands/krb5kdc.rst
@@ -102,6 +102,12 @@ Options supported for the LDAP database module are:
         password using the **stashsrvpw** command of
         :ref:`kdb5_ldap_util(8)`.
 
+    **-x debug=**\ *level*
+        sets the OpenLDAP client library debug level.  *level* is an
+        integer to be interpreted by the library.  Debugging messages
+        are printed to standard error, so this option must be used
+        with the **-n** option to be useful.
+
 The **-T** *offset* option specifies a time offset, in seconds, which
 the KDC will operate under.  It is intended only for testing purposes.
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
index 918df26..e828674 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
@@ -215,6 +215,7 @@ typedef struct _krb5_ldap_context {
     krb5_ldap_realm_params        *lrparams;
     krb5_boolean                  disable_last_success;
     krb5_boolean                  disable_lockout;
+    int                           ldap_debug;
     krb5_context                  kcontext;   /* to set the error code and message */
 } krb5_ldap_context;
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
index cd4b4ca..66c2cc8 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -199,6 +199,7 @@ krb5_ldap_db_init(krb5_context context, krb5_ldap_context *ldap_context)
     if ((st=krb5_validate_ldap_context(context, ldap_context)) != 0)
         goto err_out;
 
+    ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_context->ldap_debug);
     ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
 #ifdef LDAP_OPT_NETWORK_TIMEOUT
     ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &local_timelimit);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
index 9bfd90a..3173f44 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -282,6 +282,8 @@ krb5_ldap_parse_db_params(krb5_context context, char **db_args)
             status = add_server_entry(context, val);
             if (status)
                 goto cleanup;
+        } else if (!strcmp(opt, "debug")) {
+            lctx->ldap_debug = atoi(val);
         } else {
             status = EINVAL;
             krb5_set_error_message(context, status, _("unknown option '%s'"),

More information about the cvs-krb5 mailing list