From 02df85bb2e1e5142285b185803a118f4430dbe1f Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 6 Jul 2011 10:30:24 -0400
Subject: Make ipa-client-install error messages more understandable and
 relevant.

* Check remote LDAP server to see if it is a V2 server
* Replace numeric return values with alphanumeric constants
* Display the error message from the ipa-enrollment extended op
* Remove generic join failed error message when XML-RPC fails
* Don't display Certificate subject base when enrollment fails
* Return proper error message when LDAP bind fails

https://fedorahosted.org/freeipa/ticket/1417
---
 ipa-client/ipa-join.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

(limited to 'ipa-client/ipa-join.c')

diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index 21c087b68..95f2939cd 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -475,15 +475,9 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
     /* Now rebind as the host */
     ld = connect_ldap(ipaserver, *binddn, bindpw);
     if (!ld) {
-        if (has_principal) {
-            if (!quiet)
-                fprintf(stderr, _("Host is already joined.\n"));
-            rval = 13;
-        } else {
-            if (!quiet)
-                fprintf(stderr, _("Incorrect password.\n"));
-            rval = 15;
-        }
+        if (!quiet)
+            fprintf(stderr, _("Incorrect password.\n"));
+        rval = 15;
         goto done;
     }
 
@@ -491,13 +485,19 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
     valrequest.bv_len = strlen(hostname);
 
     if ((rc = ldap_extended_operation_s(ld, JOIN_OID, &valrequest, NULL, NULL, &oidresult, &valresult)) != LDAP_SUCCESS) {
+        char *s = NULL;
+#ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE
+        ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, &s);
+#else
+        ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &s);
+#endif
         if (!quiet)
-            fprintf(stderr, _("principal not found in host entry\n"));
+            fprintf(stderr, _("Enrollment failed. %s\n"), s);
         if (debug) {
             fprintf(stderr, "ldap_extended_operation_s failed: %s",
                             ldap_err2string(rc));
         }
-        rval = 18;
+        rval = 13;
         goto ldap_done;
     }
 
@@ -1003,7 +1003,7 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k
     }
 
 cleanup:
-    if (NULL != subject && !quiet)
+    if (NULL != subject && !quiet && rval == 0)
         fprintf(stderr, _("Certificate subject base is: %s\n"), subject);
 
     free((char *)princ);
-- 
cgit