Add LDAP debug DB option

Add a DB option in the LDAP KDB module to turn on debugging messages. Adapted from a patch by Zoran Pericic <zpericic@inet.hr>. ticket: 7551 (new)
author: Greg Hudson <ghudson@mit.edu> 2013-01-28 22:30:41 -0500
committer: Greg Hudson <ghudson@mit.edu> 2013-01-28 22:32:29 -0500
commit: 8cbbd80f11d85fb733fb1522cd19eb686b6d3fe8 (patch)
tree: c4e04836424b76a3d68621c0c0aac65d21bf1007
parent: 0b1dc2f93da4c860dd27f1ac997617b712dff383 (diff)
download: krb5-8cbbd80f11d85fb733fb1522cd19eb686b6d3fe8.tar.gz
krb5-8cbbd80f11d85fb733fb1522cd19eb686b6d3fe8.tar.xz
krb5-8cbbd80f11d85fb733fb1522cd19eb686b6d3fe8.zip
6 files changed, 21 insertions, 0 deletions
diff --git a/doc/admin/admin_commands/kadmin_local.rst b/doc/admin/admin_commands/kadmin_local.rst
index 6fee6166f0..0fb772392d 100644
--- a/doc/admin/admin_commands/kadmin_local.rst
+++ b/doc/admin/admin_commands/kadmin_local.rst
@@ -158,6 +158,11 @@ OPTIONS
         password using the **stashsrvpw** command of
         :ref:`kdb5_ldap_util(8)`.
 
+    **-x debug=**\ *level*
+        sets the OpenLDAP client library debug level.  *level* is an
+        integer to be interpreted by the library.  Debugging messages
+        are printed to standard error.
+
 .. _kadmin_options_end:
 
 
diff --git a/doc/admin/admin_commands/kadmind.rst b/doc/admin/admin_commands/kadmind.rst
index 10fc672cbe..dd496fec0f 100644
--- a/doc/admin/admin_commands/kadmind.rst
+++ b/doc/admin/admin_commands/kadmind.rst
@@ -123,6 +123,12 @@ OPTIONS
             stash the password using the **stashsrvpw** command of
             :ref:`kdb5_ldap_util(8)`.
 
+        **-x debug=**\ *level*
+            sets the OpenLDAP client library debug level.  *level* is
+            an integer to be interpreted by the library.  Debugging
+            messages are printed to standard error, so this option
+            must be used with the **-nofork** option to be useful.
+
 SEE ALSO
 --------
 
diff --git a/doc/admin/admin_commands/krb5kdc.rst b/doc/admin/admin_commands/krb5kdc.rst
index f5b37bca38..7aebf6e06d 100644
--- a/doc/admin/admin_commands/krb5kdc.rst
+++ b/doc/admin/admin_commands/krb5kdc.rst
@@ -102,6 +102,12 @@ Options supported for the LDAP database module are:
         password using the **stashsrvpw** command of
         :ref:`kdb5_ldap_util(8)`.
 
+    **-x debug=**\ *level*
+        sets the OpenLDAP client library debug level.  *level* is an
+        integer to be interpreted by the library.  Debugging messages
+        are printed to standard error, so this option must be used
+        with the **-n** option to be useful.
+
 The **-T** *offset* option specifies a time offset, in seconds, which
 the KDC will operate under.  It is intended only for testing purposes.
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
index 918df26773..e8286742e4 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
@@ -215,6 +215,7 @@ typedef struct _krb5_ldap_context {
     krb5_ldap_realm_params        *lrparams;
     krb5_boolean                  disable_last_success;
     krb5_boolean                  disable_lockout;
+    int                           ldap_debug;
     krb5_context                  kcontext;   /* to set the error code and message */
 } krb5_ldap_context;
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
index cd4b4ca355..66c2cc87c5 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -199,6 +199,7 @@ krb5_ldap_db_init(krb5_context context, krb5_ldap_context *ldap_context)
     if ((st=krb5_validate_ldap_context(context, ldap_context)) != 0)
         goto err_out;
 
+    ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_context->ldap_debug);
     ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
 #ifdef LDAP_OPT_NETWORK_TIMEOUT
     ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &local_timelimit);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
index 9bfd90a950..3173f4439a 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -282,6 +282,8 @@ krb5_ldap_parse_db_params(krb5_context context, char **db_args)
             status = add_server_entry(context, val);
             if (status)
                 goto cleanup;
+        } else if (!strcmp(opt, "debug")) {
+            lctx->ldap_debug = atoi(val);
         } else {
             status = EINVAL;
             krb5_set_error_message(context, status, _("unknown option '%s'"),
author	Greg Hudson <ghudson@mit.edu>	2013-01-28 22:30:41 -0500
committer	Greg Hudson <ghudson@mit.edu>	2013-01-28 22:32:29 -0500
commit	8cbbd80f11d85fb733fb1522cd19eb686b6d3fe8 (patch)
tree	c4e04836424b76a3d68621c0c0aac65d21bf1007
parent	0b1dc2f93da4c860dd27f1ac997617b712dff383 (diff)
download	krb5-8cbbd80f11d85fb733fb1522cd19eb686b6d3fe8.tar.gz krb5-8cbbd80f11d85fb733fb1522cd19eb686b6d3fe8.tar.xz krb5-8cbbd80f11d85fb733fb1522cd19eb686b6d3fe8.zip