From 897583476c49d4c037c1d8579fd6841728b871ba Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 19 Oct 2010 20:20:43 +1100
Subject: s4-auth Add DEBUG() for invalid DNs and errors expanding user groups.

Against the OpenLDAP backend, I currently get failures.  This makes it
possible to debug those failures.

Andrew Bartlett
---
 source4/auth/sam.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'source4/auth/sam.c')

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index c83a7d478f..b98830a0a9 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -319,6 +319,8 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
 	dn = ldb_dn_from_ldb_val(tmp_ctx, sam_ctx, dn_val);
 	if (dn == NULL) {
 		talloc_free(tmp_ctx);
+		DEBUG(0, (__location__ ": we failed parsing DN %*.*s, so we cannot calculate the group token\n",
+			  (int)dn_val->length, (int)dn_val->length, dn_val->data));
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
@@ -359,6 +361,9 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
 	}
 
 	if (ret != LDB_SUCCESS) {
+		DEBUG(1, (__location__ ": dsdb_search for %s failed: %s\n",
+			  ldb_dn_get_extended_linearized(tmp_ctx, dn, 1),
+			  ldb_errstring(sam_ctx)));
 		talloc_free(tmp_ctx);
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
-- 
cgit