summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/util/sss_ldap.c19
1 files changed, 18 insertions, 1 deletions
diff --git a/src/util/sss_ldap.c b/src/util/sss_ldap.c
index 7fdaadb5c..e431d4ebc 100644
--- a/src/util/sss_ldap.c
+++ b/src/util/sss_ldap.c
@@ -200,8 +200,10 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq)
struct tevent_req);
struct sss_ldap_init_state *state = tevent_req_data(req,
struct sss_ldap_init_state);
+ char *tlserr;
int ret;
int lret;
+ int optret;
ret = sssd_async_socket_init_recv(subreq, &state->sd);
talloc_zfree(subreq);
@@ -228,8 +230,23 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq)
if (lret == LDAP_LOCAL_ERROR) {
DEBUG(SSSDBG_FUNC_DATA, "TLS/SSL already in place.\n");
} else {
- DEBUG(SSSDBG_CRIT_FAILURE, "ldap_install_tls failed: %s\n",
+
+ optret = sss_ldap_get_diagnostic_msg(state, state->ldap,
+ &tlserr);
+ if (optret == LDAP_SUCCESS) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ldap_install_tls failed: [%s] [%s]\n",
+ sss_ldap_err2string(lret), tlserr);
+ sss_log(SSS_LOG_ERR,
+ "Could not start TLS encryption. %s", tlserr);
+ } else {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ldap_install_tls failed: [%s]\n",
sss_ldap_err2string(lret));
+ sss_log(SSS_LOG_ERR, "Could not start TLS encryption. "
+ "Check for certificate issues.");
+ }
+
ret = EIO;
goto fail;
}
generated by cgit (git 2.34.1) at 2024-06-23 21:23:22 +0000