}
}
if (retry) {
- DPRINTF2("ldapssl_clientauth_init(%s, %s)",
+ DPRINTF2("retry ldapssl_clientauth_init(%s, %s)",
ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL",
ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL");
rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL,
DPRINTF1("searching from netgroup_base '%s'", base->val);
/* Build query, using NIS domain if it is set. */
+ /* XXX - move outside foreach */
if (domain != NULL) {
filt_len = sizeof("(nisNetgroupTriple=\\(,,\\))") - 1 +
sudo_ldap_value_len(pw->pw_name);
rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
NULL, 0, NULL, NULL, tvp, 0, &result);
if (rc != LDAP_SUCCESS) {
- DPRINTF1("nothing found for '%s'", filt);
+ DPRINTF1("ldap netgroup search failed: %s", ldap_err2string(rc));
if (result)
ldap_msgfree(result);
sudo_efree(filt);
#ifdef HAVE_LDAP_INITIALIZE
if (!STAILQ_EMPTY(&ldap_conf.uri)) {
char *buf = sudo_ldap_join_uri(&ldap_conf.uri);
- if (buf != NULL) {
- DPRINTF2("ldap_initialize(ld, %s)", buf);
- rc = ldap_initialize(&ld, buf);
- sudo_efree(buf);
- if (rc != LDAP_SUCCESS) {
- sudo_warnx(U_("unable to initialize LDAP: %s"),
- ldap_err2string(rc));
- }
- }
+ if (buf == NULL)
+ goto done;
+ DPRINTF2("ldap_initialize(ld, %s)", buf);
+ rc = ldap_initialize(&ld, buf);
+ sudo_efree(buf);
} else
#endif
rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port);
- if (rc != LDAP_SUCCESS)
+ if (rc != LDAP_SUCCESS) {
+ sudo_warnx(U_("unable to initialize LDAP: %s"), ldap_err2string(rc));
goto done;
+ }
/* Set LDAP per-connection options */
rc = sudo_ldap_set_options_conn(ld);
rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
NULL, 0, NULL, NULL, tvp, 0, &result);
if (rc != LDAP_SUCCESS) {
- DPRINTF1("nothing found for '%s'", filt);
+ DPRINTF1("ldap search pass %d failed: %s", pass + 1,
+ ldap_err2string(rc));
continue;
}
lres->user_matches = true;