From 16a92dff840ff011f9eb14249708e846b7945e69 Mon Sep 17 00:00:00 2001 From: Ken Rowland Date: Tue, 20 Aug 2024 09:18:58 -0400 Subject: [PATCH] HPCC-31963 Improve LDAP server initialization failure log messages Added additional information to log messages issued when initial connection to the Active Directory fails during initialization Signed-Off-By: Kenneth Rowland kenneth.rowland@lexisnexisrisk.com --- system/security/LdapSecurity/ldaputils.cpp | 26 +++++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/system/security/LdapSecurity/ldaputils.cpp b/system/security/LdapSecurity/ldaputils.cpp index fb68659f0e7..6861966cd1f 100644 --- a/system/security/LdapSecurity/ldaputils.cpp +++ b/system/security/LdapSecurity/ldaputils.cpp @@ -302,12 +302,26 @@ int LdapUtils::getServerInfo(const char* ldapserver, const char* userDN, const c ld = ldapInitAndSimpleBind(ldapserver, nullptr, nullptr, "ldap", 389, cipherSuite, timeout, &err); } - // for new versions of openldap, version 2.2.* - if(nullptr == ld && err == LDAP_PROTOCOL_ERROR && stype != ACTIVE_DIRECTORY) - DBGLOG("If you're trying to connect to an OpenLdap server, make sure you have \"allow bind_v2\" enabled in slapd.conf"); - - if(nullptr == ld) + if (ld == nullptr) + { + if (err == LDAP_PROTOCOL_ERROR && stype != ACTIVE_DIRECTORY) + { + WARNLOG("Unable to connect. If you're trying to connect to an OpenLdap server, make sure you have \"allow bind_v2\" enabled in slapd.conf"); + } + else + { + // If no cipher suite is specified, tell user they may need to provide one, otherwise tell them they may need to provide a different one + if (isEmptyString(cipherSuite)) + { + WARNLOG("Unable to connect. if you're trying to connect to an LDAPS server, you may need to specify a cipher suite using the 'ldapCipherSuite' attribute in the LDAP configuration."); + } + else + { + WARNLOG("Unable to connect. If you're trying to connect to an LDAPS server, you may need to specify a different cipher suite using the 'ldapCipherSuite' attribute in the LDAP configuration."); + } + } return err;//unable to connect, give up + } } LDAPMessage* msg = NULL; @@ -316,7 +330,7 @@ int LdapUtils::getServerInfo(const char* ldapserver, const char* userDN, const c err = ldap_search_ext_s(ld, NULL, LDAP_SCOPE_BASE, "objectClass=*", attrs, false, NULL, NULL, &timeOut, LDAP_NO_LIMIT, &msg); if(err != LDAP_SUCCESS) { - DBGLOG("ldap_search_ext_s error: %s", ldap_err2string( err )); + WARNLOG("ldap_search_ext_s error: %s", ldap_err2string( err )); if (msg) ldap_msgfree(msg); return err;