Hello,
I am currently debugging some weird SASL login failures on Active Directory. I am using the function ldap_sasl_bind_s() to perform the SASL negociations. I know that ldap_sasl_bind_s() calls ldap_parse_sasl_bind_result() which sets the ld_error field of the 'LDAP' connection structure to the error string returned by the AD server when a login failure occurs. The content of this string is invaluable to debug the login issues. Yet, there seems to be no way to access the content of the ld_error field without bypassing the public interface of the openldap library.
Is there any other way to access the error string returned by the server?
Also, has someone ever encountered a situation where half of the users of an AD server can authenticate using SASL and the other half trigger an "invalid credentials" error? All those accounts are valid & working, and simple binds can be made without errors.
Thank you, Laurent Birtz