On 4/13/2023 10:36 AM, Quanah Gibson-Mount wrote:
--On Thursday, April 13, 2023 6:33 PM +0000 Jordan Brown openldap@jordan.maileater.net wrote:
I'm already dumping that. But it is not very detailed. I believe that's what ldapsearch is dumping; here's some sample output in various error cases:
Those are the result codes that are provided to the client per RFC. Feel free to write a new RFC expanding on the result codes.
OpenLDAP could have additional non-RFC features that would allow you to retrieve more error information.
There are dozens of OpenLDAP-specific options. An OpenLDAP-specific option could retrieve additional error information.
There could be a variation on LDAP_OPT_CONNECT_CB - for discussion, call it LDAP_OPT_ERROR_CB - that calls back with error information on any failing connection. (That would be more right than a "get error" option, because it would work when there's more than one server specified.)
So the first question is "does OpenLDAP have such a thing?". It sounds like the answer is "no".
In that case, please consider this to be a request for such a feature. Diagnosing LDAP client connection problems is a significant cost; anything that we can do to make it easier would be worthwhile. I would be happy to participate in the design and implementation of such a feature.