On 4/14/2023 2:11 AM, Ondřej Kuzník wrote:
AFAIK that's correct, some of what you're asking for depends on the errno, some of it is in TLS code and very little, if anything, is currently preserved for that kind of use.
Thanks.
A pretty comprehensive walk of the codebase might be needed to cover the lot?
Alas, yes. But if there's a pretty general mechanism at the OpenLDAP layer, then OpenLDAP can pass through whatever the lower layer says... and if the lower layer says something useless, then the buck can be passed to them.
But even being able to say "it's a TLS problem" or "it's a Kerberos problem" would be helpful.
Given you've already considered a usecase and some of the requirements users might have on this kind of feature, you're welcome to propose one yourself. If it's ready for inclusion in 2.7, that's where it could go. We can assist where you're unsure of the codebase and eventually review.
I'll work on that. No specific schedule. This is not an urgent matter, just something that keeps popping up over and over.
If you want to go that route, let's move the planning into -devel.
Will do.