On 4/13/2023 9:28 AM, Quanah Gibson-Mount wrote:
--On Thursday, April 13, 2023 5:22 PM +0000 Jordan Brown <openldap@jordan.maileater.net> wrote:
How can I get detailed information about connection errors - host not
found, timed out, connection refused, various TLS errors, et cetera?
<https://ldap.com/ldap-result-code-reference/>

I'm already dumping that.  But it is not very detailed.  I believe that's what ldapsearch is dumping; here's some sample output in various error cases:

No server running (connection refused):
 $ ldapsearch -h myhost -b ''
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

No response, connection timed out:

$ ldapsearch -h 1.2.3.4 -b ''
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

TLS certificate not trusted:

$ ldapsearch -H ldaps://ldap.mycompany.com -b ''
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Host does not exist: 
$ ldapsearch -h nonexist.example.com -b ''
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

-- 
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris