diff options
| author | Werner Koch <wk@gnupg.org> | 2021-05-28 15:20:57 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2021-06-16 12:45:20 +0200 |
| commit | 58e4c82512a4b0828f78fc9f03dbcdbf77760b5c (patch) | |
| tree | 6156d864bfadfce46abbc2ea89f0f35e561f6866 /dirmngr/ks-engine-ldap.c | |
| parent | dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers. (diff) | |
| download | gnupg2-58e4c82512a4b0828f78fc9f03dbcdbf77760b5c.tar.xz gnupg2-58e4c82512a4b0828f78fc9f03dbcdbf77760b5c.zip | |
dirmngr: Fix default port for our redefinition of ldaps.
* dirmngr/server.c (make_keyserver_item): Fix default port for ldaps.
Move a tmpstr out of the blocks.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Improve diagnostics.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 8de9d54ac83fa20cb52b847b643311841be4d6dc)
Diffstat (limited to 'dirmngr/ks-engine-ldap.c')
| -rw-r--r-- | dirmngr/ks-engine-ldap.c | 30 |
1 files changed, 13 insertions, 17 deletions
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index 42b3a837f..72da786fc 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -571,15 +571,14 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp, } } - if (opt.debug) - log_debug ("my_ldap_connect(%s:%d/%s????%s%s%s%s%s)\n", - host, port, - basedn_arg ? basedn_arg : "", - bindname ? "bindname=" : "", - bindname ? bindname : "", - password ? "," : "", - password ? "password=>not_shown<" : "", - use_ntds ? " auth=>current_user<":""); + if (opt.verbose) + log_info ("ldap connect to '%s:%d:%s:%s:%s:%s%s'\n", + host, port, + basedn_arg ? basedn_arg : "", + bindname ? bindname : "", + password ? "*****" : "", + use_tls == 1? "starttls" : use_tls == 2? "ldaptls" : "plain", + use_ntds ? ",ntds":""); /* If the uri specifies a secure connection and we don't support @@ -596,6 +595,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp, #ifdef HAVE_W32_SYSTEM + /* Note that host==NULL uses the default domain controller. */ npth_unprotect (); ldap_conn = ldap_sslinit (host, port, (use_tls == 2)); npth_protect (); @@ -619,7 +619,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp, npth_unprotect (); lerr = ldap_initialize (&ldap_conn, tmpstr); npth_protect (); - if (lerr || !ldap_conn) + if (lerr != LDAP_SUCCESS || !ldap_conn) { err = ldap_err_to_gpg_err (lerr); log_error ("error initializing LDAP '%s': %s\n", @@ -655,7 +655,8 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp, err = ldap_err_to_gpg_err (lerr); goto out; } - + if (opt.verbose) + log_info ("ldap timeout set to %us\n", opt.ldaptimeout); } #endif @@ -704,8 +705,6 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp, if (use_ntds) { - if (opt.debug) - log_debug ("ldap: binding to current user via AD\n"); #ifdef HAVE_W32_SYSTEM npth_unprotect (); lerr = ldap_bind_s (ldap_conn, NULL, NULL, LDAP_AUTH_NEGOTIATE); @@ -718,16 +717,13 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp, goto out; } #else + log_error ("ldap: no Active Directory support but 'ntds' requested\n"); err = gpg_error (GPG_ERR_NOT_SUPPORTED); goto out; #endif } else if (bindname) { - if (opt.debug) - log_debug ("LDAP bind to '%s', password '%s'\n", - bindname, password ? ">not_shown<" : ">none<"); - npth_unprotect (); lerr = ldap_simple_bind_s (ldap_conn, bindname, password); npth_protect (); |