Merge pull request #19022 from kenrowland/HPCC-31963

HPCC-31963 Improve LDAP server initialization failure log messages Reviewed-by: Jake Smith <[email protected]> Merged-by: Gavin Halliday <[email protected]>
hpcc-systems · Aug 27, 2024 · 9505b2d · 9505b2d
2 parents 158b5a8 + 16a92df
commit 9505b2d
Showing 1 changed file with 20 additions and 6 deletions.
diff --git a/system/security/LdapSecurity/ldaputils.cpp b/system/security/LdapSecurity/ldaputils.cpp
@@ -297,12 +297,26 @@ int LdapUtils::getServerInfo(const char* ldapserver, const char* userDN, const c
     {
         ld = ldapInitAndSimpleBind(ldapserver, userDN, pwd, ldapprotocol, ldapport, cipherSuite, timeout, &err);
 
-        // for new versions of openldap, version 2.2.*
-        if(nullptr == ld   &&  err == LDAP_PROTOCOL_ERROR  &&  stype != ACTIVE_DIRECTORY)
-            DBGLOG("If you're trying to connect to an OpenLdap server, make sure you have \"allow bind_v2\" enabled in slapd.conf");
-
-        if(nullptr == ld)
+        if (ld == nullptr)
+        {
+            if (err == LDAP_PROTOCOL_ERROR && stype != ACTIVE_DIRECTORY)
+            {
+                WARNLOG("Unable to connect. If you're trying to connect to an OpenLdap server, make sure you have \"allow bind_v2\" enabled in slapd.conf");
+            }
+            else
+            {
+                // If no cipher suite is specified, tell user they may need to provide one, otherwise tell them they may need to provide a different one
+                if (isEmptyString(cipherSuite))
+                {
+                    WARNLOG("Unable to connect. if you're trying to connect to an LDAPS server, you may need to specify a cipher suite using the 'ldapCipherSuite' attribute in the LDAP configuration.");
+                }
+                else
+                {
+                    WARNLOG("Unable to connect. If you're trying to connect to an LDAPS server, you may need to specify a different cipher suite using the 'ldapCipherSuite' attribute in the LDAP configuration.");
+                }
+            }
             return err;//unable to connect, give up
+        }
     }
 
     LDAPMessage* msg = NULL;
@@ -311,7 +325,7 @@ int LdapUtils::getServerInfo(const char* ldapserver, const char* userDN, const c
     err = ldap_search_ext_s(ld, NULL, LDAP_SCOPE_BASE, "objectClass=*", attrs, false, NULL, NULL, &timeOut, LDAP_NO_LIMIT, &msg);
     if(err != LDAP_SUCCESS)
     {
-        DBGLOG("ldap_search_ext_s error: %s", ldap_err2string( err ));
+        WARNLOG("ldap_search_ext_s error: %s", ldap_err2string( err ));
         if (msg)
             ldap_msgfree(msg);
         return err;