Hello,
I am currently debugging some weird SASL login failures on Active
Directory. I am using the function ldap_sasl_bind_s() to perform the SASL
negociations. I know that ldap_sasl_bind_s() calls
ldap_parse_sasl_bind_result() which sets the ld_error field of the 'LDAP'
connection structure to the error string returned by the AD server when a
login failure occurs. The content of this string is invaluable to debug
the login issues. Yet, there seems to be no way to access the content of
the ld_error field without bypassing the public interface of the openldap
library.
Is there any other way to access the error string returned by the server?
Also, has someone ever encountered a situation where half of the users of
an AD server can authenticate using SASL and the other half trigger an
"invalid credentials" error? All those accounts are valid & working, and
simple binds can be made without errors.
Thank you,
Laurent Birtz