Add support for LDAP debug output in Samba log file.

Logging of the ldap libraries appears with a [LDAP] prefix
inside the samba logs. This is controlled by two new parameters:

* "ldap debug level" sets the debug level of the ldap libraries.
  It is the bit-field as understood by the openldap server.

* "ldap debug threshold" is the samba debug level at which ldap
  logging appears inside the samba logs.

This probably needs some configure tests since it makes
use of the LBER_OPT_LOG_PRINT_FN option to redirect the
debug output of the ldap libraries.

Michael
(This used to be commit 15c25990bd)

source3/Makefile.in

@@ -340,7 +340,7 @@ READLINE_OBJ = lib/readline.o
 # Be sure to include them into your application
 POPT_LIB_OBJ = lib/popt_common.o
 
-PARAM_WITHOUT_REG_OBJ = dynconfig.o param/loadparm.o param/params.o param/util.o lib/sharesec.o
+PARAM_WITHOUT_REG_OBJ = dynconfig.o param/loadparm.o param/params.o param/util.o lib/sharesec.o lib/ldap_debug_handler.o
 PARAM_REG_ADD_OBJ = $(UTIL_REG_API_OBJ)
 PARAM_OBJ = $(PARAM_WITHOUT_REG_OBJ) $(PARAM_REG_ADD_OBJ)
 

source3/lib/ldap_debug_handler.c

@@ -0,0 +1,52 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Intercept libldap debug output.
+ * Copyright (C) Michael Adam 2008
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#if HAVE_LDAP
+
+static void samba_ldap_log_print_fn(LDAP_CONST char *data)
+{
+	DEBUG(lp_ldap_debug_threshold(), ("[LDAP] %s", data));
+}
+
+#endif
+
+void init_ldap_debugging(void)
+{
+#if HAVE_LDAP
+	int ret;
+	int ldap_debug_level = lp_ldap_debug_level();
+
+	ret = ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_debug_level);
+	if (ret != LDAP_OPT_SUCCESS) {
+		DEBUG(10, ("Error setting LDAP debug level.\n"));
+	}
+
+	if (ldap_debug_level == 0) {
+		return;
+	}
+
+	ret = ber_set_option(NULL, LBER_OPT_LOG_PRINT_FN,
+			     (void *)samba_ldap_log_print_fn);
+	if (ret != LBER_OPT_SUCCESS) {
+		DEBUG(10, ("Error setting LBER log print function.\n"));
+	}
+#endif /* HAVE_LDAP */
+}

source3/param/loadparm.c

@@ -244,6 +244,8 @@ typedef struct {
 	int ldap_ssl;
 	char *szLdapSuffix;
 	char *szLdapAdminDn;
+	int ldap_debug_level;
+	int ldap_debug_threshold;
 	int iAclCompat;
 	char *szCupsServer;
 	char *szIPrintServer;
@@ -648,6 +650,7 @@ static bool handle_netbios_aliases( int snum, const char *pszParmValue, char **p
 static bool handle_netbios_scope( int snum, const char *pszParmValue, char **ptr );
 static bool handle_charset( int snum, const char *pszParmValue, char **ptr );
 static bool handle_printing( int snum, const char *pszParmValue, char **ptr);
+static bool handle_ldap_debug_level( int snum, const char *pszParmValue, char **ptr);
 
 static void set_server_role(void);
 static void set_default_server_announce_type(void);
@@ -1223,6 +1226,10 @@ static struct parm_struct parm_table[] = {
 	{"ldap page size", P_INTEGER, P_GLOBAL, &Globals.ldap_page_size, NULL, NULL, FLAG_ADVANCED},
 	{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, NULL, NULL, FLAG_ADVANCED}, 
 
+	{"ldap debug level", P_INTEGER, P_GLOBAL, &Globals.ldap_debug_level, handle_ldap_debug_level, NULL, FLAG_ADVANCED},
+	{"ldap debug threshold", P_INTEGER, P_GLOBAL, &Globals.ldap_debug_threshold, NULL, NULL, FLAG_ADVANCED},
+
+
 	{N_("EventLog Options"), P_SEP, P_SEPARATOR}, 
 	{"eventlog list",  P_LIST, P_GLOBAL, &Globals.szEventLogs, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, 
 
@@ -1640,6 +1647,9 @@ static void init_globals(bool first_time_only)
 	Globals.ldap_timeout = LDAP_CONNECT_DEFAULT_TIMEOUT;
 	Globals.ldap_page_size = LDAP_PAGE_SIZE;
 
+	Globals.ldap_debug_level = 0;
+	Globals.ldap_debug_threshold = 10;
+
 	/* This is what we tell the afs client. in reality we set the token 
 	 * to never expire, though, when this runs out the afs client will 
 	 * forget the token. Set to 0 to get NEVERDATE.*/
@@ -1954,6 +1964,8 @@ FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn)
 FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep)
 FN_GLOBAL_INTEGER(lp_ldap_timeout, &Globals.ldap_timeout)
 FN_GLOBAL_INTEGER(lp_ldap_page_size, &Globals.ldap_page_size)
+FN_GLOBAL_INTEGER(lp_ldap_debug_level, &Globals.ldap_debug_level)
+FN_GLOBAL_INTEGER(lp_ldap_debug_threshold, &Globals.ldap_debug_threshold)
 FN_GLOBAL_STRING(lp_add_share_cmd, &Globals.szAddShareCommand)
 FN_GLOBAL_STRING(lp_change_share_cmd, &Globals.szChangeShareCommand)
 FN_GLOBAL_STRING(lp_delete_share_cmd, &Globals.szDeleteShareCommand)
@@ -3844,6 +3856,13 @@ static bool handle_copy(int snum, const char *pszParmValue, char **ptr)
 	return (bRetval);
 }
 
+static bool handle_ldap_debug_level(int snum, const char *pszParmValue, char **ptr)
+{
+	Globals.ldap_debug_level = lp_int(pszParmValue);
+	init_ldap_debugging();
+	return true;
+}
+
 /***************************************************************************
  Handle idmap/non unix account uid and gid allocation parameters.  The format of these
  parameters is: