Bug 1559524

Summary: nslcd only prints 200 characters in error message
Product: Red Hat Enterprise Linux 7 Reporter: Steffen Froemer <sfroemer>
Component: nss-pam-ldapdAssignee: Tomas Halman <thalman>
Status: CLOSED ERRATA QA Contact: Filip Dvorak <fdvorak>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.4CC: fdvorak, jhrozek, pkis, tscherf
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: nss-pam-ldapd-0.8.13-19.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-31 20:03:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steffen Froemer 2018-03-22 17:20:30 UTC 
Description of problem:
Using nslcd for debugging LDAP authentication, errormessages are stripped at 200 characters

Version-Release number of selected component (if applicable):
nss-pam-ldapd-0.8.13-8.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.
2.
3.

Actual results:
nslcd: [8b4567] <passwd="user"> ldap_start_tls_s() failed (uri=ldaps://server1.example.com:636/): Server is unavailable: The TLS connection security provider cannot be enabled on this client connection because it is already usi...
nslcd: [8b4567] <passwd="user"> failed to bind to LDAP server ldaps://server1.example.com:636/: Server is unavailable: The TLS connection security provider cannot be enabled on this client connection because it is already using...



Expected results:
The error message should be printed completely

Additional info:
Checking the Source, it seems it's hardcoded value.

https://github.com/arthurdejong/nss-pam-ldapd/blob/master/nslcd/log.c

/* log the given message using the configured logging method */
void log_log(int pri, const char *format, ...)
{
  int res;
  struct log_cfg *lst;
  char buffer[200];                                  ----> this limits to 200 char
  va_list ap;
#ifndef TLS
  char *sessionid, *requestid;
  pthread_once(&tls_init_once, tls_init_keys);
  sessionid = pthread_getspecific(sessionid_key);
  requestid = pthread_getspecific(requestid_key);
#endif /* no TLS */
  /* make the message */
  va_start(ap, format);
res = vsnprintf(buffer, sizeof(buffer), format, ap);             ---> here it truncates to 200
Comment 7 Steffen Froemer 2018-06-25 06:40:32 UTC 
I've filed a bug to upstream project as well

https://github.com/arthurdejong/nss-pam-ldapd/issues/26
Comment 27 errata-xmlrpc 2020-03-31 20:03:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1119