As an Administrator, I want to be able to set some additional flags to get very verbose tracing of the LDAP and LDAPS connection establishment process to debug various issues (loading of PEM file, TSL handshake, LDAP bind issues, ...).
This was possible in SafeLinx <= 1.1 using IBMs GSKit via the environment variables
LDAP_DEBUG=65535
LDAP_DEBUG_FILE=/tmp/ldap_trace.txt
which created logs similar to the one attached. Excerpt:
2023-02-20T06:49:54.045000-8:00 T4216 open_ldap_connection: ld(00000166FBCD0680), lc(00000166FD7C0D00)
2023-02-20T06:49:54.045000-8:00 T4216 open_connection: entered sb(00000166FD7C0D18) host(ldap.example.com) port(636)
2023-02-20T06:49:54.045000-8:00 T4216 ids_getaddrinfo: host(ldap.example.com), port(636), res(0000005205FF46E8)
2023-02-20T06:49:54.045000-8:00 T4216 ids_getaddrinfo: rc=0
2023-02-20T06:49:54.045000-8:00 T4216 tds_connect: socket(2764), address(00000166F6611F90), address_len(16), connect_to(0000000000000000)
...
2023-02-20T06:49:54.061000-8:00 T4216 setClientProtocols(): set gsk socket protocol [TLS12,TLS11,TLS10] and use default ciphers
...
2023-02-20T06:49:54.092000-8:00 T4216 In open_ssl_connection(): cipher used(2) 30
2023-02-20T06:49:54.092000-8:00 T4216 In open_ssl_connection(): protocol used(6) TLSV12
2023-02-20T06:49:54.092000-8:00 T4216 ldap_write_msg: connected to host
...
2023-02-20T06:49:54.092000-8:00 T4216 waitOnSocket: select rc=1
As newer version switched from GSKit to OpenSSL, this debug option, which is dearly needed, is missing. Please ad a similar debug/tracing option to future versions of SafeLinx.