print diagnostic messages when sasl_interactive_bind or start_tls_s failed

diff --git a/clients/tools/common.c b/clients/tools/common.c
index d8fb6ac66f62162c580a0e7b55a1e5a468d503ce..aa7a0babab4293f03707ca98ca9202ccb753a13a 100644 (file)
--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@@ -1311,7 +1311,10 @@ dnssrv_free:;
                if ( use_tls ) {
                        rc = ldap_start_tls_s( ld, NULL, NULL );
                        if ( rc != LDAP_SUCCESS ) {
-                               tool_perror( "ldap_start_tls", rc, NULL, NULL, NULL, NULL );
+                               char *msg=NULL;
+                               ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg);
+                               tool_perror( "ldap_start_tls", rc, NULL, NULL, msg, NULL );
+                               ldap_memfree(msg);
                                if ( use_tls > 1 ) {
                                        exit( EXIT_FAILURE );
                                }
@@ -1408,8 +1411,11 @@ tool_bind( LDAP *ld )
 
                lutil_sasl_freedefs( defaults );
                if( rc != LDAP_SUCCESS ) {
+                       char *msg=NULL;
+                       ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg);
                        tool_perror( "ldap_sasl_interactive_bind_s",
-                               rc, NULL, NULL, NULL, NULL );
+                               rc, NULL, NULL, msg, NULL );
+                       ldap_memfree(msg);
                        exit( rc );
                }
 #else