Bug 691313 - Need TLS/SSL error messages in repl status and errors log

When an error is encnountered during the bind operation in the
beginning of a replication session, the error is only logged
at the fatal level the first time it is encountered.  If replication
level logging is turned on, it can be easy to miss the error the
first time, so the subsequent debug logging is not very useful.

This patch makes us log repeated bind errors at the replication log
level only.  The first time an error is encountered, it will still
be logged at the fatal level.

ldap/servers/plugins/replication/repl5_connection.c

@@ -1799,7 +1799,8 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password)
 	else 
 	{
 		ldap_controls_free( ctrls );
-		/* Do not report the same error over and over again */
+		/* Do not report the same error over and over again
+		 * unless replication level logging is enabled. */
 		if (conn->last_ldap_error != rc)
 		{
 			char *errmsg = NULL;
@@ -1811,6 +1812,15 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password)
 							agmt_get_long_name(conn->agmt),
 							mech ? mech : "SIMPLE", rc,
 							ldap_err2string(rc), errmsg);
+		} else {
+			char *errmsg = NULL;
+			/* errmsg is a pointer directly into the ld structure - do not free */
+			rc = slapi_ldap_get_lderrno( ld, NULL, &errmsg );
+			slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+							"%s: Replication bind with %s auth failed: LDAP error %d (%s) (%s)\n",
+							agmt_get_long_name(conn->agmt),
+							mech ? mech : "SIMPLE", rc,
+							ldap_err2string(rc), errmsg);
 		}
 
 		return (CONN_OPERATION_FAILED);

ldap/servers/plugins/replication/windows_connection.c

@@ -1802,7 +1802,8 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password)
 	else 
 	{
 		ldap_controls_free( ctrls );
-		/* Do not report the same error over and over again */
+		/* Do not report the same error over and over again
+		 * unless replication level logging is enabled. */
 		if (conn->last_ldap_error != rc)
 		{
 			char *errmsg = NULL;
@@ -1814,6 +1815,15 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password)
 							agmt_get_long_name(conn->agmt),
 							mech ? mech : "SIMPLE", rc,
 							ldap_err2string(rc), errmsg);
+		} else {
+			char *errmsg = NULL;
+			/* errmsg is a pointer directly into the ld structure - do not free */
+			rc = slapi_ldap_get_lderrno( ld, NULL, &errmsg );
+			slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+							"%s: Replication bind with %s auth failed: LDAP error %d (%s) (%s)\n",
+							agmt_get_long_name(conn->agmt),
+							mech ? mech : "SIMPLE", rc,
+							ldap_err2string(rc), errmsg);
 		}
 
 		LDAPDebug( LDAP_DEBUG_TRACE, "<= bind_and_check_pwp - CONN_OPERATION_FAILED\n", 0, 0, 0 );