Project

General

Profile

Actions

Todo #13718

closed

Improve LDAP debugging

Added by Jim Pingle 2 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.01
Release Notes:
Default

Description

The LDAP debug logs are inconsistent in their use of log_auth() vs log_error() and they should all be log_error() as using log_auth() will result in console alerts.

Also the messages could use a consistent prefix such as "LDAP Debug".

Would also help to log debug info in a few more cases along the code path plus a summary of settings.

And then to make it actually useful, add a 'debug' option to diag_authentication.php which will trigger this logging.

See also: #13093

To me, I already have the changes done, this is to make sure it gets listed in the release notes.

N.B.: There is still room for further improvement in future versions and also we could add similar debugging to radius auth and so on eventually.

Actions #1

Updated by Jim Pingle 2 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Jim Pingle about 2 months ago

  • Status changed from Feedback to Resolved

This is working well. Go to Diag > Auth, pick the server, enter the credentials, check the debug box and:

2022-12-08 08:52:59.036667-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: Attempting to authenticate jimp on LDAPAuth
2022-12-08 08:52:59.036825-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: URI: ldap://ldap.example.com:389 (v3)
2022-12-08 08:52:59.036925-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: Base DN: dc=example,dc=com
2022-12-08 08:52:59.037022-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: Scope: subtree
2022-12-08 08:52:59.037118-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: Auth Bind DN:
2022-12-08 08:52:59.037214-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: Container: dc=example,dc=com
2022-12-08 08:52:59.037311-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: Attrs: Name: cn / Group: memberUid
2022-12-08 08:52:59.037413-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: Extended Query:
2022-12-08 08:52:59.037510-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: Filter: (cn=jimp)
2022-12-08 08:52:59.037611-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: Group Filter:
2022-12-08 08:52:59.057372-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: LDAP connection error flag: false
2022-12-08 08:52:59.062664-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: Now Searching for jimp in directory.
2022-12-08 08:52:59.062842-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: Now searching in server LDAPAuth, container dc=example,dc=com with filter (cn=jimp).
2022-12-08 08:52:59.066293-05:00     php-fpm     19979     /diag_authentication.php: LDAP Debug: Logged in successfully as jimp via LDAP server LDAPAuth with DN = cn=jimp,ou=people,dc=example,dc=com. 
Actions

Also available in: Atom PDF