Todo #13718
closedImprove LDAP debugging
100%
Description
The LDAP debug logs are inconsistent in their use of log_auth()
vs log_error()
and they should all be log_error()
as using log_auth()
will result in console alerts.
Also the messages could use a consistent prefix such as "LDAP Debug".
Would also help to log debug info in a few more cases along the code path plus a summary of settings.
And then to make it actually useful, add a 'debug' option to diag_authentication.php which will trigger this logging.
See also: #13093
To me, I already have the changes done, this is to make sure it gets listed in the release notes.
N.B.: There is still room for further improvement in future versions and also we could add similar debugging to radius auth and so on eventually.
Updated by Jim Pingle about 2 years ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset 51c72717a62860a85b251ea17e72087a27d9e18a.
Updated by Jim Pingle about 2 years ago
- Status changed from Feedback to Resolved
This is working well. Go to Diag > Auth, pick the server, enter the credentials, check the debug box and:
2022-12-08 08:52:59.036667-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Attempting to authenticate jimp on LDAPAuth 2022-12-08 08:52:59.036825-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: URI: ldap://ldap.example.com:389 (v3) 2022-12-08 08:52:59.036925-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Base DN: dc=example,dc=com 2022-12-08 08:52:59.037022-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Scope: subtree 2022-12-08 08:52:59.037118-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Auth Bind DN: 2022-12-08 08:52:59.037214-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Container: dc=example,dc=com 2022-12-08 08:52:59.037311-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Attrs: Name: cn / Group: memberUid 2022-12-08 08:52:59.037413-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Extended Query: 2022-12-08 08:52:59.037510-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Filter: (cn=jimp) 2022-12-08 08:52:59.037611-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Group Filter: 2022-12-08 08:52:59.057372-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: LDAP connection error flag: false 2022-12-08 08:52:59.062664-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Now Searching for jimp in directory. 2022-12-08 08:52:59.062842-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Now searching in server LDAPAuth, container dc=example,dc=com with filter (cn=jimp). 2022-12-08 08:52:59.066293-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Logged in successfully as jimp via LDAP server LDAPAuth with DN = cn=jimp,ou=people,dc=example,dc=com.