Todo #13718
closed
Added by Jim Pingle over 1 year ago.
Updated over 1 year ago.
Plus Target Version:
23.01
Description
The LDAP debug logs are inconsistent in their use of log_auth() vs log_error() and they should all be log_error() as using log_auth() will result in console alerts.
Also the messages could use a consistent prefix such as "LDAP Debug".
Would also help to log debug info in a few more cases along the code path plus a summary of settings.
And then to make it actually useful, add a 'debug' option to diag_authentication.php which will trigger this logging.
See also: #13093
To me, I already have the changes done, this is to make sure it gets listed in the release notes.
N.B.: There is still room for further improvement in future versions and also we could add similar debugging to radius auth and so on eventually.
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
- Status changed from Feedback to Resolved
This is working well. Go to Diag > Auth, pick the server, enter the credentials, check the debug box and:
2022-12-08 08:52:59.036667-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Attempting to authenticate jimp on LDAPAuth
2022-12-08 08:52:59.036825-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: URI: ldap://ldap.example.com:389 (v3)
2022-12-08 08:52:59.036925-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Base DN: dc=example,dc=com
2022-12-08 08:52:59.037022-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Scope: subtree
2022-12-08 08:52:59.037118-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Auth Bind DN:
2022-12-08 08:52:59.037214-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Container: dc=example,dc=com
2022-12-08 08:52:59.037311-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Attrs: Name: cn / Group: memberUid
2022-12-08 08:52:59.037413-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Extended Query:
2022-12-08 08:52:59.037510-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Filter: (cn=jimp)
2022-12-08 08:52:59.037611-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Group Filter:
2022-12-08 08:52:59.057372-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: LDAP connection error flag: false
2022-12-08 08:52:59.062664-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Now Searching for jimp in directory.
2022-12-08 08:52:59.062842-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Now searching in server LDAPAuth, container dc=example,dc=com with filter (cn=jimp).
2022-12-08 08:52:59.066293-05:00 php-fpm 19979 /diag_authentication.php: LDAP Debug: Logged in successfully as jimp via LDAP server LDAPAuth with DN = cn=jimp,ou=people,dc=example,dc=com.
Also available in: Atom
PDF
Updated by