Merge pull request #3585 from Icinga/feature/enhanced-ldap-logging
Feature/enhanced ldap logging
This commit is contained in:
Eric Lippmann
GitHub
commit
d919e23d0b
|
|
@ -84,6 +84,7 @@ class Web extends EmbeddedWeb
|
|||
->setupLogging()
|
||||
->setupErrorHandling()
|
||||
->loadConfig()
|
||||
->setupLogger()
|
||||
->setupRequest()
|
||||
->setupSession()
|
||||
->setupNotifications()
|
||||
|
|
@ -97,7 +98,6 @@ class Web extends EmbeddedWeb
|
|||
->setupUserBackendFactory()
|
||||
->setupUser()
|
||||
->setupTimezone()
|
||||
->setupLogger()
|
||||
->setupInternationalization()
|
||||
->setupFatalErrorHandling();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -153,9 +153,20 @@ class Auth
|
|||
continue;
|
||||
}
|
||||
if (empty($groupsFromBackend)) {
|
||||
Logger::debug(
|
||||
'No groups found in backend "%s" which the user "%s" is a member of.',
|
||||
$name,
|
||||
$user->getUsername()
|
||||
);
|
||||
continue;
|
||||
}
|
||||
$groupsFromBackend = array_values($groupsFromBackend);
|
||||
Logger::debug(
|
||||
'Groups found in backend "%s" for user "%s": %s',
|
||||
$name,
|
||||
$user->getUsername(),
|
||||
join(', ', $groupsFromBackend)
|
||||
);
|
||||
$groups = array_merge($groups, array_combine($groupsFromBackend, $groupsFromBackend));
|
||||
}
|
||||
$user->setGroups($groups);
|
||||
|
|
|
|||
|
|
@ -466,15 +466,41 @@ class LdapUserGroupBackend extends LdapRepository implements Inspectable, UserGr
|
|||
);
|
||||
}
|
||||
|
||||
$sampleValue = $this->ds
|
||||
$sampleValues = $this->ds
|
||||
->select()
|
||||
->from($this->groupClass, array($this->groupMemberAttribute))
|
||||
->where($this->groupMemberAttribute, '*')
|
||||
->limit(Logger::getInstance()->getLevel() === Logger::DEBUG ? 3 : 1)
|
||||
->setUnfoldAttribute($this->groupMemberAttribute)
|
||||
->setBase($this->groupBaseDn)
|
||||
->fetchOne();
|
||||
->fetchAll();
|
||||
|
||||
$this->ambiguousMemberAttribute = ! LdapUtils::isDn($sampleValue);
|
||||
Logger::debug('Ambiguity query returned %d results', count($sampleValues));
|
||||
|
||||
$i = 0;
|
||||
$sampleValue = null;
|
||||
foreach ($sampleValues as $key => $value) {
|
||||
if ($sampleValue === null) {
|
||||
$sampleValue = $value;
|
||||
}
|
||||
|
||||
Logger::debug('Result %d: %s (%s)', ++$i, $value, $key);
|
||||
}
|
||||
|
||||
if (is_object($sampleValue) && isset($sampleValue->{$this->groupMemberAttribute})) {
|
||||
$this->ambiguousMemberAttribute = ! LdapUtils::isDn($sampleValue->{$this->groupMemberAttribute});
|
||||
|
||||
Logger::debug(
|
||||
'Ambiguity check came to the conclusion that the member attribute %s ambiguous. Tested sample: %s',
|
||||
$this->ambiguousMemberAttribute ? 'is' : 'is not',
|
||||
$sampleValue->{$this->groupMemberAttribute}
|
||||
);
|
||||
} else {
|
||||
Logger::warning(
|
||||
'Ambiguity query returned zero or invalid results. Sample value is `%s`',
|
||||
print_r($sampleValue, true)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
return $this->ambiguousMemberAttribute;
|
||||
|
|
|
|||
|
|
@ -3,6 +3,8 @@
|
|||
|
||||
namespace Icinga\Protocol\Ldap;
|
||||
|
||||
use Icinga\Application\Logger;
|
||||
|
||||
/**
|
||||
* The properties and capabilities of an LDAP server
|
||||
*
|
||||
|
|
@ -347,6 +349,17 @@ class LdapCapabilities
|
|||
|
||||
$cap = new LdapCapabilities($connection->cleanupAttributes(ldap_get_attributes($ds, $entry), $fields));
|
||||
$cap->discoverAdConfigOptions($connection);
|
||||
|
||||
if (isset($cap->attributes) && Logger::getInstance()->getLevel() === Logger::DEBUG) {
|
||||
Logger::debug('Capability query discovered the following attributes:');
|
||||
foreach ($cap->attributes as $name => $value) {
|
||||
if ($value !== null) {
|
||||
Logger::debug(' %s = %s', $name, $value);
|
||||
}
|
||||
}
|
||||
Logger::debug('Capability query attribute listing ended.');
|
||||
}
|
||||
|
||||
return $cap;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue