diff --git a/library/Icinga/Application/Web.php b/library/Icinga/Application/Web.php index 0b3f3f8b8..bb9809479 100644 --- a/library/Icinga/Application/Web.php +++ b/library/Icinga/Application/Web.php @@ -84,6 +84,7 @@ class Web extends EmbeddedWeb ->setupLogging() ->setupErrorHandling() ->loadConfig() + ->setupLogger() ->setupRequest() ->setupSession() ->setupNotifications() @@ -97,7 +98,6 @@ class Web extends EmbeddedWeb ->setupUserBackendFactory() ->setupUser() ->setupTimezone() - ->setupLogger() ->setupInternationalization() ->setupFatalErrorHandling(); } diff --git a/library/Icinga/Authentication/Auth.php b/library/Icinga/Authentication/Auth.php index c627ccac0..67a148678 100644 --- a/library/Icinga/Authentication/Auth.php +++ b/library/Icinga/Authentication/Auth.php @@ -153,9 +153,20 @@ class Auth continue; } if (empty($groupsFromBackend)) { + Logger::debug( + 'No groups found in backend "%s" which the user "%s" is a member of.', + $name, + $user->getUsername() + ); continue; } $groupsFromBackend = array_values($groupsFromBackend); + Logger::debug( + 'Groups found in backend "%s" for user "%s": %s', + $name, + $user->getUsername(), + join(', ', $groupsFromBackend) + ); $groups = array_merge($groups, array_combine($groupsFromBackend, $groupsFromBackend)); } $user->setGroups($groups); diff --git a/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php b/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php index bd0835af0..14a9dea67 100644 --- a/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php +++ b/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php @@ -466,15 +466,41 @@ class LdapUserGroupBackend extends LdapRepository implements Inspectable, UserGr ); } - $sampleValue = $this->ds + $sampleValues = $this->ds ->select() ->from($this->groupClass, array($this->groupMemberAttribute)) ->where($this->groupMemberAttribute, '*') + ->limit(Logger::getInstance()->getLevel() === Logger::DEBUG ? 3 : 1) ->setUnfoldAttribute($this->groupMemberAttribute) ->setBase($this->groupBaseDn) - ->fetchOne(); + ->fetchAll(); - $this->ambiguousMemberAttribute = ! LdapUtils::isDn($sampleValue); + Logger::debug('Ambiguity query returned %d results', count($sampleValues)); + + $i = 0; + $sampleValue = null; + foreach ($sampleValues as $key => $value) { + if ($sampleValue === null) { + $sampleValue = $value; + } + + Logger::debug('Result %d: %s (%s)', ++$i, $value, $key); + } + + if (is_object($sampleValue) && isset($sampleValue->{$this->groupMemberAttribute})) { + $this->ambiguousMemberAttribute = ! LdapUtils::isDn($sampleValue->{$this->groupMemberAttribute}); + + Logger::debug( + 'Ambiguity check came to the conclusion that the member attribute %s ambiguous. Tested sample: %s', + $this->ambiguousMemberAttribute ? 'is' : 'is not', + $sampleValue->{$this->groupMemberAttribute} + ); + } else { + Logger::warning( + 'Ambiguity query returned zero or invalid results. Sample value is `%s`', + print_r($sampleValue, true) + ); + } } return $this->ambiguousMemberAttribute; diff --git a/library/Icinga/Protocol/Ldap/LdapCapabilities.php b/library/Icinga/Protocol/Ldap/LdapCapabilities.php index 5568aa5bb..0e562b115 100644 --- a/library/Icinga/Protocol/Ldap/LdapCapabilities.php +++ b/library/Icinga/Protocol/Ldap/LdapCapabilities.php @@ -3,6 +3,8 @@ namespace Icinga\Protocol\Ldap; +use Icinga\Application\Logger; + /** * The properties and capabilities of an LDAP server * @@ -347,6 +349,17 @@ class LdapCapabilities $cap = new LdapCapabilities($connection->cleanupAttributes(ldap_get_attributes($ds, $entry), $fields)); $cap->discoverAdConfigOptions($connection); + + if (isset($cap->attributes) && Logger::getInstance()->getLevel() === Logger::DEBUG) { + Logger::debug('Capability query discovered the following attributes:'); + foreach ($cap->attributes as $name => $value) { + if ($value !== null) { + Logger::debug(' %s = %s', $name, $value); + } + } + Logger::debug('Capability query attribute listing ended.'); + } + return $cap; }