Merge pull request #3585 from Icinga/feature/enhanced-ldap-logging
Feature/enhanced ldap logging
This commit is contained in:
commit
d919e23d0b
|
@ -84,6 +84,7 @@ class Web extends EmbeddedWeb
|
||||||
->setupLogging()
|
->setupLogging()
|
||||||
->setupErrorHandling()
|
->setupErrorHandling()
|
||||||
->loadConfig()
|
->loadConfig()
|
||||||
|
->setupLogger()
|
||||||
->setupRequest()
|
->setupRequest()
|
||||||
->setupSession()
|
->setupSession()
|
||||||
->setupNotifications()
|
->setupNotifications()
|
||||||
|
@ -97,7 +98,6 @@ class Web extends EmbeddedWeb
|
||||||
->setupUserBackendFactory()
|
->setupUserBackendFactory()
|
||||||
->setupUser()
|
->setupUser()
|
||||||
->setupTimezone()
|
->setupTimezone()
|
||||||
->setupLogger()
|
|
||||||
->setupInternationalization()
|
->setupInternationalization()
|
||||||
->setupFatalErrorHandling();
|
->setupFatalErrorHandling();
|
||||||
}
|
}
|
||||||
|
|
|
@ -153,9 +153,20 @@ class Auth
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (empty($groupsFromBackend)) {
|
if (empty($groupsFromBackend)) {
|
||||||
|
Logger::debug(
|
||||||
|
'No groups found in backend "%s" which the user "%s" is a member of.',
|
||||||
|
$name,
|
||||||
|
$user->getUsername()
|
||||||
|
);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
$groupsFromBackend = array_values($groupsFromBackend);
|
$groupsFromBackend = array_values($groupsFromBackend);
|
||||||
|
Logger::debug(
|
||||||
|
'Groups found in backend "%s" for user "%s": %s',
|
||||||
|
$name,
|
||||||
|
$user->getUsername(),
|
||||||
|
join(', ', $groupsFromBackend)
|
||||||
|
);
|
||||||
$groups = array_merge($groups, array_combine($groupsFromBackend, $groupsFromBackend));
|
$groups = array_merge($groups, array_combine($groupsFromBackend, $groupsFromBackend));
|
||||||
}
|
}
|
||||||
$user->setGroups($groups);
|
$user->setGroups($groups);
|
||||||
|
|
|
@ -466,15 +466,41 @@ class LdapUserGroupBackend extends LdapRepository implements Inspectable, UserGr
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$sampleValue = $this->ds
|
$sampleValues = $this->ds
|
||||||
->select()
|
->select()
|
||||||
->from($this->groupClass, array($this->groupMemberAttribute))
|
->from($this->groupClass, array($this->groupMemberAttribute))
|
||||||
->where($this->groupMemberAttribute, '*')
|
->where($this->groupMemberAttribute, '*')
|
||||||
|
->limit(Logger::getInstance()->getLevel() === Logger::DEBUG ? 3 : 1)
|
||||||
->setUnfoldAttribute($this->groupMemberAttribute)
|
->setUnfoldAttribute($this->groupMemberAttribute)
|
||||||
->setBase($this->groupBaseDn)
|
->setBase($this->groupBaseDn)
|
||||||
->fetchOne();
|
->fetchAll();
|
||||||
|
|
||||||
$this->ambiguousMemberAttribute = ! LdapUtils::isDn($sampleValue);
|
Logger::debug('Ambiguity query returned %d results', count($sampleValues));
|
||||||
|
|
||||||
|
$i = 0;
|
||||||
|
$sampleValue = null;
|
||||||
|
foreach ($sampleValues as $key => $value) {
|
||||||
|
if ($sampleValue === null) {
|
||||||
|
$sampleValue = $value;
|
||||||
|
}
|
||||||
|
|
||||||
|
Logger::debug('Result %d: %s (%s)', ++$i, $value, $key);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (is_object($sampleValue) && isset($sampleValue->{$this->groupMemberAttribute})) {
|
||||||
|
$this->ambiguousMemberAttribute = ! LdapUtils::isDn($sampleValue->{$this->groupMemberAttribute});
|
||||||
|
|
||||||
|
Logger::debug(
|
||||||
|
'Ambiguity check came to the conclusion that the member attribute %s ambiguous. Tested sample: %s',
|
||||||
|
$this->ambiguousMemberAttribute ? 'is' : 'is not',
|
||||||
|
$sampleValue->{$this->groupMemberAttribute}
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
Logger::warning(
|
||||||
|
'Ambiguity query returned zero or invalid results. Sample value is `%s`',
|
||||||
|
print_r($sampleValue, true)
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->ambiguousMemberAttribute;
|
return $this->ambiguousMemberAttribute;
|
||||||
|
|
|
@ -3,6 +3,8 @@
|
||||||
|
|
||||||
namespace Icinga\Protocol\Ldap;
|
namespace Icinga\Protocol\Ldap;
|
||||||
|
|
||||||
|
use Icinga\Application\Logger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The properties and capabilities of an LDAP server
|
* The properties and capabilities of an LDAP server
|
||||||
*
|
*
|
||||||
|
@ -347,6 +349,17 @@ class LdapCapabilities
|
||||||
|
|
||||||
$cap = new LdapCapabilities($connection->cleanupAttributes(ldap_get_attributes($ds, $entry), $fields));
|
$cap = new LdapCapabilities($connection->cleanupAttributes(ldap_get_attributes($ds, $entry), $fields));
|
||||||
$cap->discoverAdConfigOptions($connection);
|
$cap->discoverAdConfigOptions($connection);
|
||||||
|
|
||||||
|
if (isset($cap->attributes) && Logger::getInstance()->getLevel() === Logger::DEBUG) {
|
||||||
|
Logger::debug('Capability query discovered the following attributes:');
|
||||||
|
foreach ($cap->attributes as $name => $value) {
|
||||||
|
if ($value !== null) {
|
||||||
|
Logger::debug(' %s = %s', $name, $value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Logger::debug('Capability query attribute listing ended.');
|
||||||
|
}
|
||||||
|
|
||||||
return $cap;
|
return $cap;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue