[Lizmap] More verbose logging for LDAP
Paolo Cavallini
cavallini at faunalia.it
Fri Dec 13 07:18:03 PST 2019
Hi Laurent
Il 13/12/19 14:34, Laurent Jouanneau ha scritto:
>
> Le 13/12/2019 à 14:00, Paolo Cavallini a écrit :
>> Hi all,
>> some LDAP users cannot authenticate on our system.
>
> What it does exactly? Is there a message ? something else?
the usual
"Utente sconosciuto o password errata"
unknown user or wrong password
>> Apparently everything
>> is fine, as LDAP server records the access and returns the
>> authentication, therefore auth.log does not report an error (it does
>> when an user insert wrong credentials).
>> We cannot find a reason for this: would it be possible to enable fully
>> verbose auth logging, to search for the issue?). Any other suggestion?
>> Thanks a lot.
>
> You can enable logs. see :
> https://docs.lizmap.com/current/en/install/ldap.html#debugging
of course, this is active. as mentioned, it logs correctly when an user
enters wrong credentials
> See also your file var/log/errors.log
also checked, nothing relevant to auth here
> If you synchronize lizmap user groups with groups given by your ldap, be
> sure corresponding lizmap groups exist.
>
> Be sure the account of users who cannot authenticate, have the status
> "enabled".
this is interesting: one of the "wrong" users was not validated. others
were missing, and a good set was listed as both "without a group" and
belonging to a specific group. if I click on View for those users I get
an `Invalid user` message.
so, apparently something went wrong during user configuration, but I
have not clear where.
as I understand it, users are not created trough Lizmap, so it is not
clear to me how these errors arise, and how to fix them.
Thanks a lot!
--
Paolo Cavallini - www.faunalia.eu
QGIS.ORG Chair:
http://planet.qgis.org/planet/user/28/tag/qgis%20board/
More information about the Lizmap
mailing list