[Lizmap] More verbose logging for LDAP

Paolo Cavallini cavallini at faunalia.it
Fri Dec 13 07:18:03 PST 2019

Hi Laurent

Il 13/12/19 14:34, Laurent Jouanneau ha scritto:
> Le 13/12/2019 à 14:00, Paolo Cavallini a écrit :
>> Hi all,
>> some LDAP users cannot authenticate on our system.
> What it does exactly? Is there a message ? something else?

the usual
"Utente sconosciuto o password errata"
unknown user or wrong password

>> Apparently everything
>> is fine, as LDAP server records the access and returns the
>> authentication, therefore auth.log does not report an error (it does
>> when an user insert wrong credentials).
>> We cannot find a reason for this: would it be possible to enable fully
>> verbose auth logging, to search for the issue?). Any other suggestion?
>> Thanks a lot.
> You can enable logs. see :
> https://docs.lizmap.com/current/en/install/ldap.html#debugging

of course, this is active. as mentioned, it logs correctly when an user
enters wrong credentials

> See also your file var/log/errors.log

also checked, nothing relevant to auth here

> If you synchronize lizmap user groups with groups given by your ldap, be
> sure corresponding lizmap groups exist.
> Be sure the account of users who cannot authenticate, have the status
> "enabled".

this is interesting: one of the "wrong" users was not validated. others
were missing, and a good set was listed as both "without a group" and
belonging to a specific group. if I click on View for those users I get
an `Invalid user` message.
so, apparently something went wrong during user configuration, but I
have not clear where.
as I understand it, users are not created trough Lizmap, so it is not
clear to me how these errors arise, and how to fix them.
Thanks a lot!

Paolo Cavallini - www.faunalia.eu

More information about the Lizmap mailing list