[Lizmap] R: More verbose logging for LDAP

Fabio Pifferini Fabio.Pifferini at masotti.ch
Fri Dec 13 07:51:27 PST 2019

...additionaly to my previous mail, you can eventualy use a tool like LDAPbrowser (https://www.ldapadministrator.com/softerra-ldap-browser.htm) to verify the LDAP settings used in Lizmap.


-----Messaggio originale-----
Da: Lizmap <lizmap-bounces at lists.osgeo.org> Per conto di Paolo Cavallini
Inviato: venerdì, 13 dicembre 2019 16:18
A: lizmap at lists.osgeo.org
Oggetto: Re: [Lizmap] More verbose logging for LDAP

Hi Laurent

Il 13/12/19 14:34, Laurent Jouanneau ha scritto:
> Le 13/12/2019 à 14:00, Paolo Cavallini a écrit :
>> Hi all,
>> some LDAP users cannot authenticate on our system.
> What it does exactly? Is there a message ? something else?

the usual
"Utente sconosciuto o password errata"
unknown user or wrong password

>> Apparently everything
>> is fine, as LDAP server records the access and returns the 
>> authentication, therefore auth.log does not report an error (it does 
>> when an user insert wrong credentials).
>> We cannot find a reason for this: would it be possible to enable 
>> fully verbose auth logging, to search for the issue?). Any other suggestion?
>> Thanks a lot.
> You can enable logs. see :
> https://docs.lizmap.com/current/en/install/ldap.html#debugging

of course, this is active. as mentioned, it logs correctly when an user enters wrong credentials

> See also your file var/log/errors.log

also checked, nothing relevant to auth here

> If you synchronize lizmap user groups with groups given by your ldap, 
> be sure corresponding lizmap groups exist.
> Be sure the account of users who cannot authenticate, have the status 
> "enabled".

this is interesting: one of the "wrong" users was not validated. others were missing, and a good set was listed as both "without a group" and belonging to a specific group. if I click on View for those users I get an `Invalid user` message.
so, apparently something went wrong during user configuration, but I have not clear where.
as I understand it, users are not created trough Lizmap, so it is not clear to me how these errors arise, and how to fix them.
Thanks a lot!

Paolo Cavallini - www.faunalia.eu
Lizmap mailing list
Lizmap at lists.osgeo.org

More information about the Lizmap mailing list