[Lizmap] More verbose logging for LDAP

Paolo Cavallini cavallini at faunalia.it
Fri Dec 13 08:03:46 PST 2019 

Thanks Fabio, all.
The problem, however, seems to reside somewhere within Lizmap, because
the server LDAP responds, auth.log doesn't complain, indirectly
confirming that the user is authenticated, but some of the users are not
listed, or have wrong groups (being "without a group" and at the same
time belonging to the default group is weird), and return errors
(Invalid user) when the admin try to see its detail.
The basic point is that without full logging we are moving aroound in
darkness.
So my original question: is there a way to enable more extensive logging?
Cheers.

Il 13/12/19 16:51, Fabio Pifferini ha scritto:
> ...additionaly to my previous mail, you can eventualy use a tool like LDAPbrowser (https://www.ldapadministrator.com/softerra-ldap-browser.htm) to verify the LDAP settings used in Lizmap.
> 
> Fabio
> 
> -----Messaggio originale-----
> Da: Lizmap <lizmap-bounces at lists.osgeo.org> Per conto di Paolo Cavallini
> Inviato: venerdì, 13 dicembre 2019 16:18
> A: lizmap at lists.osgeo.org
> Oggetto: Re: [Lizmap] More verbose logging for LDAP
> 
> Hi Laurent
> 
> Il 13/12/19 14:34, Laurent Jouanneau ha scritto:
>>
>> Le 13/12/2019 à 14:00, Paolo Cavallini a écrit :
>>> Hi all,
>>> some LDAP users cannot authenticate on our system.
>>
>> What it does exactly? Is there a message ? something else?
> 
> the usual
> "Utente sconosciuto o password errata"
> unknown user or wrong password
> 
>>> Apparently everything
>>> is fine, as LDAP server records the access and returns the 
>>> authentication, therefore auth.log does not report an error (it does 
>>> when an user insert wrong credentials).
>>> We cannot find a reason for this: would it be possible to enable 
>>> fully verbose auth logging, to search for the issue?). Any other suggestion?
>>> Thanks a lot.
>>
>> You can enable logs. see :
>> https://docs.lizmap.com/current/en/install/ldap.html#debugging
> 
> of course, this is active. as mentioned, it logs correctly when an user enters wrong credentials
> 
>> See also your file var/log/errors.log
> 
> also checked, nothing relevant to auth here
> 
>> If you synchronize lizmap user groups with groups given by your ldap, 
>> be sure corresponding lizmap groups exist.
>>
>> Be sure the account of users who cannot authenticate, have the status 
>> "enabled".
> 
> this is interesting: one of the "wrong" users was not validated. others were missing, and a good set was listed as both "without a group" and belonging to a specific group. if I click on View for those users I get an `Invalid user` message.
> so, apparently something went wrong during user configuration, but I have not clear where.
> as I understand it, users are not created trough Lizmap, so it is not clear to me how these errors arise, and how to fix them.
> Thanks a lot!
> 
> --
> Paolo Cavallini - www.faunalia.eu
> QGIS.ORG Chair:
> http://planet.qgis.org/planet/user/28/tag/qgis%20board/
> _______________________________________________
> Lizmap mailing list
> Lizmap at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/lizmap
> 

-- 
Paolo Cavallini - www.faunalia.eu
QGIS.ORG Chair:
http://planet.qgis.org/planet/user/28/tag/qgis%20board/

More information about the Lizmap mailing list