[Lizmap] More verbose logging for LDAP
Paolo Cavallini
cavallini at faunalia.it
Wed Dec 18 06:26:12 PST 2019
Hi all,
sorry to insist, but without full logging we are moving aroound in
darkness.
So my original question: is there a way to enable more extensive logging?
The problem seems to reside somewhere within Lizmap, because
the server LDAP responds, auth.log doesn't complain, indirectly
confirming that the user is authenticated, but some of the users are not
listed, or have wrong groups (being "without a group" and at the same
time belonging to the default group is weird), and return errors
(Invalid user) when the admin try to see its detail.
Cheers.
Il 13/12/19 16:18, Paolo Cavallini ha scritto:
> Hi Laurent
>
> Il 13/12/19 14:34, Laurent Jouanneau ha scritto:
>>
>> Le 13/12/2019 à 14:00, Paolo Cavallini a écrit :
>>> Hi all,
>>> some LDAP users cannot authenticate on our system.
>>
>> What it does exactly? Is there a message ? something else?
>
> the usual
> "Utente sconosciuto o password errata"
> unknown user or wrong password
>
>>> Apparently everything
>>> is fine, as LDAP server records the access and returns the
>>> authentication, therefore auth.log does not report an error (it does
>>> when an user insert wrong credentials).
>>> We cannot find a reason for this: would it be possible to enable fully
>>> verbose auth logging, to search for the issue?). Any other suggestion?
>>> Thanks a lot.
>>
>> You can enable logs. see :
>> https://docs.lizmap.com/current/en/install/ldap.html#debugging
>
> of course, this is active. as mentioned, it logs correctly when an user
> enters wrong credentials
>
>> See also your file var/log/errors.log
>
> also checked, nothing relevant to auth here
>
>> If you synchronize lizmap user groups with groups given by your ldap, be
>> sure corresponding lizmap groups exist.
>>
>> Be sure the account of users who cannot authenticate, have the status
>> "enabled".
>
> this is interesting: one of the "wrong" users was not validated. others
> were missing, and a good set was listed as both "without a group" and
> belonging to a specific group. if I click on View for those users I get
> an `Invalid user` message.
> so, apparently something went wrong during user configuration, but I
> have not clear where.
> as I understand it, users are not created trough Lizmap, so it is not
> clear to me how these errors arise, and how to fix them.
> Thanks a lot!
>
--
Paolo Cavallini - www.faunalia.eu
QGIS.ORG Chair:
http://planet.qgis.org/planet/user/28/tag/qgis%20board/
More information about the Lizmap
mailing list