[Lizmap] R: More verbose logging for LDAP

Fabio Pifferini Fabio.Pifferini at masotti.ch
Wed Dec 18 06:56:28 PST 2019

Hi Paolo,
could you provide a copy of the log file 'auth.log' in '/var/log' ?
Do you have checked if in the other logs file under  '/var/log' there are messages related to ldap?


-----Messaggio originale-----
Da: Lizmap <lizmap-bounces at lists.osgeo.org> Per conto di Paolo Cavallini
Inviato: mercoledì, 18 dicembre 2019 15:26
A: lizmap at lists.osgeo.org
Oggetto: Re: [Lizmap] More verbose logging for LDAP

Hi all,
sorry to insist, but without full logging we are moving aroound in darkness.
So my original question: is there a way to enable more extensive logging?
The problem seems to reside somewhere within Lizmap, because the server LDAP responds, auth.log doesn't complain, indirectly confirming that the user is authenticated, but some of the users are not listed, or have wrong groups (being "without a group" and at the same time belonging to the default group is weird), and return errors (Invalid user) when the admin try to see its detail.

Il 13/12/19 16:18, Paolo Cavallini ha scritto:
> Hi Laurent
> Il 13/12/19 14:34, Laurent Jouanneau ha scritto:
>> Le 13/12/2019 à 14:00, Paolo Cavallini a écrit :
>>> Hi all,
>>> some LDAP users cannot authenticate on our system.
>> What it does exactly? Is there a message ? something else?
> the usual
> "Utente sconosciuto o password errata"
> unknown user or wrong password
>>> Apparently everything
>>> is fine, as LDAP server records the access and returns the 
>>> authentication, therefore auth.log does not report an error (it does 
>>> when an user insert wrong credentials).
>>> We cannot find a reason for this: would it be possible to enable 
>>> fully verbose auth logging, to search for the issue?). Any other suggestion?
>>> Thanks a lot.
>> You can enable logs. see :
>> https://docs.lizmap.com/current/en/install/ldap.html#debugging
> of course, this is active. as mentioned, it logs correctly when an 
> user enters wrong credentials
>> See also your file var/log/errors.log
> also checked, nothing relevant to auth here
>> If you synchronize lizmap user groups with groups given by your ldap, 
>> be sure corresponding lizmap groups exist.
>> Be sure the account of users who cannot authenticate, have the status 
>> "enabled".
> this is interesting: one of the "wrong" users was not validated. 
> others were missing, and a good set was listed as both "without a 
> group" and belonging to a specific group. if I click on View for those 
> users I get an `Invalid user` message.
> so, apparently something went wrong during user configuration, but I 
> have not clear where.
> as I understand it, users are not created trough Lizmap, so it is not 
> clear to me how these errors arise, and how to fix them.
> Thanks a lot!

Paolo Cavallini - www.faunalia.eu
Lizmap mailing list
Lizmap at lists.osgeo.org

More information about the Lizmap mailing list