[Lizmap] More verbose logging for LDAP

Laurent Jouanneau ljouanneau at 3liz.com
Thu Dec 19 03:19:37 PST 2019 

Hi Paolo,

There is no more extensive logging.

We will improve that. But there is no solution yet, except to put some 
jLog::log() instructions in some code..

Laurent

Le 18/12/2019 à 15:26, Paolo Cavallini a écrit :
> Hi all,
> sorry to insist, but without full logging we are moving aroound in
> darkness.
> So my original question: is there a way to enable more extensive logging?
> The problem seems to reside somewhere within Lizmap, because
> the server LDAP responds, auth.log doesn't complain, indirectly
> confirming that the user is authenticated, but some of the users are not
> listed, or have wrong groups (being "without a group" and at the same
> time belonging to the default group is weird), and return errors
> (Invalid user) when the admin try to see its detail.
> Cheers.
>
> Il 13/12/19 16:18, Paolo Cavallini ha scritto:
>> Hi Laurent
>>
>> Il 13/12/19 14:34, Laurent Jouanneau ha scritto:
>>> Le 13/12/2019 à 14:00, Paolo Cavallini a écrit :
>>>> Hi all,
>>>> some LDAP users cannot authenticate on our system.
>>> What it does exactly? Is there a message ? something else?
>> the usual
>> "Utente sconosciuto o password errata"
>> unknown user or wrong password
>>
>>>> Apparently everything
>>>> is fine, as LDAP server records the access and returns the
>>>> authentication, therefore auth.log does not report an error (it does
>>>> when an user insert wrong credentials).
>>>> We cannot find a reason for this: would it be possible to enable fully
>>>> verbose auth logging, to search for the issue?). Any other suggestion?
>>>> Thanks a lot.
>>> You can enable logs. see :
>>> https://docs.lizmap.com/current/en/install/ldap.html#debugging
>> of course, this is active. as mentioned, it logs correctly when an user
>> enters wrong credentials
>>
>>> See also your file var/log/errors.log
>> also checked, nothing relevant to auth here
>>
>>> If you synchronize lizmap user groups with groups given by your ldap, be
>>> sure corresponding lizmap groups exist.
>>>
>>> Be sure the account of users who cannot authenticate, have the status
>>> "enabled".
>> this is interesting: one of the "wrong" users was not validated. others
>> were missing, and a good set was listed as both "without a group" and
>> belonging to a specific group. if I click on View for those users I get
>> an `Invalid user` message.
>> so, apparently something went wrong during user configuration, but I
>> have not clear where.
>> as I understand it, users are not created trough Lizmap, so it is not
>> clear to me how these errors arise, and how to fix them.
>> Thanks a lot!
>>

More information about the Lizmap mailing list