[Lizmap] More verbose logging for LDAP

Paolo Cavallini cavallini at faunalia.it
Thu Dec 19 03:37:54 PST 2019

ok, thanks for clarifying.

Il 19/12/19 12:19, Laurent Jouanneau ha scritto:
> Hi Paolo,
> There is no more extensive logging.
> We will improve that. But there is no solution yet, except to put some
> jLog::log() instructions in some code..
> Laurent
> Le 18/12/2019 à 15:26, Paolo Cavallini a écrit :
>> Hi all,
>> sorry to insist, but without full logging we are moving aroound in
>> darkness.
>> So my original question: is there a way to enable more extensive logging?
>> The problem seems to reside somewhere within Lizmap, because
>> the server LDAP responds, auth.log doesn't complain, indirectly
>> confirming that the user is authenticated, but some of the users are not
>> listed, or have wrong groups (being "without a group" and at the same
>> time belonging to the default group is weird), and return errors
>> (Invalid user) when the admin try to see its detail.
>> Cheers.
>> Il 13/12/19 16:18, Paolo Cavallini ha scritto:
>>> Hi Laurent
>>> Il 13/12/19 14:34, Laurent Jouanneau ha scritto:
>>>> Le 13/12/2019 à 14:00, Paolo Cavallini a écrit :
>>>>> Hi all,
>>>>> some LDAP users cannot authenticate on our system.
>>>> What it does exactly? Is there a message ? something else?
>>> the usual
>>> "Utente sconosciuto o password errata"
>>> unknown user or wrong password
>>>>> Apparently everything
>>>>> is fine, as LDAP server records the access and returns the
>>>>> authentication, therefore auth.log does not report an error (it does
>>>>> when an user insert wrong credentials).
>>>>> We cannot find a reason for this: would it be possible to enable fully
>>>>> verbose auth logging, to search for the issue?). Any other suggestion?
>>>>> Thanks a lot.
>>>> You can enable logs. see :
>>>> https://docs.lizmap.com/current/en/install/ldap.html#debugging
>>> of course, this is active. as mentioned, it logs correctly when an user
>>> enters wrong credentials
>>>> See also your file var/log/errors.log
>>> also checked, nothing relevant to auth here
>>>> If you synchronize lizmap user groups with groups given by your
>>>> ldap, be
>>>> sure corresponding lizmap groups exist.
>>>> Be sure the account of users who cannot authenticate, have the status
>>>> "enabled".
>>> this is interesting: one of the "wrong" users was not validated. others
>>> were missing, and a good set was listed as both "without a group" and
>>> belonging to a specific group. if I click on View for those users I get
>>> an `Invalid user` message.
>>> so, apparently something went wrong during user configuration, but I
>>> have not clear where.
>>> as I understand it, users are not created trough Lizmap, so it is not
>>> clear to me how these errors arise, and how to fix them.
>>> Thanks a lot!
> _______________________________________________
> Lizmap mailing list
> Lizmap at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/lizmap

Paolo Cavallini - www.faunalia.eu

More information about the Lizmap mailing list