aboutsummaryrefslogtreecommitdiff
path: root/src/modules/m_ldapauth.cpp
diff options
context:
space:
mode:
authorGravatar Joel Sing2020-03-12 16:20:46 +1100
committerGravatar GitHub2020-03-12 05:20:46 +0000
commit1a7b4bac42c0c0f4dc9d0081c462d62f193e0da8 (patch)
tree884bbbe1e8aa10376529ee3ff08f08c706934db4 /src/modules/m_ldapauth.cpp
parentWarn if the server config contains an unhashed password. (diff)
Improve logging for the m_ldap and m_ldapauth modules (#1757).
Currently, it is difficult to diagnose LDAP authentication failures, since the logs do not provide sufficient information about what is actually being queried and what actually failed. This increases logging details so that information about the LDAP query is included, for example: Fri Mar 06 2020 08:02:59 ANNOUNCEMENT: Error binding as manager to LDAP server: Invalid credentials (bind dn=cn=adminz,dc=nodomain) Rather than: Fri Mar 06 2020 08:02:59 ANNOUNCEMENT: Error binding as manager to LDAP server: Invalid credentials Same with connection logging: Fri Mar 06 2020 07:59:53 CONNECT: Forbidden connection from jsing!jsing@192.168.200.1 (Invalid credentials (bind dn=uid=jsing,dc=nodomain)) Fri Mar 06 2020 08:01:19 CONNECT: Successful connection from jsing!jsing@192.168.200.1 (dn=uid=jsing,dc=nodomain)
Diffstat (limited to 'src/modules/m_ldapauth.cpp')
-rw-r--r--src/modules/m_ldapauth.cpp8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/modules/m_ldapauth.cpp b/src/modules/m_ldapauth.cpp
index b612fe8b2..fb5c69d0d 100644
--- a/src/modules/m_ldapauth.cpp
+++ b/src/modules/m_ldapauth.cpp
@@ -118,6 +118,9 @@ class BindInterface : public LDAPInterface
if (!checkingAttributes && requiredattributes.empty())
{
+ if (verbose)
+ ServerInstance->SNO->WriteToSnoMask('c', "Successful connection from %s (dn=%s)", user->GetFullRealHost().c_str(), DN.c_str());
+
// We're done, there are no attributes to check
SetVHost(user, DN);
authed->set(user, 1);
@@ -134,6 +137,9 @@ class BindInterface : public LDAPInterface
// Only one has to pass
passed = true;
+ if (verbose)
+ ServerInstance->SNO->WriteToSnoMask('c', "Successful connection from %s (dn=%s)", user->GetFullRealHost().c_str(), DN.c_str());
+
SetVHost(user, DN);
authed->set(user, 1);
}
@@ -171,7 +177,7 @@ class BindInterface : public LDAPInterface
if (!attrCount)
{
if (verbose)
- ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (unable to validate attributes)", user->GetFullRealHost().c_str());
+ ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (dn=%s) (unable to validate attributes)", user->GetFullRealHost().c_str(), DN.c_str());
ServerInstance->Users->QuitUser(user, killreason);
delete this;
}