LOG.debug not working in LDAP code
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Expired
|
Medium
|
Unassigned |
Bug Description
When I was first setting up a connection to LDAP via keystone I fought through some configuration issues. One of the first issues is that I had user_name_attribute incorrect so that it could not validate my specified user on a a request like "keystone user-list". Unfortunately when the failure scenario here happens, you get no useful logging, even with Debug and Verbose enabled. The only message available is:
2014-01-30 21:41:45.461 9499 WARNING keystone.
and from the CLI:
root@test-03:~# keystone user-list
Could not find user, foo. (HTTP 401)
It's not even obvious from this that LDAP was used at all much less what the issue might be. I ended up adding my own logging and
once I dumped the query that get_by_name ends up calling the issue was obvious:
(&(cn=foo)
Since in my case cn was incorrect.
I've been digging some to see if I can add logging here without logging every query call without too much success, although I've not had a ton of time. If someone has a suggestion I'd be happy to work on it.
Changed in keystone: | |
importance: | Wishlist → Medium |
tags: | added: ldap |
Changed in keystone: | |
status: | Triaged → Incomplete |
We used to have this level of logging -- I'd suggest adding a `keystone.conf [ldap] verbose` option to control that specifically for those that need it.