ldap: Improve debug messages

2023-04-12 14:25:13 +00:00 · 2021-11-07 14:57:34 +01:00 · 2021-11-07 14:57:34 +01:00 · d96b534921
commit d96b534921
parent 9a024cd7fc
2 changed files with 25 additions and 4 deletions
--- a/server/src/infra/ldap_handler.rs
+++ b/server/src/infra/ldap_handler.rs
@ -12,7 +12,7 @@ use ldap3_server::proto::{
    LdapFilter, LdapOp, LdapPartialAttribute, LdapPasswordModifyRequest, LdapResult,
    LdapResultCode, LdapSearchRequest, LdapSearchResultEntry, LdapSearchScope,
 };
-use log::*;
+use log::{debug, warn};
 use std::convert::TryFrom;

 fn make_dn_pair<I>(mut iter: I) -> Result<(String, String)>
@ -290,7 +290,7 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
    }

    pub async fn do_bind(&mut self, request: &LdapBindRequest) -> (LdapResultCode, String) {
-        info!(r#"Received bind request for "{}""#, &request.dn);
+        debug!(r#"Received bind request for "{}""#, &request.dn);
        let user_id = match get_user_id_from_distinguished_name(
            &request.dn,
            &self.base_dn,
@ -396,10 +396,10 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
            && request.scope == LdapSearchScope::Base
            && request.filter == LdapFilter::Present("objectClass".to_string())
        {
-            info!("Received rootDSE request");
+            debug!("Received rootDSE request");
            return vec![root_dse_response(&self.base_dn_str), make_search_success()];
        }
-        info!("Received search request: {:?}", &request);
+        debug!("Received search request: {:?}", &request);
        let dn_parts = match parse_distinguished_name(&request.base) {
            Ok(dn) => dn,
            Err(_) => {
@ -411,6 +411,10 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
        };
        if !is_subtree(&dn_parts, &self.base_dn) {
            // Search path is not in our tree, just return an empty success.
+            warn!(
+                "The specified search tree {:?} is not under the common subtree {:?}",
+                &dn_parts, &self.base_dn
+            );
            return vec![make_search_success()];
        }
        let mut results = Vec::new();
@ -1278,6 +1282,20 @@ mod tests {
        );
    }

+    #[tokio::test]
+    async fn test_search_wrong_base() {
+        let mut ldap_handler = setup_bound_handler(MockTestBackendHandler::new()).await;
+        let request = make_search_request(
+            "ou=users,dc=example,dc=com",
+            LdapFilter::And(vec![]),
+            vec!["objectClass"],
+        );
+        assert_eq!(
+            ldap_handler.do_search(&request).await,
+            vec![make_search_success()]
+        );
+    }
+
    #[tokio::test]
    async fn test_search_unsupported_filters() {
        let mut ldap_handler = setup_bound_handler(MockTestBackendHandler::new()).await;
--- a/server/src/infra/ldap_server.rs
+++ b/server/src/infra/ldap_server.rs
@ -29,6 +29,9 @@ where
    match session.handle_ldap_message(msg.op).await {
        None => return Ok(false),
        Some(result) => {
+            if result.is_empty() {
+                debug!("No response");
+            }
            for result_op in result.into_iter() {
                debug!("Replying with LDAP op: {:?}", &result_op);
                resp.send(LdapMsg {