ldap: Improve debug messages

This commit is contained in:
Valentin Tolmer 2021-11-07 14:57:34 +01:00 committed by nitnelave
parent 9a024cd7fc
commit d96b534921
2 changed files with 25 additions and 4 deletions

View File

@ -12,7 +12,7 @@ use ldap3_server::proto::{
LdapFilter, LdapOp, LdapPartialAttribute, LdapPasswordModifyRequest, LdapResult,
LdapResultCode, LdapSearchRequest, LdapSearchResultEntry, LdapSearchScope,
};
use log::*;
use log::{debug, warn};
use std::convert::TryFrom;
fn make_dn_pair<I>(mut iter: I) -> Result<(String, String)>
@ -290,7 +290,7 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
}
pub async fn do_bind(&mut self, request: &LdapBindRequest) -> (LdapResultCode, String) {
info!(r#"Received bind request for "{}""#, &request.dn);
debug!(r#"Received bind request for "{}""#, &request.dn);
let user_id = match get_user_id_from_distinguished_name(
&request.dn,
&self.base_dn,
@ -396,10 +396,10 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
&& request.scope == LdapSearchScope::Base
&& request.filter == LdapFilter::Present("objectClass".to_string())
{
info!("Received rootDSE request");
debug!("Received rootDSE request");
return vec![root_dse_response(&self.base_dn_str), make_search_success()];
}
info!("Received search request: {:?}", &request);
debug!("Received search request: {:?}", &request);
let dn_parts = match parse_distinguished_name(&request.base) {
Ok(dn) => dn,
Err(_) => {
@ -411,6 +411,10 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
};
if !is_subtree(&dn_parts, &self.base_dn) {
// Search path is not in our tree, just return an empty success.
warn!(
"The specified search tree {:?} is not under the common subtree {:?}",
&dn_parts, &self.base_dn
);
return vec![make_search_success()];
}
let mut results = Vec::new();
@ -1278,6 +1282,20 @@ mod tests {
);
}
#[tokio::test]
async fn test_search_wrong_base() {
let mut ldap_handler = setup_bound_handler(MockTestBackendHandler::new()).await;
let request = make_search_request(
"ou=users,dc=example,dc=com",
LdapFilter::And(vec![]),
vec!["objectClass"],
);
assert_eq!(
ldap_handler.do_search(&request).await,
vec![make_search_success()]
);
}
#[tokio::test]
async fn test_search_unsupported_filters() {
let mut ldap_handler = setup_bound_handler(MockTestBackendHandler::new()).await;

View File

@ -29,6 +29,9 @@ where
match session.handle_ldap_message(msg.op).await {
None => return Ok(false),
Some(result) => {
if result.is_empty() {
debug!("No response");
}
for result_op in result.into_iter() {
debug!("Replying with LDAP op: {:?}", &result_op);
resp.send(LdapMsg {