ldap: Improve debug messages

This commit is contained in:
Valentin Tolmer 2021-11-07 14:57:34 +01:00 committed by nitnelave
parent 9a024cd7fc
commit d96b534921
2 changed files with 25 additions and 4 deletions

View File

@ -12,7 +12,7 @@ use ldap3_server::proto::{
LdapFilter, LdapOp, LdapPartialAttribute, LdapPasswordModifyRequest, LdapResult, LdapFilter, LdapOp, LdapPartialAttribute, LdapPasswordModifyRequest, LdapResult,
LdapResultCode, LdapSearchRequest, LdapSearchResultEntry, LdapSearchScope, LdapResultCode, LdapSearchRequest, LdapSearchResultEntry, LdapSearchScope,
}; };
use log::*; use log::{debug, warn};
use std::convert::TryFrom; use std::convert::TryFrom;
fn make_dn_pair<I>(mut iter: I) -> Result<(String, String)> fn make_dn_pair<I>(mut iter: I) -> Result<(String, String)>
@ -290,7 +290,7 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
} }
pub async fn do_bind(&mut self, request: &LdapBindRequest) -> (LdapResultCode, String) { pub async fn do_bind(&mut self, request: &LdapBindRequest) -> (LdapResultCode, String) {
info!(r#"Received bind request for "{}""#, &request.dn); debug!(r#"Received bind request for "{}""#, &request.dn);
let user_id = match get_user_id_from_distinguished_name( let user_id = match get_user_id_from_distinguished_name(
&request.dn, &request.dn,
&self.base_dn, &self.base_dn,
@ -396,10 +396,10 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
&& request.scope == LdapSearchScope::Base && request.scope == LdapSearchScope::Base
&& request.filter == LdapFilter::Present("objectClass".to_string()) && request.filter == LdapFilter::Present("objectClass".to_string())
{ {
info!("Received rootDSE request"); debug!("Received rootDSE request");
return vec![root_dse_response(&self.base_dn_str), make_search_success()]; return vec![root_dse_response(&self.base_dn_str), make_search_success()];
} }
info!("Received search request: {:?}", &request); debug!("Received search request: {:?}", &request);
let dn_parts = match parse_distinguished_name(&request.base) { let dn_parts = match parse_distinguished_name(&request.base) {
Ok(dn) => dn, Ok(dn) => dn,
Err(_) => { Err(_) => {
@ -411,6 +411,10 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
}; };
if !is_subtree(&dn_parts, &self.base_dn) { if !is_subtree(&dn_parts, &self.base_dn) {
// Search path is not in our tree, just return an empty success. // Search path is not in our tree, just return an empty success.
warn!(
"The specified search tree {:?} is not under the common subtree {:?}",
&dn_parts, &self.base_dn
);
return vec![make_search_success()]; return vec![make_search_success()];
} }
let mut results = Vec::new(); let mut results = Vec::new();
@ -1278,6 +1282,20 @@ mod tests {
); );
} }
#[tokio::test]
async fn test_search_wrong_base() {
let mut ldap_handler = setup_bound_handler(MockTestBackendHandler::new()).await;
let request = make_search_request(
"ou=users,dc=example,dc=com",
LdapFilter::And(vec![]),
vec!["objectClass"],
);
assert_eq!(
ldap_handler.do_search(&request).await,
vec![make_search_success()]
);
}
#[tokio::test] #[tokio::test]
async fn test_search_unsupported_filters() { async fn test_search_unsupported_filters() {
let mut ldap_handler = setup_bound_handler(MockTestBackendHandler::new()).await; let mut ldap_handler = setup_bound_handler(MockTestBackendHandler::new()).await;

View File

@ -29,6 +29,9 @@ where
match session.handle_ldap_message(msg.op).await { match session.handle_ldap_message(msg.op).await {
None => return Ok(false), None => return Ok(false),
Some(result) => { Some(result) => {
if result.is_empty() {
debug!("No response");
}
for result_op in result.into_iter() { for result_op in result.into_iter() {
debug!("Replying with LDAP op: {:?}", &result_op); debug!("Replying with LDAP op: {:?}", &result_op);
resp.send(LdapMsg { resp.send(LdapMsg {