Make the LDAP debug option a configurable setting
The LDAP OPT_DEBUG_LEVEL is very useful for debugging LDAP problems with Keystone. This change makes it easier to set and find. The default will be to have it disabled. DocImpact Change-Id: I342fe2eea752bd8632074600386f0173e7328132
This commit is contained in:
parent
c4c89b793d
commit
ae199d0050
@ -853,6 +853,12 @@
|
||||
# dereferencing configured by your ldap.conf. (string value)
|
||||
#alias_dereferencing=default
|
||||
|
||||
# Sets the LDAP debugging level for LDAP calls. A value of 0
|
||||
# means that debugging is not enabled. This value is a
|
||||
# bitmask, consult your LDAP documentation for possible
|
||||
# values. (integer value)
|
||||
#debug_level=<None>
|
||||
|
||||
# Override the system's default referral chasing behavior for
|
||||
# queries. (boolean value)
|
||||
#chase_referrals=<None>
|
||||
|
@ -440,6 +440,11 @@ FILE_OPTIONS = {
|
||||
'"finding" or "default". The "default" option falls '
|
||||
'back to using default dereferencing configured by '
|
||||
'your ldap.conf.'),
|
||||
cfg.IntOpt('debug_level', default=None,
|
||||
help='Sets the LDAP debugging level for LDAP calls. '
|
||||
'A value of 0 means that debugging is not enabled. '
|
||||
'This value is a bitmask, consult your LDAP '
|
||||
'documentation for possible values.'),
|
||||
cfg.BoolOpt('chase_referrals', default=None,
|
||||
help='Override the system\'s default referral chasing '
|
||||
'behavior for queries.'),
|
||||
|
@ -239,7 +239,7 @@ class LDAPHandler(object):
|
||||
@abc.abstractmethod
|
||||
def connect(self, url, page_size=0, alias_dereferencing=None,
|
||||
use_tls=False, tls_cacertfile=None, tls_cacertdir=None,
|
||||
tls_req_cert='demand', chase_referrals=None):
|
||||
tls_req_cert='demand', chase_referrals=None, debug_level=None):
|
||||
raise exception.NotImplemented()
|
||||
|
||||
@abc.abstractmethod
|
||||
@ -307,16 +307,15 @@ class PythonLDAPHandler(LDAPHandler):
|
||||
|
||||
def connect(self, url, page_size=0, alias_dereferencing=None,
|
||||
use_tls=False, tls_cacertfile=None, tls_cacertdir=None,
|
||||
tls_req_cert='demand', chase_referrals=None):
|
||||
tls_req_cert='demand', chase_referrals=None, debug_level=None):
|
||||
LOG.debug("LDAP init: url=%s", url)
|
||||
LOG.debug('LDAP init: use_tls=%s tls_cacertfile=%s tls_cacertdir=%s '
|
||||
'tls_req_cert=%s tls_avail=%s',
|
||||
use_tls, tls_cacertfile, tls_cacertdir,
|
||||
tls_req_cert, ldap.TLS_AVAIL)
|
||||
|
||||
# NOTE(topol)
|
||||
# for extra debugging uncomment the following line
|
||||
# ldap.set_option(ldap.OPT_DEBUG_LEVEL, 4095)
|
||||
if debug_level is not None:
|
||||
ldap.set_option(ldap.OPT_DEBUG_LEVEL, debug_level)
|
||||
|
||||
using_ldaps = url.lower().startswith("ldaps")
|
||||
|
||||
@ -453,10 +452,11 @@ class KeystoneLDAPHandler(LDAPHandler):
|
||||
|
||||
def connect(self, url, page_size=0, alias_dereferencing=None,
|
||||
use_tls=False, tls_cacertfile=None, tls_cacertdir=None,
|
||||
tls_req_cert='demand', chase_referrals=None):
|
||||
tls_req_cert='demand', chase_referrals=None, debug_level=None):
|
||||
return self.conn.connect(url, page_size, alias_dereferencing,
|
||||
use_tls, tls_cacertfile, tls_cacertdir,
|
||||
tls_req_cert, chase_referrals)
|
||||
tls_req_cert, chase_referrals,
|
||||
debug_level=debug_level)
|
||||
|
||||
def set_option(self, option, invalue):
|
||||
return self.conn.set_option(option, invalue)
|
||||
@ -672,6 +672,7 @@ class BaseLdap(object):
|
||||
self.tls_req_cert = parse_tls_cert(conf.ldap.tls_req_cert)
|
||||
self.attribute_mapping = {}
|
||||
self.chase_referrals = conf.ldap.chase_referrals
|
||||
self.debug_level = conf.ldap.debug_level
|
||||
|
||||
if self.options_name is not None:
|
||||
self.suffix = conf.ldap.suffix
|
||||
@ -764,7 +765,8 @@ class BaseLdap(object):
|
||||
tls_cacertfile=self.tls_cacertfile,
|
||||
tls_cacertdir=self.tls_cacertdir,
|
||||
tls_req_cert=self.tls_req_cert,
|
||||
chase_referrals=self.chase_referrals)
|
||||
chase_referrals=self.chase_referrals,
|
||||
debug_level=self.debug_level)
|
||||
|
||||
if user is None:
|
||||
user = self.LDAP_USER
|
||||
|
@ -195,7 +195,7 @@ class FakeLdap(core.LDAPHandler):
|
||||
|
||||
def connect(self, url, page_size=0, alias_dereferencing=None,
|
||||
use_tls=False, tls_cacertfile=None, tls_cacertdir=None,
|
||||
tls_req_cert='demand', chase_referrals=None):
|
||||
tls_req_cert='demand', chase_referrals=None, debug_level=None):
|
||||
if url.startswith('fake://memory'):
|
||||
if url not in FakeShelves:
|
||||
FakeShelves[url] = FakeShelve()
|
||||
|
@ -961,6 +961,21 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
|
||||
# is as expected.
|
||||
self.assertTrue(mocked_fakeldap.call_args[-1]['chase_referrals'])
|
||||
|
||||
@mock.patch.object(common_ldap_core.KeystoneLDAPHandler, 'connect')
|
||||
def test_debug_level_set(self, mocked_fakeldap):
|
||||
level = 12345
|
||||
self.config_fixture.config(
|
||||
group='ldap',
|
||||
url='fake://memory',
|
||||
debug_level=level)
|
||||
user_api = identity.backends.ldap.UserApi(CONF)
|
||||
user_api.get_connection(user=None, password=None)
|
||||
|
||||
# The last call_arg should be a dictionary and should contain
|
||||
# debug_level. Check to make sure the value of debug_level
|
||||
# is as expected.
|
||||
self.assertEqual(level, mocked_fakeldap.call_args[-1]['debug_level'])
|
||||
|
||||
def test_wrong_ldap_scope(self):
|
||||
self.config_fixture.config(group='ldap', query_scope=uuid.uuid4().hex)
|
||||
self.assertRaisesRegexp(
|
||||
|
Loading…
x
Reference in New Issue
Block a user