diff --git a/docs/content.en/docs/release-notes/_index.md b/docs/content.en/docs/release-notes/_index.md index 8e61eccb..295d5d57 100644 --- a/docs/content.en/docs/release-notes/_index.md +++ b/docs/content.en/docs/release-notes/_index.md @@ -24,6 +24,7 @@ Information about release notes of INFINI Console is provided here. - Update agent config with cluster name (#148) - Optimize UI of histogram and datepicker in discover (#151) - Support viewing logs for cluster, node, index health change events (#150) +- Enhance LDAP authentication logging (#156) - Optimize UI for copying metric requests (#155) ## 1.28.2 (2025-02-15) diff --git a/docs/content.zh/docs/release-notes/_index.md b/docs/content.zh/docs/release-notes/_index.md index 85b7ea2e..a6d128f3 100644 --- a/docs/content.zh/docs/release-notes/_index.md +++ b/docs/content.zh/docs/release-notes/_index.md @@ -24,6 +24,7 @@ title: "版本历史" - 优化下发给 Agent 的配置,增加集群名称 (#148) - 优化柱状图和时间选择器的 UI (#151) - 集群,节点,索引健康状态变更支持查看日志 (#150) +- 增强 LDAP 身份验证的日志记录 (#156) - 优化监控报表里拷贝指标请求的 UI (#155) ## 1.28.2 (2025-02-15) diff --git a/modules/security/realm/authc/ldap/ldap.go b/modules/security/realm/authc/ldap/ldap.go index 6ee2fe93..e10659b3 100644 --- a/modules/security/realm/authc/ldap/ldap.go +++ b/modules/security/realm/authc/ldap/ldap.go @@ -82,6 +82,9 @@ func (r *LDAPRealm) mapLDAPRoles(authInfo auth.Info) []string { } //map group + if len(authInfo.GetGroups()) == 0 { + log.Debugf("LDAP uid: %v, user: %v, group: %v", uid, authInfo, authInfo.GetGroups()) + } for _, roleName := range authInfo.GetGroups() { newRoles, ok := r.config.RoleMapping.Group[roleName] if ok { diff --git a/modules/security/realm/realm.go b/modules/security/realm/realm.go index 360a8f38..cd5da3e9 100644 --- a/modules/security/realm/realm.go +++ b/modules/security/realm/realm.go @@ -77,9 +77,9 @@ func Init(config *config.Config) { func Authenticate(username, password string) (bool, *rbac.User, error) { - for i, realm := range realms { + for _, realm := range realms { ok, user, err := realm.Authenticate(username, password) - log.Debugf("authenticate result: %v, user: %v, err: %v, realm: %v", ok, user, err, i) + log.Debugf("authenticate result: %v, user: %v, err: %v, realm: %v", ok, user, err, realm.GetType()) if ok && user != nil && err == nil { return true, user, nil } @@ -92,14 +92,14 @@ func Authenticate(username, password string) (bool, *rbac.User, error) { func Authorize(user *rbac.User) (bool, error) { - for i, realm := range realms { + for _, realm := range realms { //skip if not the same auth provider, TODO: support cross-provider authorization if user.AuthProvider != realm.GetType() { continue } ok, err := realm.Authorize(user) - log.Debugf("authorize result: %v, user: %v, err: %v, realm: %v", ok, user, err, i) + log.Debugf("authorize result: %v, user: %v, err: %v, realm: %v", ok, user, err, realm.GetType()) if ok && err == nil { //return on any success, TODO, maybe merge all roles and privileges from all realms return true, nil