Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Enhance LDAP authentication logging #156

Merged
merged 3 commits into from
Feb 20, 2025
Merged

chore: Enhance LDAP authentication logging #156

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
916042e
chore: improve logs for ldap auth
luohf-infinilabs Feb 20, 2025
862592c
docs: update release notes
luohf-infinilabs Feb 20, 2025
168c53f
Merge branch 'main' into ldap_logs_pr
silenceqi Feb 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/content.en/docs/release-notes/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ Information about release notes of INFINI Console is provided here.
- Update agent config with cluster name (#148)
- Optimize UI of histogram and datepicker in discover (#151)
- Support viewing logs for cluster, node, index health change events (#150)
- Enhance LDAP authentication logging (#156)

## 1.28.2 (2025-02-15)

Expand Down
1 change: 1 addition & 0 deletions docs/content.zh/docs/release-notes/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ title: "版本历史"
- 优化下发给 Agent 的配置,增加集群名称 (#148)
- 优化柱状图和时间选择器的 UI (#151)
- 集群,节点,索引健康状态变更支持查看日志 (#150)
- 增强 LDAP 身份验证的日志记录 (#156)

## 1.28.2 (2025-02-15)

Expand Down
3 changes: 3 additions & 0 deletions modules/security/realm/authc/ldap/ldap.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,9 @@ func (r *LDAPRealm) mapLDAPRoles(authInfo auth.Info) []string {
}

//map group
if len(authInfo.GetGroups()) == 0 {
log.Debugf("LDAP uid: %v, user: %v, group: %v", uid, authInfo, authInfo.GetGroups())
}
for _, roleName := range authInfo.GetGroups() {
newRoles, ok := r.config.RoleMapping.Group[roleName]
if ok {
Expand Down
8 changes: 4 additions & 4 deletions modules/security/realm/realm.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,9 @@ func Init(config *config.Config) {

func Authenticate(username, password string) (bool, *rbac.User, error) {

for i, realm := range realms {
for _, realm := range realms {
ok, user, err := realm.Authenticate(username, password)
log.Debugf("authenticate result: %v, user: %v, err: %v, realm: %v", ok, user, err, i)
log.Debugf("authenticate result: %v, user: %v, err: %v, realm: %v", ok, user, err, realm.GetType())
if ok && user != nil && err == nil {
return true, user, nil
}
Expand All @@ -92,14 +92,14 @@ func Authenticate(username, password string) (bool, *rbac.User, error) {

func Authorize(user *rbac.User) (bool, error) {

for i, realm := range realms {
for _, realm := range realms {
//skip if not the same auth provider, TODO: support cross-provider authorization
if user.AuthProvider != realm.GetType() {
continue
}

ok, err := realm.Authorize(user)
log.Debugf("authorize result: %v, user: %v, err: %v, realm: %v", ok, user, err, i)
log.Debugf("authorize result: %v, user: %v, err: %v, realm: %v", ok, user, err, realm.GetType())
if ok && err == nil {
//return on any success, TODO, maybe merge all roles and privileges from all realms
return true, nil
Expand Down
Loading