Browse Source

Add debug for ldap

Laurent Destailleur 2 years ago
parent
commit
69ca6c02d7
2 changed files with 23 additions and 5 deletions
  1. 20 2
      htdocs/core/class/ldap.class.php
  2. 3 3
      htdocs/core/login/functions_ldap.php

+ 20 - 2
htdocs/core/class/ldap.class.php

@@ -193,12 +193,20 @@ class Ldap
 	{
 		// phpcs:enable
 		global $conf;
+		global $dolibarr_main_auth_ldap_debug;
 
 		$connected = 0;
 		$this->bind = 0;
 		$this->error = 0;
 		$this->connectedServer = '';
 
+		$ldapdebug = ((empty($dolibarr_main_auth_ldap_debug) || $dolibarr_main_auth_ldap_debug == "false") ? false : true);
+
+		if ($ldapdebug) {
+			dol_syslog(get_class($this)."::connect_bind");
+			print "DEBUG: connect_bind<br>\n";
+		}
+
 		// Check parameters
 		if (count($this->server) == 0 || empty($this->server[0])) {
 			$this->error = 'LDAP setup (file conf.php) is not complete';
@@ -223,18 +231,28 @@ class Ldap
 				}
 
 				if ($this->serverPing($host, $this->serverPort) === true) {
+					if ($ldapdebug) {
+						dol_syslog(get_class($this)."::connect_bind serverPing true, we try ldap_connect to ".$host);
+					}
 					$this->connection = ldap_connect($host, $this->serverPort);
 				} else {
 					if (preg_match('/^ldaps/i', $host)) {
 						// With host = ldaps://server, the serverPing to ssl://server sometimes fails, even if the ldap_connect succeed, so
-						// we test this case and continue in suche a case even if serverPing fails.
+						// we test this case and continue in such a case even if serverPing fails.
+						if ($ldapdebug) {
+							dol_syslog(get_class($this)."::connect_bind serverPing false, we try ldap_connect to ".$host);
+						}
 						$this->connection = ldap_connect($host, $this->serverPort);
 					} else {
 						continue;
 					}
 				}
 
-				if (is_resource($this->connection) ||  is_object($this->connection)) {
+				if (is_resource($this->connection) || is_object($this->connection)) {
+					if ($ldapdebug) {
+						dol_syslog(get_class($this)."::connect_bind this->connection is ok", LOG_DEBUG);
+					}
+
 					// Upgrade connexion to TLS, if requested by the configuration
 					if (!empty($conf->global->LDAP_SERVER_USE_TLS)) {
 						// For test/debug

+ 3 - 3
htdocs/core/login/functions_ldap.php

@@ -77,7 +77,7 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
 		$ldapdn = $dolibarr_main_auth_ldap_dn;
 		$ldapadminlogin = $dolibarr_main_auth_ldap_admin_login;
 		$ldapadminpass = $dolibarr_main_auth_ldap_admin_pass;
-		$ldapdebug = (empty($dolibarr_main_auth_ldap_debug) || $dolibarr_main_auth_ldap_debug == "false" ? false : true);
+		$ldapdebug = ((empty($dolibarr_main_auth_ldap_debug) || $dolibarr_main_auth_ldap_debug == "false") ? false : true);
 
 		if ($ldapdebug) {
 			print "DEBUG: Logging LDAP steps<br>\n";
@@ -94,9 +94,9 @@ function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
 
 		if ($ldapdebug) {
 			dol_syslog("functions_ldap::check_user_password_ldap Server:".join(',', $ldap->server).", Port:".$ldap->serverPort.", Protocol:".$ldap->ldapProtocolVersion.", Type:".$ldap->serverType);
-			dol_syslog("functions_ldap::check_user_password_ldap uid/samacountname=".$ldapuserattr.", dn=".$ldapdn.", Admin:".$ldap->searchUser.", Pass:".$ldap->searchPassword);
+			dol_syslog("functions_ldap::check_user_password_ldap uid/samaccountname=".$ldapuserattr.", dn=".$ldapdn.", Admin:".$ldap->searchUser.", Pass:".dol_trunc($ldap->searchPassword, 3));
 			print "DEBUG: Server:".join(',', $ldap->server).", Port:".$ldap->serverPort.", Protocol:".$ldap->ldapProtocolVersion.", Type:".$ldap->serverType."<br>\n";
-			print "DEBUG: uid/samacountname=".$ldapuserattr.", dn=".$ldapdn.", Admin:".$ldap->searchUser.", Pass:".$ldap->searchPassword."<br>\n";
+			print "DEBUG: uid/samaccountname=".$ldapuserattr.", dn=".$ldapdn.", Admin:".$ldap->searchUser.", Pass:".dol_trunc($ldap->searchPassword, 3)."<br>\n";
 		}
 
 		$resultFetchLdapUser = 0;