mirror of
https://github.com/mainnika/nginx-auth-ldap.git
synced 2026-05-22 15:53:39 +00:00
Unification and small cleanup of log messages
Most importantly, all messages start with "http_auth_ldap: " now.
This commit is contained in:
Jiri Hruska
+36
-35
@@ -201,7 +201,7 @@ ngx_http_auth_ldap_ldap_server_block(ngx_conf_t *cf, ngx_command_t *cmd, void *c
|
||||
name = value[1];
|
||||
|
||||
if (ngx_strlen(name.data) == 0) {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "Error: no name of ldap server specified");
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: Missing server name in ldap_server");
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
@@ -328,7 +328,7 @@ ngx_http_auth_ldap_servers(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
}
|
||||
|
||||
if (server == NULL) {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "LDAP server \"%V\" is not defined!", value);
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: Server \"%V\" has not been defined", value);
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
@@ -366,50 +366,50 @@ ngx_http_auth_ldap_parse_url(ngx_conf_t *cf, ngx_http_auth_ldap_server_t *server
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
switch (rc) {
|
||||
case LDAP_URL_ERR_MEM:
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "LDAP: Cannot allocate memory space.");
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: Cannot allocate memory space.");
|
||||
break;
|
||||
|
||||
case LDAP_URL_ERR_PARAM:
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "LDAP: Invalid parameter.");
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: Invalid parameter.");
|
||||
break;
|
||||
|
||||
case LDAP_URL_ERR_BADSCHEME:
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "LDAP: URL doesnt begin with \"ldap[s]://\".");
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: URL doesnt begin with \"ldap[s]://\".");
|
||||
break;
|
||||
|
||||
case LDAP_URL_ERR_BADENCLOSURE:
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "LDAP: URL is missing trailing \">\".");
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: URL is missing trailing \">\".");
|
||||
break;
|
||||
|
||||
case LDAP_URL_ERR_BADURL:
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "LDAP: Invalid URL.");
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: Invalid URL.");
|
||||
break;
|
||||
|
||||
case LDAP_URL_ERR_BADHOST:
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "LDAP: Host port is invalid.");
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: Host port is invalid.");
|
||||
break;
|
||||
|
||||
case LDAP_URL_ERR_BADATTRS:
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "LDAP: Invalid or missing attributes.");
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: Invalid or missing attributes.");
|
||||
break;
|
||||
|
||||
case LDAP_URL_ERR_BADSCOPE:
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "LDAP: Invalid or missing scope string.");
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: Invalid or missing scope string.");
|
||||
break;
|
||||
|
||||
case LDAP_URL_ERR_BADFILTER:
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "LDAP: Invalid or missing filter.");
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: Invalid or missing filter.");
|
||||
break;
|
||||
|
||||
case LDAP_URL_ERR_BADEXTS:
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "LDAP: Invalid or missing extensions.");
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: Invalid or missing extensions.");
|
||||
break;
|
||||
}
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
if (server->ludpp->lud_attrs == NULL) {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "LDAP: No attrs in auth_ldap_url.");
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: No user attribute specified in auth_ldap_url.");
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
@@ -495,7 +495,7 @@ ngx_http_auth_ldap_parse_satisfy(ngx_conf_t *cf, ngx_http_auth_ldap_server_t *se
|
||||
return NGX_CONF_OK;
|
||||
}
|
||||
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "Incorrect value for auth_ldap_satisfy");
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "http_auth_ldap: Incorrect value for auth_ldap_satisfy");
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
@@ -535,7 +535,7 @@ ngx_http_auth_ldap_init_main_conf(ngx_conf_t *cf, void *parent)
|
||||
conf->cache_size = 100;
|
||||
}
|
||||
if (conf->cache_size < 100) {
|
||||
ngx_conf_log_error(NGX_LOG_ERR, cf, 0, "auth_ldap_cache_size cannot be smaller than 100 entries.");
|
||||
ngx_conf_log_error(NGX_LOG_ERR, cf, 0, "http_auth_ldap: auth_ldap_cache_size cannot be smaller than 100 entries.");
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
@@ -543,7 +543,7 @@ ngx_http_auth_ldap_init_main_conf(ngx_conf_t *cf, void *parent)
|
||||
conf->cache_expiration_time = 10000;
|
||||
}
|
||||
if (conf->cache_expiration_time < 1000) {
|
||||
ngx_conf_log_error(NGX_LOG_ERR, cf, 0, "auth_ldap_cache_expiration_time cannot be smaller than 1000 ms.");
|
||||
ngx_conf_log_error(NGX_LOG_ERR, cf, 0, "http_auth_ldap: auth_ldap_cache_expiration_time cannot be smaller than 1000 ms.");
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
@@ -764,11 +764,11 @@ ngx_http_auth_ldap_handler(ngx_http_request_t *r)
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP username: %V",
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Username is \"%V\"",
|
||||
&r->headers_in.user);
|
||||
if (r->headers_in.passwd.len == 0)
|
||||
{
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP password is empty");
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Password is empty");
|
||||
return ngx_http_auth_ldap_set_realm(r, &alcf->realm);
|
||||
}
|
||||
|
||||
@@ -803,7 +803,7 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
|
||||
|
||||
rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
|
||||
if (rc != LDAP_OPT_SUCCESS) {
|
||||
ngx_log_error(NGX_LOG_WARN, r->connection->log, 0, "LDAP: unable to set require cert option: %s",
|
||||
ngx_log_error(NGX_LOG_WARN, r->connection->log, 0, "http_auth_ldap: Unable to set require cert option: %s",
|
||||
ldap_err2string(rc));
|
||||
}
|
||||
|
||||
@@ -812,7 +812,7 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
|
||||
|
||||
if (ngx_http_auth_ldap_cache.buckets != NULL) {
|
||||
rc = ngx_http_auth_ldap_check_cache(r, ctx, &ngx_http_auth_ldap_cache, server);
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: Cached outcome %d", rc);
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Using cached outcome %d", rc);
|
||||
if (rc == 0) {
|
||||
continue;
|
||||
}
|
||||
@@ -824,7 +824,7 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
|
||||
rc = ngx_http_auth_ldap_authenticate_against_server(r, server, conf);
|
||||
|
||||
if ((rc == 0 || rc == 1) && ngx_http_auth_ldap_cache.buckets != NULL) {
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: Caching outcome %d", rc);
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Caching outcome %d", rc);
|
||||
ngx_http_auth_ldap_update_cache(ctx, &ngx_http_auth_ldap_cache, rc);
|
||||
}
|
||||
|
||||
@@ -861,26 +861,26 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: URL: %s", server->url.data);
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: URL is \"%s\"", server->url.data);
|
||||
|
||||
rc = ldap_initialize(&ld, (const char*) server->url.data);
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP: Session initializing failed: %d, %s, (%s)", rc,
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: Session initializing failed: %d, %s, (%s)", rc,
|
||||
ldap_err2string(rc), (const char*) server->url.data);
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: Session initialized", NULL);
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Session initialized", NULL);
|
||||
|
||||
/* Bind to the server */
|
||||
rc = ldap_simple_bind_s(ld, (const char *) server->bind_dn.data, (const char *) server->bind_dn_passwd.data);
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP [%s]: ldap_simple_bind_s error: %d, %s", server->url.data, rc,
|
||||
ldap_err2string(rc));
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: ldap_simple_bind_s(%s) error: %d, %s",
|
||||
server->url.data, rc, ldap_err2string(rc));
|
||||
ldap_unbind_s(ld);
|
||||
/* Do not throw 500 in case connection failure, multiple servers might be used for failover scenario */
|
||||
return 0;
|
||||
}
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: Bind successful", NULL);
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Bind successful", NULL);
|
||||
|
||||
if (server->require_valid_user_dn.value.data != NULL) {
|
||||
/* Construct user DN */
|
||||
@@ -899,14 +899,15 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
|
||||
ludpp->lud_filter != NULL ? ludpp->lud_filter : "(objectClass=*)",
|
||||
ludpp->lud_attrs[0], &r->headers_in.user);
|
||||
*p = 0;
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: filter %s", (const char*) filter);
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Search filter is \"%s\"",
|
||||
(const char*) filter);
|
||||
|
||||
/* Search the directory */
|
||||
rc = ldap_search_ext_s(ld, ludpp->lud_dn, ludpp->lud_scope, (const char*) filter, NULL, 0, NULL, NULL, &timeOut, 0,
|
||||
&searchResult);
|
||||
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP: ldap_search_ext_s: %d, %s", rc, ldap_err2string(rc));
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: ldap_search_ext_s: %d, %s", rc, ldap_err2string(rc));
|
||||
ldap_msgfree(searchResult);
|
||||
ldap_unbind_s(ld);
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
@@ -926,7 +927,7 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
|
||||
dn.len = ngx_strlen(ldn);
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: result DN %V", &dn);
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Found user DN \"%V\"", &dn);
|
||||
|
||||
/* Check require user */
|
||||
if (server->require_user != NULL) {
|
||||
@@ -939,7 +940,7 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: compare with: %V", &val);
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Comparing user DN with \"%V\"", &val);
|
||||
if (val.len == dn.len && ngx_memcmp(val.data, dn.data, val.len) == 0) {
|
||||
pass = 1;
|
||||
if (server->satisfy_all == 0) {
|
||||
@@ -974,12 +975,12 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: group compare with: %V", &val);
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Comparing user group with \"%V\"", &val);
|
||||
rc = ldap_compare_ext_s(ld, (const char *) val.data, (const char *) server->group_attribute.data,
|
||||
&bvalue, NULL, NULL);
|
||||
|
||||
/*if (rc != LDAP_COMPARE_TRUE && rc != LDAP_COMPARE_FALSE && rc != LDAP_NO_SUCH_ATTRIBUTE) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP: ldap_search_ext_s: %d, %s", rc,
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: ldap_search_ext_s: %d, %s", rc,
|
||||
ldap_err2string(rc));
|
||||
ldap_memfree(ldn);
|
||||
ldap_unbind_s(ld);
|
||||
@@ -1005,11 +1006,11 @@ static ngx_int_t ngx_http_auth_ldap_authenticate_against_server(ngx_http_request
|
||||
/* Bind user to the server */
|
||||
rc = ldap_simple_bind_s(ld, (const char *) dn.data, (const char *) r->headers_in.passwd.data);
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "LDAP: ldap_simple_bind_s error: %d, %s", rc,
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: ldap_simple_bind_s error: %d, %s", rc,
|
||||
ldap_err2string(rc));
|
||||
pass = 0;
|
||||
} else {
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: User bind successful", NULL);
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: User bind successful", NULL);
|
||||
if (server->require_valid_user == 1) pass = 1;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user