always debug the user dn role mapping
When debugging role mapping it is useful to know the actual user DN, which is only logged when something is actually mapped to the DN. Since this is logged at debug level, we should always log it. Original commit: elastic/x-pack-elasticsearch@b690c757d3
This commit is contained in:
parent
338e292d2f
commit
94ce98ad9f
|
@ -22,6 +22,7 @@ import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.nio.file.Files;
|
import java.nio.file.Files;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -168,9 +169,10 @@ public class DnRoleMapper {
|
||||||
Set<String> rolesMappedToUserDn = dnRoles.get(userDn);
|
Set<String> rolesMappedToUserDn = dnRoles.get(userDn);
|
||||||
if (rolesMappedToUserDn != null) {
|
if (rolesMappedToUserDn != null) {
|
||||||
roles.addAll(rolesMappedToUserDn);
|
roles.addAll(rolesMappedToUserDn);
|
||||||
if (logger.isDebugEnabled()) {
|
|
||||||
logger.debug("the roles [{}], are mapped from the user [{}] for realm [{}/{}]", roles, realmType, userDnString, realmType, config.name());
|
|
||||||
}
|
}
|
||||||
|
if (logger.isDebugEnabled()) {
|
||||||
|
logger.debug("the roles [{}], are mapped from the user [{}] for realm [{}/{}]",
|
||||||
|
(rolesMappedToUserDn == null) ? Collections.emptySet() : rolesMappedToUserDn, realmType, userDnString, realmType, config.name());
|
||||||
}
|
}
|
||||||
return roles;
|
return roles;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue