honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[ldap] improve logging of exceptions during authentication 

Any exception caught during authentication is only logged if DEBUG is enabled.
This changes the behavior to log these exceptions are WARN with the exception
message only or at DEBUG with the full exception.

The user template ldap implementation could potentially cause a lot of
logging to be generated because it always prints the full exception at WARN
level. This changes it to print the message at WARN level and the exception
at DEBUG.

Original commit: elastic/x-pack-elasticsearch@c607567d88
This commit is contained in:
jaymode 2015-03-05 09:29:09 -05:00
parent 3829d8e7a3
commit f0f4973ac3
3 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java
View File

@ -93,7 +93,7 @@ public class ActiveDirectorySessionFactory extends SessionFactory {
try {
connection = ldapServerSet.getConnection();
} catch (LDAPException e) {
throw new ActiveDirectoryException("failed to connect to any active directory servers");
throw new ActiveDirectoryException("failed to connect to any active directory servers", e);
}
String userPrincipal = userName + "@" + domainName;

7
src/main/java/org/elasticsearch/shield/authc/ldap/LdapSessionFactory.java
View File

@ -94,7 +94,12 @@ public class LdapSessionFactory extends SessionFactory {
connection.bind(dn, passwordString);
return new LdapSession(connectionLogger, connection, dn, groupResolver, timeout);
} catch (LDAPException e) {
logger.warn("failed LDAP authentication with user template [{}] and DN [{}]", e, template, dn);
if (logger.isDebugEnabled()) {
logger.debug("failed LDAP authentication with user template [{}] and DN [{}]", e, template, dn);
} else {
logger.warn("failed LDAP authentication with user template [{}] and DN [{}]: {}", template, dn, e.getMessage());
}
lastException = e;
}
}

7
src/main/java/org/elasticsearch/shield/authc/ldap/support/AbstractLdapRealm.java
View File

@ -46,6 +46,13 @@ public abstract class AbstractLdapRealm extends CachingUsernamePasswordRealm {
} catch (Throwable e) {
if (logger.isDebugEnabled()) {
logger.debug("authentication failed for user [{}]", e, token.principal());
} else {
String causeMessage = (e.getCause() == null) ? null : e.getCause().getMessage();
if (causeMessage == null) {
logger.warn("authentication failed for user [{}]: {}", token.principal(), e.getMessage());
} else {
logger.warn("authentication failed for user [{}]: {}\ncause: {}: {}", token.principal(), e.getMessage(), e.getCause().getClass().getName(), causeMessage);
}
}
return null;
}