Add LDAP logging (#40036) (#40042)

Co-authored-by: Noah Moss <32746338+noahmoss@users.noreply.github.com>

Add LDAP logging (#40036) (#40042)
e7ecc32c · metabase-bot[bot] · GitHub · 66b0ea0f · e7ecc32c · e7ecc32c
Unverified Commit e7ecc32c authored 1 year ago by metabase-bot[bot] Committed by GitHub 1 year ago
--- a/src/metabase/integrations/ldap.clj
+++ b/src/metabase/integrations/ldap.clj
@@ -9,6 +9,7 @@
   [metabase.plugins.classloader :as classloader]
   [metabase.util :as u]
   [metabase.util.i18n :refer [deferred-tru tru]]
+   [metabase.util.log :as log]
   [metabase.util.malli :as mu]
   [metabase.util.malli.schema :as ms])
  (:import
@@ -155,8 +156,15 @@

 (defn- get-connection
  "Connects to LDAP with the currently set settings and returns the connection."
-  ^LDAPConnectionPool []
-  (ldap/connect (settings->ldap-options)))
+  ^LDAPConnectionPool
+  []
+  (let [options (settings->ldap-options)]
+    (log/debugf "Opening LDAP connection with options %s" (u/pprint-to-str options))
+    (try
+      (ldap/connect options)
+      (catch LDAPException e
+        (log/errorf "Failed to obtain LDAP connection: %s" (.getMessage e))
+        (throw e)))))

 (defn do-with-ldap-connection
  "Impl for [[with-ldap-connection]] macro."
@@ -202,10 +210,13 @@
             group-base-error)
           (catch Exception _e
             group-base-error)))
+       (log/debug "LDAP connection test successful")
       {:status :SUCCESS}))
    (catch LDAPException e
+       (log/debugf "LDAP connection test failed: " (.getMessage e))
      {:status :ERROR, :message (.getMessage e), :code (.getResultCode e)})
    (catch Exception e
+      (log/debugf "LDAP connection test failed: " (.getMessage e))
      {:status :ERROR, :message (.getMessage e)})))

 (defn test-current-ldap-details

--- a/src/metabase/integrations/ldap/default_implementation.clj
+++ b/src/metabase/integrations/ldap/default_implementation.clj
@@ -5,8 +5,10 @@
   [clojure.string :as str]
   [metabase.integrations.common :as integrations.common]
   [metabase.models.user :as user :refer [User]]
-   [metabase.public-settings.premium-features :refer [defenterprise-schema]]
+   [metabase.public-settings.premium-features
+    :refer [defenterprise-schema]]
   [metabase.util :as u]
+   [metabase.util.log :as log]
   [metabase.util.malli :as mu]
   [metabase.util.malli.schema :as ms]
   [toucan2.core :as t2])
@@ -51,14 +53,21 @@
  [ldap-connection                 :- (ms/InstanceOfClass LDAPConnectionPool)
   username                        :- ms/NonBlankString
   {:keys [user-base user-filter]} :- LDAPSettings]
-  (some-> (first
-           (ldap/search
-            ldap-connection
-            user-base
-            {:scope      :sub
-             :filter     (str/replace user-filter filter-placeholder (Filter/encodeValue ^String username))
-             :size-limit 1}))
-          u/lower-case-map-keys))
+  (let [options {:scope      :sub
+                 :filter     (str/replace user-filter filter-placeholder (Filter/encodeValue ^String username))
+                 :size-limit 1}]
+    (log/debugf "Searching for LDAP user %s with user search base %s and options %s"
+                username
+                user-base
+                (u/pprint-to-str options))
+    (let [search-result (ldap/search
+                         ldap-connection
+                         user-base
+                         {:scope      :sub
+                          :filter     (str/replace user-filter filter-placeholder (Filter/encodeValue ^String username))
+                          :size-limit 1})]
+      (log/debugf "LDAP search results: %s" (u/pprint-to-str search-result))
+      (some-> (first search-result) u/lower-case-map-keys))))

 (mu/defn ^:private process-group-membership-filter :- ms/NonBlankString
  "Replace DN and UID placeholders with values returned by the LDAP server."