Re: [PATCH 0/4] Improve SASL and LDAP (Debug) Logging

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 9/8/22 19:57, ThomasReim wrote:
From: Thomas Reim <reimth@xxxxxxxxx>

automounter only provides very limited (debug) information when binding
to LDAP directoiry services using OpenLDAP and Cyrus SASL library. LDAP
based directory services are currently all improving their communication
security. This leads to failed authentication binds because of security
policy violations. Current logging capabilities of automounter make it
difficult for system administrators to find the root cause of failed
authentication binds in their networks.

The following patch series is the result of the development and test
activities to solve issue "Missing Support of SASL Sign or Seal using Data
Security Layer" (see previous e-mails). Debug option -d of automounter has
been extended to enable OpenLDAP libldap debugging by specifying a proper
LDAP debug level (e. g. -d5). In addition, option -d now provides for
a more comprehensive logging of SASL security settings.

Please review and provide your comments or suggestions.

This looks good.


The use of LOGOPT_NONE might cause a bit too much noise, but that's

fine, we'll need to wait and see. There is a reason (user requests)

the logging leans so heavily toward debugging but it's probably

gone too far now.


Ian


Thomas Reim (4):
   autofs-5.1.8 - improve debug logging of LDAP binds
   autofs-5.1.8 - improve debug logging of SASL binds
   autofs-5.1.8 - internal SASL logging only in debug log mode
   autofs-5.1.8 - more comprehensive verbose logging for LDAP maps

  daemon/automount.c    | 31 ++++++++++++++++++++++++++-----
  daemon/lookup.c       | 20 ++++++++++----------
  include/log.h         |  6 +++++-
  lib/log.c             | 19 ++++++++++++++++++-
  man/automount.8       |  9 +++++++--
  modules/cyrus-sasl.c  | 37 +++++++++++++++++++++++++++++++++++--
  modules/lookup_ldap.c | 41 +++++++++++++++++++++++++++++++++++++++--
  7 files changed, 140 insertions(+), 23 deletions(-)




[Index of Archives]     [Linux Filesystem Development]     [Linux Ext4]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux