On 9/8/22 19:57, ThomasReim wrote:
From: Thomas Reim <reimth@xxxxxxxxx> automounter only provides very limited (debug) information when binding to LDAP directoiry services using OpenLDAP and Cyrus SASL library. LDAP based directory services are currently all improving their communication security. This leads to failed authentication binds because of security policy violations. Current logging capabilities of automounter make it difficult for system administrators to find the root cause of failed authentication binds in their networks. The following patch series is the result of the development and test activities to solve issue "Missing Support of SASL Sign or Seal using Data Security Layer" (see previous e-mails). Debug option -d of automounter has been extended to enable OpenLDAP libldap debugging by specifying a proper LDAP debug level (e. g. -d5). In addition, option -d now provides for a more comprehensive logging of SASL security settings. Please review and provide your comments or suggestions.
This looks good. The use of LOGOPT_NONE might cause a bit too much noise, but that's fine, we'll need to wait and see. There is a reason (user requests) the logging leans so heavily toward debugging but it's probably gone too far now. Ian
Thomas Reim (4): autofs-5.1.8 - improve debug logging of LDAP binds autofs-5.1.8 - improve debug logging of SASL binds autofs-5.1.8 - internal SASL logging only in debug log mode autofs-5.1.8 - more comprehensive verbose logging for LDAP maps daemon/automount.c | 31 ++++++++++++++++++++++++++----- daemon/lookup.c | 20 ++++++++++---------- include/log.h | 6 +++++- lib/log.c | 19 ++++++++++++++++++- man/automount.8 | 9 +++++++-- modules/cyrus-sasl.c | 37 +++++++++++++++++++++++++++++++++++-- modules/lookup_ldap.c | 41 +++++++++++++++++++++++++++++++++++++++-- 7 files changed, 140 insertions(+), 23 deletions(-)