You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Scott McClanahan <sc...@trnswrks.com> on 2007/07/25 21:57:41 UTC
debug
I've inherited a tomcat 5.0.28 server setup to use ldap as an
authentication realm. In the server.xml I see this:
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
What are valid values for debug within a realm? Currently a massive
amount of ldap lookup and connection details are being logged and I
don't think it is necessary. Thanks.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: debug
Posted by Scott McClanahan <sc...@trnswrks.com>.
On Wed, 2007-07-25 at 22:19 +0200, Rainer Jung wrote:
> Hi Scott,
>
> your post subject is a little generic :)
>
> The code shows, that the various realm classes only log additional
> things for the following debug values:
>
> DataSourceRealm.java: debug >= 2
>
> JAASMemoryLoginModule.java: debug>0
>
> JDBCRealm.java: debug >= 2
>
> JNDIRealm.java: debug 1, 2, 3, 4
>
> UserDatabaseRealm.java: debug >= 2
>
> For the JNDIRalm possible log statements (without the surrounding
> context) are (no guarantees):
>
> debug >= 1
>
> "Closing directory context"
>
> "Connecting to URL " + connectionURL
>
> "Connecting to URL " + alternateURL
>
> debug >= 2
>
> "lookupUser(" + username + ")"
>
> sm.getString("jndiRealm.authenticateSuccess",
> user.username)
> sm.getString("jndiRealm.authenticateFailure",
> user.username)
>
> " getRoles(" + dn + ")"
>
> " Returning " + list.size() + " roles"
> " Found role " + list.get(i)
> " getRoles about to return null "
>
> debug >= 3
>
> " dn=" + dn
>
> " username not found"
>
> " entry found for " + username + " with dn " + dn
>
> " validating credentials"
>
> " validating credentials by binding as the user"
>
> " binding as " + dn
>
> " bind attempt failed"
>
> " Searching role base '" + roleBase + "' for attribute '" +
> roleName + "'"
> " With filter expression '" + filter + "'"
>
> " retrieving attribute " + attrId
>
> " retrieving values for attribute " + attrId
>
>
> debug > 3
>
> " Searching for " + username
> " base: " + userBase + " filter: " + filter
>
> HTH. TC 5.0 now is only under security maintenance. No real chance to
> get the logging in better shape. If you want to have a look at the
> class, it is
>
> container/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
>
> in a download, resp.
>
> http://svn.apache.org/repos/asf/tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
>
> in the subversion code repository.
>
> Regards,
>
> Rainer
>
> Scott McClanahan wrote:
> > I've inherited a tomcat 5.0.28 server setup to use ldap as an
> > authentication realm. In the server.xml I see this:
> >
> > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> >
> > What are valid values for debug within a realm? Currently a massive
> > amount of ldap lookup and connection details are being logged and I
> > don't think it is necessary. Thanks.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Thanks. You're the man! I'll remember your advice about the subject
line in the future.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: debug
Posted by Rainer Jung <ra...@kippdata.de>.
Hi Scott,
your post subject is a little generic :)
The code shows, that the various realm classes only log additional
things for the following debug values:
DataSourceRealm.java: debug >= 2
JAASMemoryLoginModule.java: debug>0
JDBCRealm.java: debug >= 2
JNDIRealm.java: debug 1, 2, 3, 4
UserDatabaseRealm.java: debug >= 2
For the JNDIRalm possible log statements (without the surrounding
context) are (no guarantees):
debug >= 1
"Closing directory context"
"Connecting to URL " + connectionURL
"Connecting to URL " + alternateURL
debug >= 2
"lookupUser(" + username + ")"
sm.getString("jndiRealm.authenticateSuccess",
user.username)
sm.getString("jndiRealm.authenticateFailure",
user.username)
" getRoles(" + dn + ")"
" Returning " + list.size() + " roles"
" Found role " + list.get(i)
" getRoles about to return null "
debug >= 3
" dn=" + dn
" username not found"
" entry found for " + username + " with dn " + dn
" validating credentials"
" validating credentials by binding as the user"
" binding as " + dn
" bind attempt failed"
" Searching role base '" + roleBase + "' for attribute '" +
roleName + "'"
" With filter expression '" + filter + "'"
" retrieving attribute " + attrId
" retrieving values for attribute " + attrId
debug > 3
" Searching for " + username
" base: " + userBase + " filter: " + filter
HTH. TC 5.0 now is only under security maintenance. No real chance to
get the logging in better shape. If you want to have a look at the
class, it is
container/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
in a download, resp.
http://svn.apache.org/repos/asf/tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
in the subversion code repository.
Regards,
Rainer
Scott McClanahan wrote:
> I've inherited a tomcat 5.0.28 server setup to use ldap as an
> authentication realm. In the server.xml I see this:
>
> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>
> What are valid values for debug within a realm? Currently a massive
> amount of ldap lookup and connection details are being logged and I
> don't think it is necessary. Thanks.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org