You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2015/12/23 20:58:46 UTC

[jira] [Resolved] (KNOX-517) Add logging for failed LDAPs connections

     [ https://issues.apache.org/jira/browse/KNOX-517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Minder resolved KNOX-517.
-------------------------------
    Resolution: Fixed

The audit log now contains this.
{code}
15/12/23 14:57:41 ||eef8a6df-5e3a-425f-bc0e-ab32c5cf446e|audit|KNOX||||access|uri|/gateway/admin/api/v1/version|unavailable|Request method: GET
15/12/23 14:57:41 ||eef8a6df-5e3a-425f-bc0e-ab32c5cf446e|audit|KNOX||||authentication|principal|admin|failure|LDAP naming error while attempting to authenticate user.
15/12/23 14:57:41 ||eef8a6df-5e3a-425f-bc0e-ab32c5cf446e|audit|KNOX||||access|uri|/gateway/admin/api/v1/version|success|Response status: 401
{code}

> Add logging for failed LDAPs connections
> ----------------------------------------
>
>                 Key: KNOX-517
>                 URL: https://issues.apache.org/jira/browse/KNOX-517
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 0.5.0
>         Environment: RHEL 6 - Java 7 - Active Directory
>            Reporter: Kristopher Kane
>             Fix For: 0.7.0
>
>
> Nothing is logged when an LDAPs failure occurs.  The below logging is all that is received when the JRE's keystore is missing the LDAPs certificate:
> 2015-03-08 15:38:15,848 DEBUG ldap.JndiLdapRealm (JndiLdapRealm.java:queryForAuthenticationInfo(369)) - Authenticating user 'USER' through LDAP
> 2015-03-08 15:38:15,849 DEBUG ldap.JndiLdapContextFactory (JndiLdapContextFactory.java:getLdapContext(488)) - Initializing LDAP context using URL [ldaps://ldapshost.com:636] and principal [CN=ldap-auth-user,OU=People,DC=corp,DC=com] with pooling enabled
> 2015-03-08 15:38:15,947 DEBUG servlet.SimpleCookie (SimpleCookie.java:addCookieHeader(226)) - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/gateway/clustername; Max-Age=0; Expires=Sat, 07-Mar-2015 20:38:15 GMT]
> 2015-03-08 15:38:15,948 DEBUG authc.BasicHttpAuthenticationFilter (BasicHttpAuthenticationFilter.java:sendChallenge(274)) - Authentication required: sending 401 Authentication challenge response.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)