More LDAP debugging

author Arran Cudbard-Bell <a.cudbardb@freeradius.org>

Tue, 17 Jun 2025 16:54:47 +0000 (12:54 -0400)

committer Nick Porter <nick@portercomputing.co.uk>

Wed, 18 Jun 2025 12:53:21 +0000 (13:53 +0100)
author Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Tue, 17 Jun 2025 16:54:47 +0000 (12:54 -0400)
committer Nick Porter <nick@portercomputing.co.uk>
Wed, 18 Jun 2025 12:53:21 +0000 (13:53 +0100)
diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c

index dcb889b5d3a23bdf49d1d526e268412b66326425..46579727ae5c1be4493c7c574b9e202f66428cb2 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -986,8 +986,10 @@ static unlang_action_t ldap_group_xlat_results(unlang_result_t *p_result, reques
                 if (!xlat_ctx->dn) xlat_ctx->dn = rlm_find_user_dn_cached(request);
                 if (!xlat_ctx->dn) RETURN_UNLANG_FAIL;
  
+               RDEBUG3("Entered GROUP_XLAT_FIND_USER with user DN \"%s\"", xlat_ctx->dn);
                 if (inst->group.obj_membership_filter) {
                         REPEAT_LDAP_MEMBEROF_XLAT_RESULTS;
+                       RDEBUG3("Checking for user in group objects");
                         if (rlm_ldap_check_groupobj_dynamic(p_result, request, xlat_ctx) == UNLANG_ACTION_PUSHED_CHILD) {
                                 xlat_ctx->status = GROUP_XLAT_MEMB_FILTER;
                                 return UNLANG_ACTION_PUSHED_CHILD;
@@ -998,6 +1000,7 @@ static unlang_action_t ldap_group_xlat_results(unlang_result_t *p_result, reques
         case GROUP_XLAT_MEMB_FILTER:
                 if (xlat_ctx->found) RETURN_UNLANG_OK;
  
+               RDEBUG3("Entered GROUP_XLAT_MEMB_FILTER with user DN \"%s\"", xlat_ctx->dn);
                 if (inst->group.userobj_membership_attr) {
                         REPEAT_LDAP_MEMBEROF_XLAT_RESULTS;
                         if (rlm_ldap_check_userobj_dynamic(p_result, request, xlat_ctx) == UNLANG_ACTION_PUSHED_CHILD) {
@@ -1008,6 +1011,7 @@ static unlang_action_t ldap_group_xlat_results(unlang_result_t *p_result, reques
                 FALL_THROUGH;
  
         case GROUP_XLAT_MEMB_ATTR:
+               RDEBUG3("Entered GROUP_XLAT_MEMB_ATTR with user DN \"%s\"", xlat_ctx->dn);
                 if (xlat_ctx->found) RETURN_UNLANG_OK;
                 break;
         }
diff --git a/src/tests/modules/ldap/groups_rfc2307bis.unlang b/src/tests/modules/ldap/groups_rfc2307bis.unlang

index 341fb45e3c773d8cbe1c5f2f6c5626dea2011cae..1a4c79462423f57e960a5ad342680c7e38639c8c 100644 (file)
--- a/src/tests/modules/ldap/groups_rfc2307bis.unlang
+++ b/src/tests/modules/ldap/groups_rfc2307bis.unlang
@@ -6,6 +6,9 @@
  #
  #  Resolve using group name attribute
  #
+
+# John is a member of group foo, via a "member" attribute in that group
+# he is not a member via the "memberOf" attribute in his user entry!
  if !(%ldap.group("foo")) {
          test_fail
  }
author	Arran Cudbard-Bell <a.cudbardb@freeradius.org>
	Tue, 17 Jun 2025 16:54:47 +0000 (12:54 -0400)
committer	Nick Porter <nick@portercomputing.co.uk>
	Wed, 18 Jun 2025 12:53:21 +0000 (13:53 +0100)
src/modules/rlm_ldap/rlm_ldap.c		patch \| blob \| blame \| history
src/tests/modules/ldap/groups_rfc2307bis.unlang		patch \| blob \| blame \| history