Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: ldap_log_file has unreadable output #50859

Open
5 of 8 tasks
applekeeper-cat opened this issue Feb 17, 2025 · 2 comments
Open
5 of 8 tasks

[Bug]: ldap_log_file has unreadable output #50859

applekeeper-cat opened this issue Feb 17, 2025 · 2 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 29-feedback bug feature: ldap feature: logging

Comments

@applekeeper-cat
Copy link

applekeeper-cat commented Feb 17, 2025
edited
Loading

⚠️ This issue respects the following points: ⚠️

Bug description

ldap_log_file outputs a lot of "(resource)" where data is expected instead.

Steps to reproduce

  1. Enable the ldap_log_file config option
  2. Click "Verify settings and count the groups" in LDAP integration settings or do something else that provokes LDAP requests
  3. Observe the ldap_log_file

Expected behavior

Readable ldap_first_entry, ldap_get_entries, ldap_parse_result, etc.

Nextcloud Server version

29

Operating system

Other

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***sensitive data removed manually***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "29.0.6.1",
        "overwrite.cli.url": "http:\/\/localhost",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "auth.webauthn.enabled": false,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "maintenance": false,
        "loglevel": 0,
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "ldap_log_file": "\/opt\/nextcloud\/nextcloud\/ldap.log"
    }
}

List of activated Apps

Enabled:
  - activity: 2.21.1
  - circles: 29.0.0-dev
  - cloud_federation_api: 1.12.0
  - comments: 1.19.0
  - contactsinteraction: 1.10.0
  - dashboard: 7.9.0
  - dav: 1.30.1
  - federatedfilesharing: 1.19.0
  - federation: 1.19.0
  - files: 2.1.1
  - files_downloadlimit: 2.0.0
  - files_pdfviewer: 2.10.0
  - files_reminders: 1.2.0
  - files_sharing: 1.21.0
  - files_trashbin: 1.19.0
  - files_versions: 1.22.0
  - firstrunwizard: 2.18.0
  - logreader: 2.14.0
  - lookup_server_connector: 1.17.0
  - nextcloud_announcements: 1.18.0
  - notifications: 2.17.0
  - oauth2: 1.17.0
  - password_policy: 1.19.0
  - photos: 2.5.0
  - privacy: 1.13.0
  - provisioning_api: 1.19.0
  - recommendations: 2.1.0
  - related_resources: 1.4.0
  - serverinfo: 1.19.0
  - settings: 1.12.0
  - sharebymail: 1.19.0
  - support: 1.12.0
  - survey_client: 1.17.0
  - systemtags: 1.19.0
  - text: 3.10.1
  - theming: 2.4.0
  - twofactor_backupcodes: 1.18.0
  - updatenotification: 1.19.1
  - user_ldap: 1.20.0
  - user_status: 1.9.0
  - viewer: 2.3.0
  - weather_status: 1.9.0
  - workflowengine: 2.11.0
Disabled:
  - admin_audit: 1.19.0
  - bruteforcesettings: 2.9.0
  - encryption: 2.17.0
  - files_external: 1.21.0
  - suspicious_login: 7.0.0
  - twofactor_totp: 11.0.0-dev

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

ldap_connect::["ldap:\/\/***sensitive data removed manually***:636"]
ldap_set_option::["(resource)",17,3]
ldap_set_option::["(resource)",8,0]
ldap_set_option::["(resource)",20485,"15"]
ldap_bind::["(resource)","***sensitive data removed manually***","***sensitive data removed manually***"]
ldap_search::["(resource)","***sensitive data removed manually***","(&(objectclass=*)(cn=admin))",["entryuuid","nsuniqueid","obj
ectguid","guid","ipauniqueid","dn","uid","samaccountname","memberof","mail","displayname","jpegphoto","thumbnailph
oto"],0,0,-1,0,[{"oid":"***sensitive data removed manually***","value":{"size":500,"cookie":""},"iscritical":false}]]
ldap_errno::["(resource)"]
ldap_get_entries::["(resource)","(resource)"]
ldap_parse_result::["(resource)","(resource)"]
ldap_search::["(resource)","***sensitive data removed manually***","(&(|(objectclass=person))(|(uid=admin)(|(mailPrimaryAddress=
admin)(mail=admin))))",["entryuuid","nsuniqueid","objectguid","guid","ipauniqueid","dn","uid","samaccountname","me
mberof","mail","displayname","jpegphoto","thumbnailphoto"],0,0,-1,0,[{"oid":"1.2.840.113556.1.4.319","value":{"siz
e":500,"cookie":""},"iscritical":false}]]
ldap_errno::["(resource)"]
ldap_get_entries::["(resource)","(resource)"]
ldap_parse_result::["(resource)","(resource)"]
ldap_explode_dn::["***sensitive data removed manually***",0]
ldap_search::["(resource)","***sensitive data removed manually***","(&(objectclass=*)(cn=admin))",["entryuuid","nsuniqueid","obj
ectguid","guid","ipauniqueid","dn","uid","samaccountname","memberof","mail","displayname","jpegphoto","thumbnailph
oto"],0,0,-1,0,[{"oid":"1.2.840.113556.1.4.319","value":{"size":500,"cookie":""},"iscritical":false}]]
ldap_errno::["(resource)"]

Additional info

OS: Alt Linux Server 10.4
@applekeeper-cat applekeeper-cat added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Feb 17, 2025
@joshtrichards
Copy link
Member

If you use the approach for ldap troubleshooting described here I believe more will be visible since it doesn't exclude resources and objects:

https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html#logging

The ldap_log_file method excludes resources and objects. In many cases the resource is just the connection itself (though definitely not all cases).

To be honest I'm not sure at the moment why there are two distinct logging/debugging approaches for ldap.

Cc: @come-nc, @nickvergessen, @blizzz

@blizzz
Copy link
Member

blizzz commented Feb 18, 2025

In many cases the resource is just the connection itself (though definitely not all cases).

Yes, either the connection, or one of the result resources or similar, but there is nothing else that can be displayed. Those are used to interact with that and e.g. pull out results by dedicated methods. Similar to any database result resource.

To be honest I'm not sure at the moment why there are two distinct logging/debugging approaches for ldap.

These are complete traces of which methods are being called, while the regular log does not contain everything, and would be overflooded even with a debug setting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 29-feedback bug feature: ldap feature: logging
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joshtrichards @blizzz @applekeeper-cat