Merge pull request #29 from NaturalHistoryMuseum/debug_and_trace_levels

Debug and trace levels
NaturalHistoryMuseum · Jan 29, 2018 · 800ec2f · 800ec2f
2 parents afa162d + 90bc2bd
commit 800ec2f
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -55,7 +55,9 @@ In addition the plugin provides the following optional configuration items:
 - `ckanext.ldap.search.alt`: An alternative search string for the LDAP filter. If this is present and the search using `ckanext.ldap.search.filter` returns exactly 0 results, then a search using this filter will be performed. If this search returns exactly one result, then it will be accepted. You can use this for example in Active Directory to match against both username and fullname by setting `ckanext.ldap.search.filter` to  'sAMAccountName={login}' and `ckanext.ldap.search.alt` to 'name={login}'
                      The approach of using two separate filter strings (rather than one with an or statement) ensures that priority will always be given to the unique id match. `ckanext.ldap.search.alt` however can  be used to match against more than one field. For example you could match against either the full name or the email address by setting `ckanext.ldap.search.alt` to '(|(name={login})(mail={login}))'.
 - `ckanext.ldap.search.alt_msg`: A message that is output to the user when the search on `ckanext.ldap.search.filter` returns 0 results, and the search on `ckanext.ldap.search.alt` returns more than one result. Example: 'Please use your short account name instead'.
--  `ckanext.ldap.migrate` :  If defined and true this will change an existing CKAN user with the same username to an LDAP user. Otherwise, an exception `UserConflictError`is raised if LDAP-login with an already existing local CKAN username is attempted. This option provides a migration path from local CKAN authentication to LDAP authentication: Rename all users to their LDAP usernames and instruct them to login with their LDAP credentials. Migration then happens transparently.
+- `ckanext.ldap.migrate` :  If defined and true this will change an existing CKAN user with the same username to an LDAP user. Otherwise, an exception `UserConflictError`is raised if LDAP-login with an already existing local CKAN username is attempted. This option provides a migration path from local CKAN authentication to LDAP authentication: Rename all users to their LDAP usernames and instruct them to login with their LDAP credentials. Migration then happens transparently.
+- `ckanext.ldap.debug_level`: Default value 0 (no logging). [More information](https://www.python-ldap.org/en/python-ldap-3.0.0b1/reference/ldap.html?highlight=debug_level#ldap.OPT_DEBUG_LEVEL).
+- `ckanext.ldap.trace_level`: Default value 0 (no logging). [More information](https://www.python-ldap.org/en/python-ldap-3.0.0b1/reference/ldap.html?highlight=trace_level#ldap.initialize).
 
 
 **Note**: Configuration options without the `ckanext.` prefix are deprecated and will be eventually removed. Please update your settings if you are using them.

diff --git a/ckanext/ldap/controllers/user.py b/ckanext/ldap/controllers/user.py
@@ -23,6 +23,10 @@ class UserConflictError(Exception):
 
 
 class UserController(p.toolkit.BaseController):
+
+    def __init__(self):
+        ldap.set_option(ldap.OPT_DEBUG_LEVEL, config['ckanext.ldap.debug_level'])
+
     def login_handler(self):
         """Action called when login in via the LDAP login form"""
         params = request.POST
@@ -199,7 +203,8 @@ def _find_ldap_user(login):
     @param login: The login to find in the LDAP database
     @return: None if no user is found, a dictionary defining 'cn', 'username', 'fullname' and 'email otherwise.
     """
-    cnx = ldap.initialize(config['ckanext.ldap.uri'], bytes_mode=False)
+    cnx = ldap.initialize(config['ckanext.ldap.uri'], bytes_mode=False,
+                          trace_level=config['ckanext.ldap.trace_level'])
     if config.get('ckanext.ldap.auth.dn'):
         try:
             if config['ckanext.ldap.auth.method'] == 'SIMPLE':
@@ -306,7 +311,8 @@ def _check_ldap_password(cn, password):
     @param password: Password for cn
     @return: True on success, False on failure
     """
-    cnx = ldap.initialize(config['ckanext.ldap.uri'], bytes_mode=False)
+    cnx = ldap.initialize(config['ckanext.ldap.uri'], bytes_mode=False,
+                          trace_level=config['ckanext.ldap.trace_level'])
     try:
         cnx.bind_s(cn, password)
     except ldap.SERVER_DOWN:

diff --git a/ckanext/ldap/plugin.py b/ckanext/ldap/plugin.py
@@ -74,7 +74,9 @@ def configure(self, main_config):
             'ckanext.ldap.organization.role': {'default': 'member', 'validate': _allowed_roles},
             'ckanext.ldap.ckan_fallback': {'default': False, 'parse': p.toolkit.asbool},
             'ckanext.ldap.prevent_edits': {'default': False, 'parse': p.toolkit.asbool},
-            'ckanext.ldap.migrate': {'default': False, 'parse': p.toolkit.asbool}
+            'ckanext.ldap.migrate': {'default': False, 'parse': p.toolkit.asbool},
+            'ckanext.ldap.debug_level': {'default': 0, 'parse': p.toolkit.asint},
+            'ckanext.ldap.trace_level': {'default': 0, 'parse': p.toolkit.asint},
         }
         errors = []
         for i in schema: