chore: Enhance LDAP authentication logging (#156)
* chore: improve logs for ldap auth * docs: update release notes --------- Co-authored-by: hardy <luohf@infinilabs.com> Co-authored-by: silenceqi <silenceqi@hotmail.com>
This commit is contained in:
Hardy
GitHub
parent
183ebf037c
commit
df33fa006b
|
|
@ -24,6 +24,7 @@ Information about release notes of INFINI Console is provided here.
|
|||
- Update agent config with cluster name (#148)
|
||||
- Optimize UI of histogram and datepicker in discover (#151)
|
||||
- Support viewing logs for cluster, node, index health change events (#150)
|
||||
- Enhance LDAP authentication logging (#156)
|
||||
- Optimize UI for copying metric requests (#155)
|
||||
|
||||
## 1.28.2 (2025-02-15)
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ title: "版本历史"
|
|||
- 优化下发给 Agent 的配置,增加集群名称 (#148)
|
||||
- 优化柱状图和时间选择器的 UI (#151)
|
||||
- 集群,节点,索引健康状态变更支持查看日志 (#150)
|
||||
- 增强 LDAP 身份验证的日志记录 (#156)
|
||||
- 优化监控报表里拷贝指标请求的 UI (#155)
|
||||
|
||||
## 1.28.2 (2025-02-15)
|
||||
|
|
|
|||
|
|
@ -82,6 +82,9 @@ func (r *LDAPRealm) mapLDAPRoles(authInfo auth.Info) []string {
|
|||
}
|
||||
|
||||
//map group
|
||||
if len(authInfo.GetGroups()) == 0 {
|
||||
log.Debugf("LDAP uid: %v, user: %v, group: %v", uid, authInfo, authInfo.GetGroups())
|
||||
}
|
||||
for _, roleName := range authInfo.GetGroups() {
|
||||
newRoles, ok := r.config.RoleMapping.Group[roleName]
|
||||
if ok {
|
||||
|
|
|
|||
|
|
@ -77,9 +77,9 @@ func Init(config *config.Config) {
|
|||
|
||||
func Authenticate(username, password string) (bool, *rbac.User, error) {
|
||||
|
||||
for i, realm := range realms {
|
||||
for _, realm := range realms {
|
||||
ok, user, err := realm.Authenticate(username, password)
|
||||
log.Debugf("authenticate result: %v, user: %v, err: %v, realm: %v", ok, user, err, i)
|
||||
log.Debugf("authenticate result: %v, user: %v, err: %v, realm: %v", ok, user, err, realm.GetType())
|
||||
if ok && user != nil && err == nil {
|
||||
return true, user, nil
|
||||
}
|
||||
|
|
@ -92,14 +92,14 @@ func Authenticate(username, password string) (bool, *rbac.User, error) {
|
|||
|
||||
func Authorize(user *rbac.User) (bool, error) {
|
||||
|
||||
for i, realm := range realms {
|
||||
for _, realm := range realms {
|
||||
//skip if not the same auth provider, TODO: support cross-provider authorization
|
||||
if user.AuthProvider != realm.GetType() {
|
||||
continue
|
||||
}
|
||||
|
||||
ok, err := realm.Authorize(user)
|
||||
log.Debugf("authorize result: %v, user: %v, err: %v, realm: %v", ok, user, err, i)
|
||||
log.Debugf("authorize result: %v, user: %v, err: %v, realm: %v", ok, user, err, realm.GetType())
|
||||
if ok && err == nil {
|
||||
//return on any success, TODO, maybe merge all roles and privileges from all realms
|
||||
return true, nil
|
||||
|
|
|
|||
Loading…
Reference in New Issue