chore: Enhance LDAP authentication logging (#156)
* chore: improve logs for ldap auth * docs: update release notes --------- Co-authored-by: hardy <luohf@infinilabs.com> Co-authored-by: silenceqi <silenceqi@hotmail.com>
This commit is contained in:
Hardy
GitHub
parent
183ebf037c
commit
df33fa006b
|
|
@ -24,6 +24,7 @@ Information about release notes of INFINI Console is provided here.
|
||||||
- Update agent config with cluster name (#148)
|
- Update agent config with cluster name (#148)
|
||||||
- Optimize UI of histogram and datepicker in discover (#151)
|
- Optimize UI of histogram and datepicker in discover (#151)
|
||||||
- Support viewing logs for cluster, node, index health change events (#150)
|
- Support viewing logs for cluster, node, index health change events (#150)
|
||||||
|
- Enhance LDAP authentication logging (#156)
|
||||||
- Optimize UI for copying metric requests (#155)
|
- Optimize UI for copying metric requests (#155)
|
||||||
|
|
||||||
## 1.28.2 (2025-02-15)
|
## 1.28.2 (2025-02-15)
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@ title: "版本历史"
|
||||||
- 优化下发给 Agent 的配置,增加集群名称 (#148)
|
- 优化下发给 Agent 的配置,增加集群名称 (#148)
|
||||||
- 优化柱状图和时间选择器的 UI (#151)
|
- 优化柱状图和时间选择器的 UI (#151)
|
||||||
- 集群,节点,索引健康状态变更支持查看日志 (#150)
|
- 集群,节点,索引健康状态变更支持查看日志 (#150)
|
||||||
|
- 增强 LDAP 身份验证的日志记录 (#156)
|
||||||
- 优化监控报表里拷贝指标请求的 UI (#155)
|
- 优化监控报表里拷贝指标请求的 UI (#155)
|
||||||
|
|
||||||
## 1.28.2 (2025-02-15)
|
## 1.28.2 (2025-02-15)
|
||||||
|
|
|
||||||
|
|
@ -82,6 +82,9 @@ func (r *LDAPRealm) mapLDAPRoles(authInfo auth.Info) []string {
|
||||||
}
|
}
|
||||||
|
|
||||||
//map group
|
//map group
|
||||||
|
if len(authInfo.GetGroups()) == 0 {
|
||||||
|
log.Debugf("LDAP uid: %v, user: %v, group: %v", uid, authInfo, authInfo.GetGroups())
|
||||||
|
}
|
||||||
for _, roleName := range authInfo.GetGroups() {
|
for _, roleName := range authInfo.GetGroups() {
|
||||||
newRoles, ok := r.config.RoleMapping.Group[roleName]
|
newRoles, ok := r.config.RoleMapping.Group[roleName]
|
||||||
if ok {
|
if ok {
|
||||||
|
|
|
||||||
|
|
@ -77,9 +77,9 @@ func Init(config *config.Config) {
|
||||||
|
|
||||||
func Authenticate(username, password string) (bool, *rbac.User, error) {
|
func Authenticate(username, password string) (bool, *rbac.User, error) {
|
||||||
|
|
||||||
for i, realm := range realms {
|
for _, realm := range realms {
|
||||||
ok, user, err := realm.Authenticate(username, password)
|
ok, user, err := realm.Authenticate(username, password)
|
||||||
log.Debugf("authenticate result: %v, user: %v, err: %v, realm: %v", ok, user, err, i)
|
log.Debugf("authenticate result: %v, user: %v, err: %v, realm: %v", ok, user, err, realm.GetType())
|
||||||
if ok && user != nil && err == nil {
|
if ok && user != nil && err == nil {
|
||||||
return true, user, nil
|
return true, user, nil
|
||||||
}
|
}
|
||||||
|
|
@ -92,14 +92,14 @@ func Authenticate(username, password string) (bool, *rbac.User, error) {
|
||||||
|
|
||||||
func Authorize(user *rbac.User) (bool, error) {
|
func Authorize(user *rbac.User) (bool, error) {
|
||||||
|
|
||||||
for i, realm := range realms {
|
for _, realm := range realms {
|
||||||
//skip if not the same auth provider, TODO: support cross-provider authorization
|
//skip if not the same auth provider, TODO: support cross-provider authorization
|
||||||
if user.AuthProvider != realm.GetType() {
|
if user.AuthProvider != realm.GetType() {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
ok, err := realm.Authorize(user)
|
ok, err := realm.Authorize(user)
|
||||||
log.Debugf("authorize result: %v, user: %v, err: %v, realm: %v", ok, user, err, i)
|
log.Debugf("authorize result: %v, user: %v, err: %v, realm: %v", ok, user, err, realm.GetType())
|
||||||
if ok && err == nil {
|
if ok && err == nil {
|
||||||
//return on any success, TODO, maybe merge all roles and privileges from all realms
|
//return on any success, TODO, maybe merge all roles and privileges from all realms
|
||||||
return true, nil
|
return true, nil
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue