KEYCLOAK-886 Reduce some LDAP info logging to trace and debug

This commit is contained in:
mposolda 2015-06-08 17:39:13 +02:00
parent 7badd3d5e5
commit 80ff7b92db
6 changed files with 24 additions and 29 deletions

View file

@ -1,7 +1,5 @@
package org.keycloak.federation.ldap.idm.query.internal; package org.keycloak.federation.ldap.idm.query.internal;
import java.util.List;
import org.keycloak.federation.ldap.idm.query.Condition; import org.keycloak.federation.ldap.idm.query.Condition;
import org.keycloak.federation.ldap.idm.query.QueryParameter; import org.keycloak.federation.ldap.idm.query.QueryParameter;

View file

@ -181,8 +181,8 @@ public class LDAPIdentityStore implements IdentityStore {
public boolean validatePassword(LDAPObject user, String password) { public boolean validatePassword(LDAPObject user, String password) {
String userDN = user.getDn().toString(); String userDN = user.getDn().toString();
if (logger.isDebugEnabled()) { if (logger.isTraceEnabled()) {
logger.debugf("Using DN [%s] for authentication of user", userDN); logger.tracef("Using DN [%s] for authentication of user", userDN);
} }
if (operationManager.authenticate(userDN, password)) { if (operationManager.authenticate(userDN, password)) {
@ -259,7 +259,9 @@ public class LDAPIdentityStore implements IdentityStore {
filter.append(getObjectClassesFilter(identityQuery.getObjectClasses())); filter.append(getObjectClassesFilter(identityQuery.getObjectClasses()));
filter.append(")"); filter.append(")");
logger.infof("Using filter for LDAP search: %s", filter); if (logger.isTraceEnabled()) {
logger.tracef("Using filter for LDAP search: %s . Searching in DN: %s", filter, identityQuery.getSearchDn());
}
return filter; return filter;
} }
@ -378,10 +380,6 @@ public class LDAPIdentityStore implements IdentityStore {
ldapObject.setDn(dn); ldapObject.setDn(dn);
ldapObject.setRdnAttributeName(dn.getFirstRdnAttrName()); ldapObject.setRdnAttributeName(dn.getFirstRdnAttrName());
if (logger.isTraceEnabled()) {
logger.tracef("Populating LDAP Object from DN [%s]", entryDN);
}
NamingEnumeration<? extends Attribute> ldapAttributes = attributes.getAll(); NamingEnumeration<? extends Attribute> ldapAttributes = attributes.getAll();
// Exact name of attributes might be different // Exact name of attributes might be different
@ -415,9 +413,6 @@ public class LDAPIdentityStore implements IdentityStore {
if (ldapAttributeName.equalsIgnoreCase(LDAPConstants.OBJECT_CLASS)) { if (ldapAttributeName.equalsIgnoreCase(LDAPConstants.OBJECT_CLASS)) {
ldapObject.setObjectClasses(attrValues); ldapObject.setObjectClasses(attrValues);
} else { } else {
if (logger.isTraceEnabled()) {
logger.tracef("Populating ldap attribute [%s] with value [%s] for DN [%s].", ldapAttributeName, attrValues.toString(), entryDN);
}
if (attrValues.size() == 1) { if (attrValues.size() == 1) {
ldapObject.setAttribute(ldapAttributeName, attrValues.iterator().next()); ldapObject.setAttribute(ldapAttributeName, attrValues.iterator().next());
} else { } else {
@ -431,6 +426,9 @@ public class LDAPIdentityStore implements IdentityStore {
} }
} }
if (logger.isTraceEnabled()) {
logger.tracef("Found ldap object [%s] and populated with the attributes [%s]. Read-only attributes are [%s]", ldapObject.getDn().toString(), ldapObject.getAttributes(), ldapObject.getReadOnlyAttributeNames());
}
return ldapObject; return ldapObject;
} catch (Exception e) { } catch (Exception e) {

View file

@ -128,8 +128,8 @@ public class LDAPOperationManager {
execute(new LdapOperation<SearchResult>() { execute(new LdapOperation<SearchResult>() {
@Override @Override
public SearchResult execute(LdapContext context) throws NamingException { public SearchResult execute(LdapContext context) throws NamingException {
if (logger.isDebugEnabled()) { if (logger.isTraceEnabled()) {
logger.debugf("Removing entry with DN [%s]", entryDn); logger.tracef("Removing entry with DN [%s]", entryDn);
} }
destroySubcontext(context, entryDn); destroySubcontext(context, entryDn);
return null; return null;
@ -357,8 +357,8 @@ public class LDAPOperationManager {
public void modifyAttributes(final String dn, final ModificationItem[] mods) { public void modifyAttributes(final String dn, final ModificationItem[] mods) {
try { try {
if (logger.isDebugEnabled()) { if (logger.isTraceEnabled()) {
logger.debugf("Modifying attributes for entry [%s]: [", dn); logger.tracef("Modifying attributes for entry [%s]: [", dn);
for (ModificationItem item : mods) { for (ModificationItem item : mods) {
Object values; Object values;
@ -369,10 +369,10 @@ public class LDAPOperationManager {
values = "No values"; values = "No values";
} }
logger.debugf(" Op [%s]: %s = %s", item.getModificationOp(), item.getAttribute().getID(), values); logger.tracef(" Op [%s]: %s = %s", item.getModificationOp(), item.getAttribute().getID(), values);
} }
logger.debugf("]"); logger.tracef("]");
} }
execute(new LdapOperation<Void>() { execute(new LdapOperation<Void>() {
@ -389,18 +389,18 @@ public class LDAPOperationManager {
public void createSubContext(final String name, final Attributes attributes) { public void createSubContext(final String name, final Attributes attributes) {
try { try {
if (logger.isDebugEnabled()) { if (logger.isTraceEnabled()) {
logger.debugf("Creating entry [%s] with attributes: [", name); logger.tracef("Creating entry [%s] with attributes: [", name);
NamingEnumeration<? extends Attribute> all = attributes.getAll(); NamingEnumeration<? extends Attribute> all = attributes.getAll();
while (all.hasMore()) { while (all.hasMore()) {
Attribute attribute = all.next(); Attribute attribute = all.next();
logger.debugf(" %s = %s", attribute.getID(), attribute.get()); logger.tracef(" %s = %s", attribute.getID(), attribute.get());
} }
logger.debugf("]"); logger.tracef("]");
} }
execute(new LdapOperation<Void>() { execute(new LdapOperation<Void>() {

View file

@ -79,8 +79,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
RoleContainerModel roleContainer = getTargetRoleContainer(mapperModel, realm); RoleContainerModel roleContainer = getTargetRoleContainer(mapperModel, realm);
RoleModel role = roleContainer.getRole(roleName); RoleModel role = roleContainer.getRole(roleName);
// TODO: debug logger.debugf("Granting role [%s] to user [%s] during import from LDAP", roleName, user.getUsername());
logger.infof("Granting role [%s] to user [%s] during import from LDAP", roleName, user.getUsername());
user.grantRole(role); user.grantRole(role);
} }
} }
@ -94,8 +93,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
// Sync roles from LDAP tree and create them in local Keycloak DB (if they don't exist here yet) // Sync roles from LDAP tree and create them in local Keycloak DB (if they don't exist here yet)
protected void syncRolesFromLDAP(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, RealmModel realm) { protected void syncRolesFromLDAP(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, RealmModel realm) {
if (!rolesSyncedModels.contains(mapperModel.getId())) { if (!rolesSyncedModels.contains(mapperModel.getId())) {
// TODO: debug logger.debugf("Syncing roles from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getDisplayName());
logger.infof("Syncing roles from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getDisplayName());
LDAPIdentityQuery ldapQuery = createRoleQuery(mapperModel, ldapProvider); LDAPIdentityQuery ldapQuery = createRoleQuery(mapperModel, ldapProvider);
@ -108,7 +106,6 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
String roleName = ldapRole.getAttributeAsString(rolesRdnAttr); String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
if (roleContainer.getRole(roleName) == null) { if (roleContainer.getRole(roleName) == null) {
// TODO: debug
logger.infof("Syncing role [%s] from LDAP to keycloak DB", roleName); logger.infof("Syncing role [%s] from LDAP to keycloak DB", roleName);
roleContainer.addRole(roleName); roleContainer.addRole(roleName);
} }

View file

@ -20,7 +20,7 @@ public class UserFederationManager implements UserProvider {
protected KeycloakSession session; protected KeycloakSession session;
// Set of already validated/proxied users during this session. Key is user ID // Set of already validated/proxied federation users during this session. Key is user ID
private Map<String, UserModel> managedUsers = new HashMap<>(); private Map<String, UserModel> managedUsers = new HashMap<>();
public UserFederationManager(KeycloakSession session) { public UserFederationManager(KeycloakSession session) {

View file

@ -44,11 +44,12 @@ public interface UserFederationProvider extends Provider {
/** /**
* Gives the provider an option to validate if user still exists in federation backend and then proxy UserModel loaded from local storage. * Gives the provider an option to validate if user still exists in federation backend and then proxy UserModel loaded from local storage.
* This method is called whenever a UserModel is pulled from local storage. * This method is called whenever a UserModel is pulled from Keycloak local storage.
* For example, the LDAP provider proxies the UserModel and does on-demand synchronization with * For example, the LDAP provider proxies the UserModel and does on-demand synchronization with
* LDAP whenever UserModel update methods are invoked. It also overrides UserModel.updateCredential for the * LDAP whenever UserModel update methods are invoked. It also overrides UserModel.updateCredential for the
* credential types it supports * credential types it supports
* *
* @param realm
* @param local * @param local
* @return null if user is no longer valid or proxy object otherwise * @return null if user is no longer valid or proxy object otherwise
*/ */
@ -122,6 +123,7 @@ public interface UserFederationProvider extends Provider {
* Is the Keycloak UserModel still valid and/or existing in federated storage? Keycloak may call this method * Is the Keycloak UserModel still valid and/or existing in federated storage? Keycloak may call this method
* in various user operations. The local storage may be deleted if this method returns false. * in various user operations. The local storage may be deleted if this method returns false.
* *
* @param realm
* @param local * @param local
* @return * @return
*/ */