I’m trying to use an LDAP server to authenticate the users in CF. during my test I notice a strange behavior leading to confusion.
It seems that some OK logs are generated even if CF is not able to reach the LDAP server. To reproduce that I set up a wrong port for my ldap server 15423 and then try to log on the UI.
In the “Audit log” section of the UI I have a log which may indicate that the logging was OK:
[----] I, [2017-01-27T15:46:32.150597 #3033:e47f8c] INFO -- Success: MIQ(Common.settings_update_save) userid: [admin] - VMDB config updated (ldapport: to )
[----] I, [2017-01-27T15:46:38.364219 #3033:e43108] INFO -- Success: MIQ(Common.settings_update_save) userid: [admin] - VMDB config updated (ldapport: to )
[----] I, [2017-01-27T15:46:48.826632 #3055:e2fc84] INFO -- Success: MIQ(Authenticator.authenticate) userid: [pcwalker] - User cn=pcwalker,ou=interactiveusers,dc=msp,dc=XXXXXXX,dc=net successfully validated by LDAP
Nevertheless when checking the other log “CFME log” in the UI I see an error when CF is trying to contact the LDAP server:
[----] I, [2017-01-27T15:46:49.712047 #3033:e42654] INFO -- : MiqLdap.connection: Connecting to IP Address [172.24.65.97]
[----] E, [2017-01-27T15:46:49.716987 #3033:e42654] ERROR -- : [Net::LDAP::Error]: unable to establish a connection to server Method:[rescue in authenticate]
[----] E, [2017-01-27T15:46:49.717351 #3033:e42654] ERROR -- : /var/www/miq/vmdb/lib/miq_ldap.rb:97:in
This is normal since there is nothing on the port I choose but the other log in “Audit” is misleading. This led me to lose some time before I understand that the log “successfully validated by LDAP” was wrong and that there were an issue with my config.
I think it would be good to prevent the log “OK” in the audit if there is an error.