Enable LDAP debugging using the mod_python Apache configuration directive

PythonOption IPADebug On/Off
2025-02-25 18:55:28 -06:00 · 2007-09-21 14:39:52 -04:00
parent 7b96973711
commit 2fec56d679
4 changed files with 20 additions and 10 deletions
--- a/ipa-server/ipaserver/ipaldap.py
+++ b/ipa-server/ipaserver/ipaldap.py
@@ -209,13 +209,14 @@ class IPAdmin(SimpleLDAPObject):
        else:
            SimpleLDAPObject.__init__(self,'ldap://%s:%d' % (self.host,self.port))

-    def __init__(self,host,port,cacert,bindcert,bindkey,proxydn=None):
+    def __init__(self,host,port,cacert,bindcert,bindkey,proxydn=None,debug=None):
        """We just set our instance variables and wrap the methods - the real
           work is done in __localinit__ and __initPart2 - these are separated
           out this way so that we can call them from places other than
           instance creation e.g. when we just need to reconnect, not create a
           new instance"""
-#        ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
+        if debug.lower() == "on":
+            ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
        if cacert is not None:
            ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,cacert)
            ldap.set_option(ldap.OPT_X_TLS_CERTFILE,bindcert)
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -49,7 +49,7 @@ class IPAConnPool:
    def __init__(self):
        self.freelist = []

-    def getConn(self, host, port, bindca, bindcert, bindkey, proxydn=None, krbccache=None):
+    def getConn(self, host, port, bindca, bindcert, bindkey, proxydn=None, krbccache=None, debug=None):
        conn = None
        if len(self.freelist) > 0:
            for i in range(len(self.freelist)):
@@ -58,7 +58,7 @@ class IPAConnPool:
                    conn = self.freelist.pop(i)
                    break
        if conn is None:
-            conn = ipaserver.ipaldap.IPAdmin(host,port,bindca,bindcert,bindkey)
+            conn = ipaserver.ipaldap.IPAdmin(host,port,bindca,bindcert,bindkey,None,debug)
        if proxydn is not None:
            conn.set_proxydn(proxydn)
        else:
@@ -99,13 +99,13 @@ class IPAServer:
    def set_krbccache(self, krbccache):
        self.krbccache = krbccache
    
-    def get_dn_from_principal(self, princ):
+    def get_dn_from_principal(self, princ, debug):
        """Given a kerberos principal get the LDAP uid"""
        global _LDAPPool

        filter = "(krbPrincipalName=" + princ + ")"
        # The only anonymous search we should have
-        conn = _LDAPPool.getConn(self.host,self.sslport,self.bindca,self.bindcert,self.bindkey,None,None)
+        conn = _LDAPPool.getConn(self.host,self.sslport,self.bindca,self.bindcert,self.bindkey,None,None,debug)
        try:
            ent = conn.getEntry(self.basedn, self.scope, filter, ['dn'])
        finally:
@@ -124,6 +124,8 @@ class IPAServer:
           that and None for proxy dn to make calling getConn() easier.
        """

+        debug = opts.get('ipadebug')
+
        if opts:
            if opts.get('krbccache'):
                self.set_krbccache(opts['krbccache'])
@@ -137,9 +139,9 @@ class IPAServer:
            pass

        if self.princ is not None:
-            return self.get_dn_from_principal(self.princ), None
+            return self.get_dn_from_principal(self.princ, debug), None, debug
        else:
-            return None, self.krbccache
+            return None, self.krbccache, debug

    def getConnection(self, opts):
        """Wrapper around IPAConnPool.getConn() so we don't have to pass
@@ -151,7 +153,7 @@ class IPAServer:
        """
        global _LDAPPool

-        (proxy_dn, krbccache) = self.__setup_connection(opts)
+        (proxy_dn, krbccache, debug) = self.__setup_connection(opts)

        if krbccache is not None:
            bindca = None
@@ -167,7 +169,7 @@ class IPAServer:
        else:
             return None

-        return _LDAPPool.getConn(self.host,port,bindca,bindcert,bindkey,proxy_dn,krbccache)
+        return _LDAPPool.getConn(self.host,port,bindca,bindcert,bindkey,proxy_dn,krbccache,debug)

    def releaseConnection(self, conn):
        global _LDAPPool
--- a/ipa-server/xmlrpc-server/ipa.conf
+++ b/ipa-server/xmlrpc-server/ipa.conf
@@ -51,6 +51,9 @@ Alias /ipa "/usr/share/ipa/ipaserver/XMLRPC"
  
  PythonDebug Off

+  # Some IPA-specific configuration options
+  PythonOption IPADebug Off 
+
  # this is pointless to use since it would just reload ipaxmlrpc.py
  PythonAutoReload Off
 </Directory>
--- a/ipa-server/xmlrpc-server/ipaxmlrpc.py
+++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py
@@ -130,6 +130,7 @@ class ModXMLRPCRequestHandler(object):
        """Dispatches an XML-RPC method from marshalled (XML) data."""

        params, method = loads(data)
+        pythonopts = req.get_options()

        # Populate the Apache environment variables
        req.add_common_vars()
@@ -140,6 +141,9 @@ class ModXMLRPCRequestHandler(object):
        if req.subprocess_env.get("KRB5CCNAME") is not None:
            opts['krbccache'] = req.subprocess_env.get("KRB5CCNAME")

+        if pythonopts.get("IPADebug"):
+            opts['ipadebug'] = pythonopts.get("IPADebug")
+
        # Tack onto the end of the passed-in arguments any options we also
        # need
        params = params + (opts,)