Environment
- EDR Server: 7.7.0 and higher
- LDAP
Objective
How to enable debug logging for LDAP configurations
Resolution
- Verbose Debugging can be enabled with the following steps:
- Make a copy of the coreservices-logger.conf
cp /etc/cb/coreservices-logger.conf /etc/cb/coreservices-logger.orig
- Open the /etc/cb/coreservices-logger.conf file
- Append cb.auth and cb.flask.blueprints.api_routes_ldap to the list keys under [loggers] section:
[loggers]
keys=root, gunicorn.access, cb.auth, cb.flask.blueprints.api_routes_ldap
- Copy/paste the following snippet anywhere below with the other [logger_*] configurations:
[logger_cb.flask.blueprints.api_routes_ldap]
level=DEBUG
handlers=debug_syslog
qualname=cb.flask.blueprints.api_routes_ldap
propagate=1
[logger_cb.auth]
level=DEBUG
handlers=debug_syslog
propagate=0
qualname=cb.auth
- Save the file. cb-coreservices will automatically re-read the logger configuration after a few minutes (no need to restart). You can verify the change in /var/log/cb/coreservices/debug.log when you swap over to debug level:
tail -f /var/log/cb/coreservices/debug.log
2017-02-28 09:04:36 [2420] <warning> cb.utils.cb_logging - Detected new logger config, '/etc/cb/coreservices-logger.conf'. reloading...
- Reproduce your authentication issue. Subsequent attempts to login via SSO/SAML (either IdP or SP initiated) will now be logged with increased verbosity.
- Restore the original file
mv /etc/cb/coreservices-logger.conf /etc/cb/coreservices-logger.conf.sso ; mv /etc/cb/coreservices-logger.conf.orig /etc/cb/coreservices-logger.conf
Related Content
