Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-27044

LDAP related application logging is not adequate to diagnose common problems

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.0.0, 3.30.0
    • Fix Version/s: None
    • Component/s: LDAP, Logging
    • Notability:
      n/a

      Description

      The logging you see for classes under org.sonatype.nexus.ldap are not adequate to debug/diagnose common problems.

      An Example concern is logging implemented like this.

       @PackageScope
        String buildReason(final String userMessage, Throwable t) {
          String message = "${userMessage}: ${t.message}"
      
          while (t != t.cause && t.cause) {
            t = t.cause
            message += " [Caused by ${t.getClass().name}: ${t.message}]"
          }
          return message
        }
      

      This type of code throws away the root cause line numbers and stack trace. When it is used to construct messages like this:

      try {
      ldapConnectionTester.testConnection(buildLdapContextFactory(validate(ldapServerConnectionXO)))
          }
          catch (Exception e) {
            throw new Exception(buildReason('Failed to connect to LDAP Server', e))
          }
       

      Another example, trying to log the queries being made by application code:

      log.debug(
              "Searching for group membership of: " + username + " in group DN: " + groupBaseDn + "\nUsing filter: \'"
                  + filter + "\'");
      

      The "filter" is logged here, but not all the filter values. Thus one has no idea the actual ldap search query performed by looking at the message.

      Expected

      All exceptions should be logged.
      If an exception is logged, log at INFO or above ( WARN,ERROR) its "message", if DEBUG level is set, then log the complete stack trace as well
      If ANY LDAP queries are made, ensure by reading the log message, one knows exactly the query issued to the LDAP server ( not just the inferred query ). one should be able to take the logged query and give it to an ldapsearch command and have it "just work".

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Rich Seddon Rich Seddon
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title