-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve logging of ACL decisions #1153
Comments
Comment from abbra at 2014-06-23 14:38:59 Attached is a prototype patch. |
Comment from lkrispen (@elkris) at 2014-06-23 16:17:41 attachment |
Comment from abbra at 2014-06-23 19:13:28 attachment |
Comment from abbra at 2014-06-23 19:16:06 I've uploaded my version which is very similar to what Ludwig did but avoids pulling in formatting string into formatting string, i.e. avoids having
because this is a potential issue that is now detected by Fedora scripts. |
Comment from lkrispen (@elkris) at 2014-06-23 20:46:54 ok, but I think we should have another log level, otherwise there will be surprises if acl loggin is logging much more than before. |
Comment from abbra at 2014-06-23 20:54:15 Both approaches would work for me. In ACL plugin I specifically interested in getting information what caused evaluation to fail or to allow. These are currently displayed in TNF logging, especially in TestRights and not available on either level via normal slapi_log_error() calls. |
Comment from nhosoi (@nhosoi) at 2015-04-02 22:38:11 Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1208608 |
Comment from nhosoi (@nhosoi) at 2015-04-02 22:38:26 Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1208609 |
Comment from nhosoi (@nhosoi) at 2015-04-02 22:41:25 Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1208610 |
Comment from lkrispen (@elkris) at 2016-01-14 19:28:34 Looking again into the TNF calls I am no longer convince that just replacing the TNF macros by calls to slapi_log_error is useful. The original use of TNF is to log traces about execution and so there are many calls just loging enter and exit of a function, this would blow up the volumnious acl logging even more and giv eno extra benefit. I suggest not to automatically convert TNF calls into logging, but add more dedicated messages in TestRights, and check if there are other places, not yet covered by TNF or normal logging, which could be helpful. maybe we close this ticket and open a new one. |
Comment from lkrispen (@elkris) at 2016-01-15 20:08:47 changed subject according to latest comment |
Comment from abbra at 2017-02-11 22:55:30 Metadata Update from @abbra:
|
Comment from mreynolds (@mreynolds389) at 2019-08-23 21:18:59 Metadata Update from @mreynolds389:
|
Comment from mreynolds (@mreynolds389) at 2020-05-20 16:47:29 Metadata Update from @mreynolds389:
|
Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/47822
ACL plugin is painfully to debug as it doesn't give you any reason why decision was made.
Actually, it has internal logging of these decisions but the messages are suppressed when 389-ds is compiled on platforms where TNF library is not available.
However, the code in ACL plugin doesn't really use much of TNF functionality that couldn't be emulated with plain preprocessor magic.
Enable logging using slapi_log_error() for non-TNF case.
The text was updated successfully, but these errors were encountered: