Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ldap: add new option ldap_library_debug_level #5178

Closed
wants to merge 1 commit into from
Closed

ldap: add new option ldap_library_debug_level #5178

wants to merge 1 commit into from

Conversation

sumit-bose
Copy link
Contributor

With the new option ldap_library_debug_level the debug level for
OpenLDAP's internal debugging can be set. If set the OpenLDAP debug
messages will be written to the logs independent of the general
debug_level.

alexey-tikhonov
alexey-tikhonov reviewed May 27, 2020
View reviewed changes
src/config/etc/sssd.api.d/sssd-ldap.conf Outdated
@@ -130,6 +130,7 @@ ldap_rfc2307_fallback_to_local_users = bool, None, false
ldap_min_id = int, None, false
ldap_max_id = int, None, false
ldap_pwdlockout_dn = str, None, false
ldap_library_debug_level = str, None, false
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why str and not int?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, sorry, typo, fixed.

@alexey-tikhonov
Copy link
Member

(JFTR: I guess this relates to https://bugzilla.redhat.com/show_bug.cgi?id=1839972)

An approach to debug messages from different libs, e.g. libldap vs libldb, feels a little bit inconsistent...

I wonder if it would be better (simpler to use) to just rename SSSDBG_TRACE_LDB to something like SSSDBG_TRACE_FOREIGN_LIBS and use this level for all those occasions...

@alexey-tikhonov
Copy link
Member

I also think it is not very useful to have an ability to enable libldap logs totally independent of general sssd log level. Some combinations doesn't really have a lot of value, imo.

@sumit-bose
ldap: add new option ldap_library_debug_level
d058c43 
With the new option ldap_library_debug_level the debug level for
OpenLDAP's internal debugging can be set. If set the OpenLDAP debug
messages will be written to the logs independent of the general
debug_level.
@sumit-bose
Copy link
Contributor Author

Hi,

I made the debug output independent of the general debug_level mainly based on the experience with libldb.

Typically the debug output of libldb is not needed and make logs harder to read. So if it would be only about libldb a dedicated debug_level would work. But I think something like SSSDBG_TRACE_FOREIGN_LIBS does not help much because if in the given case we want to check what libldap is doing internally why would I need libldb output as well? That why I think to solution which dedicated options scales better when we want to handle the debug output of multiple libraries.

But I agree there are some drawbacks as well. E.g. new options are needed. Or it is not easy to just switch on all debugging, but here I think it is typically not needed, especially libldap debugging.

bye,
Sumit

@alexey-tikhonov
Copy link
Member

I think something like SSSDBG_TRACE_FOREIGN_LIBS does not help much because if in the given case we want to check what libldap is doing internally why would I need libldb output as well?

Right, agree.

But having this output with SSSDBG_TRACE_ALL level regardless debug_level still feels weird and most probably useless (if debug_level< SSSDBG_TRACE_FUNC most probably it will be impossible to interpret output in most cases)

Wouldn't it make sense to:

  1. either use DEBUG instead of sss_debug_fn directly, so that ldap_library_debug_level will have effect only if debug_level is high enough
  2. or have something like ldap_library_debug_level = log_level=N,log_mask=M to specify log level to use in sss_ldap_debug

I was thinking about generalization of this option for all "foreign libs" in the form libs_debug = lob_level=N, libldap=mask, libldb = mask ... but perhaps this is too complicated.

In general I worry how to do this change more user-friendly / useful. So far this feels like "yet another one knob only few developers will be aware of".

Having said this, patch itself is functional and should work fine, of course.

@pbrezina
Copy link
Member

I just used this patch to debug something and it works as expected.

The SSSD debug level is a bitmask and the idea behind it is that you can enable or disable specific messages. So we can certainly add SSSDDBG_EXTERNAL_LDAP or something and enable -1 ldap level if this is set. But I'm fine with the option as well, especially if you think that something else then -1 (enable all) is helpful.

@sumit-bose
Copy link
Contributor Author

Hi,

as I said I'd prefer to use a separate option for this because in more or less all cases this debug output is not needed and -1 is very verbose. So I think "yet another one knob only few developers will be aware of" is completely find here because it should be only used if there are strong indications that something is wrong on the libldap level.

bye,
Sumit

@alexey-tikhonov
Copy link
Member

as I said I'd prefer to use a separate option for this because in more or less all cases this debug output is not needed and -1 is very verbose. So I think "yet another one knob only few developers will be aware of" is completely find here because it should be only used if there are strong indications that something is wrong on the libldap level.

Ok.

@alexey-tikhonov alexey-tikhonov mentioned this pull request Aug 27, 2020
Closed
@pbrezina
Copy link
Member

pbrezina commented Sep 4, 2020

Ack.

@pbrezina pbrezina self-assigned this Sep 4, 2020
@pbrezina
Copy link
Member

Pushed PR: #5178

  • master
    • 5fb2263 - ldap: add new option ldap_library_debug_level

@pbrezina pbrezina added Pushed and removed Accepted Ready to push Ready to push labels Sep 14, 2020
@pbrezina pbrezina closed this Sep 14, 2020
madhuriupadhye added a commit to madhuriupadhye/sssd that referenced this pull request Dec 18, 2020
@madhuriupadhye
Tests: alltests: "ldap_library_debug_level" option to domain section
ab11bb0 
Configure single domain and check "ldap_library_debug_level"
parameter.
It consists of three test cases:
  1. Check ldap_library_debug_level option with config-check
  2. Set ldap_library_debug_level to zero and check
     corresponding logs
  3. Set ldap_library_debug_level to two and check
     corresponding logs

Verifies:
Issue: SSSD#5178
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1884207
@madhuriupadhye madhuriupadhye mentioned this pull request Dec 18, 2020
Closed
madhuriupadhye added a commit to madhuriupadhye/sssd that referenced this pull request Jan 15, 2021
@madhuriupadhye
Tests: alltests: "ldap_library_debug_level" option to domain section
a91402e 
Configure single domain and check "ldap_library_debug_level"
parameter.
It consists of three test cases:
  1. Check ldap_library_debug_level option with config-check
  2. Set ldap_library_debug_level to zero and check
     corresponding logs
  3. Set ldap_library_debug_level to two and check
     corresponding logs

Verifies:
Issue: SSSD#5178
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1884207
madhuriupadhye added a commit to madhuriupadhye/sssd that referenced this pull request Jan 15, 2021
@madhuriupadhye
Tests: alltests: "ldap_library_debug_level" option to domain section
0f6401f 
Configure single domain and check "ldap_library_debug_level"
parameter.
It consists of three test cases:
  1. Check ldap_library_debug_level option with config-check
  2. Set ldap_library_debug_level to zero and check
     corresponding logs
  3. Set ldap_library_debug_level to two and check
     corresponding logs

Verifies:
Issue: SSSD#5178
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1884207
pbrezina pushed a commit that referenced this pull request Jan 21, 2021
@madhuriupadhye @pbrezina
Tests: alltests: "ldap_library_debug_level" option to domain section
cdad948 
Configure single domain and check "ldap_library_debug_level"
parameter.
It consists of three test cases:
  1. Check ldap_library_debug_level option with config-check
  2. Set ldap_library_debug_level to zero and check
     corresponding logs
  3. Set ldap_library_debug_level to two and check
     corresponding logs

Verifies:
Issue: #5178
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1884207

Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
3v1n0 pushed a commit to 3v1n0/sssd that referenced this pull request Apr 8, 2021
@madhuriupadhye @3v1n0
Tests: alltests: "ldap_library_debug_level" option to domain section
71aa373 
Configure single domain and check "ldap_library_debug_level"
parameter.
It consists of three test cases:
  1. Check ldap_library_debug_level option with config-check
  2. Set ldap_library_debug_level to zero and check
     corresponding logs
  3. Set ldap_library_debug_level to two and check
     corresponding logs

Verifies:
Issue: SSSD#5178
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1884207

Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
akuster pushed a commit to akuster/sssd that referenced this pull request May 18, 2021
@madhuriupadhye @akuster
Tests: alltests: "ldap_library_debug_level" option to domain section
cedd113 
Configure single domain and check "ldap_library_debug_level"
parameter.
It consists of three test cases:
  1. Check ldap_library_debug_level option with config-check
  2. Set ldap_library_debug_level to zero and check
     corresponding logs
  3. Set ldap_library_debug_level to two and check
     corresponding logs

Verifies:
Issue: SSSD#5178
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1884207

Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexey-tikhonov alexey-tikhonov alexey-tikhonov left review comments

Assignees

@pbrezina pbrezina

Labels
Pushed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@sumit-bose @alexey-tikhonov @pbrezina