Hitachi Vantara Pentaho Community Wiki
Child pages
  • Enabling Verbose LDAP Logging 2.x-3.0.x
Skip to end of metadata
Go to start of metadata

Warning: Do not enable this logging in production. It logs passwords in plain text.

In some cases, the log that results from executing the steps in Turning on Security Logging 2.x-3.0.x does not provide enough information. In those cases, execute the steps outlined below--after executing the steps in the aforementioned page. In other words, this page depends on Turning on Security Logging 2.x-3.0.x.

Warning: The instructions in this document assume that you have already executed the instructions in Turning on Security Logging 2.x-3.0.x.

The steps below turn on more logging for LDAP, and do not apply to other backends.

  1. Open applicationContext-acegi-security-ldap.xml. Change the reference in the first constructor-arg of daoAuthenticationProvider to ldapAuthenticatorProxy. After these edits, the file should look like this (some beans omitted):
    <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
        <ref bean="ldapAuthenticatorProxy" />
        <ref local="populator" />
  2. Create a file named applicationContext-logging.xml with the contents below. Things to note:
    1. The target property is the authenticator bean above.
    2. The proxyInterfaces property contains a single value: the LdapAuthenticator interface. (BindAuthenticator from above implements this interface.)
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "">
        <bean id="ldapAuthenticatorProxy" class="org.springframework.aop.framework.ProxyFactoryBean">
          <property name="proxyInterfaces">
          <property name="target">
            <ref bean="authenticator" />
          <property name="interceptorNames">
        <bean id="loggingAdvisor" class="">
          <property name="advice">
            <ref local="loggingInterceptor" />
          <property name="pattern">
        <bean id="loggingInterceptor" class="" />
  3. Edit pentaho-spring-beans.xml.
    In pentaho-spring-beans.xml, add applicationContext-logging.xml to the list of imported files that appear.
  4. Restart the Pentaho web application.

    Warning: Do not enable this logging in production. It logs passwords in plain text.

What to Look For

Look for log output similar to:
DEBUG [DirMgrBindAuthenticator] (LoggingInterceptor) Return value: LdapUserInfo: org.acegisecurity.providers.ldap.LdapUserInfo@1f31c64[dn=uid=suzy,ou=users,ou=system,attributes={mail=mail:, uid=uid: suzy, userpassword=userpassword: [B@e17c9c, businesscategory=businesscategory: cn=cto,ou=roles,ou=system, cn=is,ou=roles,ou=system, objectclass=objectClass: organizationalPerson, person, groupOfUniqueNames, inetOrgPerson, top, uniquemember=uniquemember: cn=cto, ou=roles, cn = is , ou = roles, sn=sn: Pentaho, cn=cn: suzy}]

  • No labels