From 068370a89386fab194fa649390fc312a3763fee8 Mon Sep 17 00:00:00 2001 From: Baptiste Pecatte Date: Fri, 26 Jun 2020 21:44:06 +0200 Subject: [PATCH 1/3] Add host to logs for use with fail2ban --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm | 5 +++-- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm | 6 ++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm index 4ae1bfce4..4b15c4cc8 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm @@ -144,7 +144,8 @@ sub getUser { return PE_BADCREDENTIALS; } unless ( $req->data->{ldapentry} = $mesg->entry(0) ) { - $self->userLogger->warn("$req->{user} was not found in LDAP directory"); + my $ipAddr = $req->address; + $self->userLogger->warn("$req->{user} was not found in LDAP directory ($ipAddr)"); eval { $self->p->_authentication->setSecurity($req) }; return PE_BADCREDENTIALS; } @@ -178,4 +179,4 @@ sub bind { return 1; } -1; \ No newline at end of file +1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm index d064e9aa3..43046999c 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm @@ -180,7 +180,8 @@ sub userBind { # Return direct unless control resonse unless ( defined $resp ) { if ( $mesg->code == 49 ) { - $self->{portal}->userLogger->warn("Bad password"); + my $ipAddr = $req->address; + $self->{portal}->userLogger->warn("Bad password for $req->{user} ($ipAddr)"); return PE_BADCREDENTIALS; } elsif ( $mesg->code == 0 ) { @@ -262,7 +263,8 @@ sub userBind { $req->data->{ldapError} = $mesg->error; } } - $self->{portal}->userLogger->warn("Bad password for $req->{user}"); + my $ipAddr = $req->address; + $self->{portal}->userLogger->warn("Bad password for $req->{user} ($ipAddr)"); return PE_BADCREDENTIALS; } From 24ecbb2f189c7bd7635eb2aa0a3650ff33c87346 Mon Sep 17 00:00:00 2001 From: Baptiste Pecatte Date: Fri, 26 Jun 2020 22:06:40 +0200 Subject: [PATCH 2/3] Document failed log samples --- doc/sources/admin/logs.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/sources/admin/logs.rst b/doc/sources/admin/logs.rst index a9d8d72ac..be2164d6e 100644 --- a/doc/sources/admin/logs.rst +++ b/doc/sources/admin/logs.rst @@ -65,6 +65,13 @@ Authentication: [notice] User clement.oudot.com successfully authenticated at level 2 [notice] clement.oudot connected +Failed authentication: + +:: + + [warn] foo.bar was not found in LDAP directory (81.20.13.21) + [warn] Bad password for clement.oudot (81.20.13.21) + Logout: :: From 0795454620ab87c52feb275f3a1e3b5677ea186d Mon Sep 17 00:00:00 2001 From: Baptiste Pecatte Date: Sat, 4 Jul 2020 22:29:29 +0200 Subject: [PATCH 3/3] Remove useless variable --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm | 3 +-- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm | 6 ++---- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm index 4b15c4cc8..47f52f45f 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm @@ -144,8 +144,7 @@ sub getUser { return PE_BADCREDENTIALS; } unless ( $req->data->{ldapentry} = $mesg->entry(0) ) { - my $ipAddr = $req->address; - $self->userLogger->warn("$req->{user} was not found in LDAP directory ($ipAddr)"); + $self->userLogger->warn("$req->{user} was not found in LDAP directory (".$req->address.")"); eval { $self->p->_authentication->setSecurity($req) }; return PE_BADCREDENTIALS; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm index 43046999c..963522028 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm @@ -180,8 +180,7 @@ sub userBind { # Return direct unless control resonse unless ( defined $resp ) { if ( $mesg->code == 49 ) { - my $ipAddr = $req->address; - $self->{portal}->userLogger->warn("Bad password for $req->{user} ($ipAddr)"); + $self->{portal}->userLogger->warn("Bad password for $req->{user} (".$req->address.")"); return PE_BADCREDENTIALS; } elsif ( $mesg->code == 0 ) { @@ -263,8 +262,7 @@ sub userBind { $req->data->{ldapError} = $mesg->error; } } - my $ipAddr = $req->address; - $self->{portal}->userLogger->warn("Bad password for $req->{user} ($ipAddr)"); + $self->{portal}->userLogger->warn("Bad password for $req->{user} (".$req->address.")"); return PE_BADCREDENTIALS; }