ldap: Improve logging.

Our ldap integration is quite sensitive to misconfigurations, so more logging is better than less to help debug those issues. Despite the following docstring on ZulipLDAPException: "Since this inherits from _LDAPUser.AuthenticationFailed, these will be caught and logged at debug level inside django-auth-ldap's authenticate()" We weren't actually logging anything, because debug level messages were ignored due to our general logging settings. It is however desirable to log these errors, as they can prove useful in debugging configuration problems. The django_auth_ldap logger can get fairly spammy on debug level, so we delegate ldap logging to a separate file /var/log/zulip/ldap.log to avoid spamming server.log too much.
2025-11-16 11:52:01 +00:00 · 2019-12-27 23:03:00 +01:00
parent 2a473c57f4
commit 61180020c1
4 changed files with 29 additions and 6 deletions
--- a/zproject/settings.py
+++ b/zproject/settings.py
@@ -640,6 +640,7 @@ EMAIL_LOG_PATH = zulip_path("/var/log/zulip/send_email.log")
 EMAIL_MIRROR_LOG_PATH = zulip_path("/var/log/zulip/email_mirror.log")
 EMAIL_DELIVERER_LOG_PATH = zulip_path("/var/log/zulip/email-deliverer.log")
 EMAIL_CONTENT_LOG_PATH = zulip_path("/var/log/zulip/email_content.log")
+LDAP_LOG_PATH = zulip_path("/var/log/zulip/ldap.log")
 LDAP_SYNC_LOG_PATH = zulip_path("/var/log/zulip/sync_ldap_user_data.log")
 QUEUE_ERROR_DIR = zulip_path("/var/log/zulip/queue_error")
 DIGEST_LOG_PATH = zulip_path("/var/log/zulip/digest.log")
@@ -745,6 +746,12 @@ LOGGING = {
            'formatter': 'default',
            'filename': ERROR_FILE_LOG_PATH,
        },
+        'ldap_file': {
+            'level': 'DEBUG',
+            'class': 'logging.handlers.WatchedFileHandler',
+            'formatter': 'default',
+            'filename': LDAP_LOG_PATH,
+        },
    },
    'loggers': {
        # The Python logging module uses a hierarchy of logger names for config:
@@ -812,6 +819,11 @@ LOGGING = {
        # },

        # other libraries, alphabetized
+        'django_auth_ldap': {
+            'level': 'DEBUG',
+            'handlers': ['console', 'ldap_file', 'errors_file'],
+            'propagate': False,
+        },
        'pika.adapters': {
            # pika is super chatty on INFO.
            'level': 'WARNING',
@@ -854,6 +866,11 @@ LOGGING = {
        'zerver.management.commands.deliver_scheduled_messages': {
            'level': 'DEBUG',
        },
+        'zulip.ldap': {
+            'level': 'DEBUG',
+            'handlers': ['console', 'ldap_file', 'errors_file'],
+            'propagate': False,
+        },
        'zulip.management': {
            'handlers': ['file', 'errors_file'],
            'propagate': False,