From c95094685395b4446de4bc476b9fa4ddbf1a57fc Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@jrother.eu>
Date: Fri, 3 Dec 2021 00:26:17 +0100
Subject: [PATCH] Add logging for BIND requests

---
 ldapserver/server.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ldapserver/server.py b/ldapserver/server.py
index d20ed66..98b2917 100644
--- a/ldapserver/server.py
+++ b/ldapserver/server.py
@@ -234,6 +234,7 @@ class LDAPRequestHandler(BaseLDAPRequestHandler):
 		# If auth type or SASL method changed, abort SASL dialog
 		self.__bind_sasl_state = None
 		if isinstance(auth, ldap.SimpleAuthentication):
+			self.logger.info('BIND dn=%r', op.name)
 			self.bind_object = self.do_bind_simple(op.name, auth.password)
 			yield ldap.BindResponse(ldap.LDAPResultCode.success)
 		elif isinstance(auth, ldap.SaslCredentials):
@@ -340,6 +341,7 @@ class LDAPRequestHandler(BaseLDAPRequestHandler):
 			# Request to abort current negotiation (RFC4513 5.2.1.2)
 			raise exceptions.LDAPAuthMethodNotSupported()
 		if mechanism == 'ANONYMOUS' and self.supports_sasl_anonymous:
+			self.logger.info('BIND SASL ANONYMOUS')
 			if credentials is not None:
 				credentials = credentials.decode()
 			return self.do_bind_sasl_anonymous(trace_info=credentials), None
@@ -347,10 +349,12 @@ class LDAPRequestHandler(BaseLDAPRequestHandler):
 			if credentials is None:
 				raise exceptions.LDAPProtocolError('Unsupported protocol version')
 			authzid, authcid, password = credentials.split(b'\0', 2)
+			self.logger.info('BIND SASL PLAIN authcid=%r', authcid)
 			return self.do_bind_sasl_plain(authcid.decode(), password.decode(), authzid.decode() or None), None
 		if mechanism == 'EXTERNAL' and self.supports_sasl_external:
 			if credentials is not None:
 				credentials = credentials.decode()
+			self.logger.info('BIND SASL EXTERNAL')
 			return self.do_bind_sasl_external(authzid=credentials), None
 		raise exceptions.LDAPAuthMethodNotSupported()
 
-- 
GitLab