From f9c1f123c25c937c492d16692972fe86fa495d89 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <joseph.schorr@coreos.com>
Date: Fri, 8 May 2015 14:19:32 -0400
Subject: [PATCH] Add better debugging to LDAP

---
 data/users.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/data/users.py b/data/users.py
index 3d763c9b6..4a4c9832f 100644
--- a/data/users.py
+++ b/data/users.py
@@ -52,11 +52,15 @@ class LDAPUsers(object):
       user_search_dn = ','.join(self._user_rdn + self._base_dn)
       query = u'(|({0}={2})({1}={2}))'.format(self._uid_attr, self._email_attr,
                                               username_or_email)
+
+      logger.debug('Conducting user search: %s => %s', user_search_dn, query)
       user = conn.search_s(user_search_dn, ldap.SCOPE_SUBTREE, query.encode('utf-8'))
 
+      logger.debug('Found user data: %s', user)
       if len(user) != 1:
         return None
 
+      logger.debug('Found user: %s', user[0])
       return user[0]
 
   def verify_user(self, username_or_email, password):
@@ -75,10 +79,12 @@ class LDAPUsers(object):
     found_dn, found_response = found_user
 
     # First validate the password by binding as the user
+    logger.debug('Found user %s; validating password', username_or_email)
     try:
       with LDAPConnection(self._ldap_uri, found_dn, password.encode('utf-8')):
         pass
     except ldap.INVALID_CREDENTIALS:
+      logger.exception('Invalid LDAP credentials')
       return None
 
     # Now check if we have a federated login for this user