From be805c1150fd0c2e6ac2276f8535b14d57557aad Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 12 Dec 2023 08:38:47 -0500
Subject: [PATCH] Issue 9497 - update debug logging in ipa_lockout

Fixes: https://pagure.io/freeipa/issue/9497

Signed-off-by: Mark Reynolds <mreynolds@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c b/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
index a8095ccd371bfd29e3148ab2ad8c982a08f0b7e0..366018094bdc42c914d7743a89519ba1e1a6e124 100644
--- a/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
+++ b/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
@@ -30,7 +30,7 @@
  * Program may make changes or additions to the list of Approved
  * Interfaces.
  *
- * Copyright (C) 2010 Red Hat, Inc.
+ * Copyright (C) 2010-2023 Red Hat, Inc.
  * All rights reserved.
  * END COPYRIGHT BLOCK **/
 
@@ -823,13 +823,15 @@ static int ipalockout_preop(Slapi_PBlock *pb)
     if (failedcount >= max_fail) {
         if (lockout_duration == 0) {
             errstr = "Entry permanently locked.\n";
+            LOG_PWDPOLICY("Entry '%s' is permanently locked.\n", dn);
             ret = LDAP_UNWILLING_TO_PERFORM;
             goto done;
         }
 
         if (time_now < last_failed + lockout_duration) {
             /* Too many failures */
-            LOG_TRACE("Too many failed logins. %lu out of %d\n", failedcount, max_fail);
+            LOG_PWDPOLICY("Too many failed logins for '%s'. %lu out of %d\n",
+                          dn, failedcount, max_fail);
             errstr = "Too many failed logins.\n";
             ret = LDAP_UNWILLING_TO_PERFORM;
         }
-- 
2.43.0