From 5c3a9b55ff68d2f4bddf15b7642f8c25a8f29707 Mon Sep 17 00:00:00 2001
From: sysops <sysops@LenovoT14Gen5>
Date: Wed, 1 Apr 2026 00:05:35 +0200
Subject: [PATCH] =?UTF-8?q?debug:=20tempor=C3=A4res=20LDAP-Logging=20f?=
 =?UTF-8?q?=C3=BCr=20Fehlerdiagnose?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/auth/auth.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index 96a9eb3..4d5865f 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -89,8 +89,14 @@ func (m *Manager) Login(username, password string) (token string, user *userstor
 		if domain := extractDomain(username); domain != "" {
 			ctx := context.Background()
 			tenantID, lookupErr := m.tenantLookup.GetTenantIDByDomain(ctx, domain)
+			if lookupErr != nil {
+				fmt.Printf("[DEBUG] tenant domain lookup failed for %q: %v\n", domain, lookupErr)
+			}
 			if lookupErr == nil && tenantID != nil {
 				tcfg, tErr := m.tenantLdapStore.GetWithPassword(ctx, *tenantID)
+				if tErr != nil {
+					fmt.Printf("[DEBUG] tenant LDAP GetWithPassword failed: %v\n", tErr)
+				}
 				if tErr == nil && tcfg != nil && tcfg.Enabled && tcfg.URL != "" && tcfg.BindPassword != "" {
 					attrs, authErr := ldapauth.Authenticate(ldapauth.Config{
 						URL:           tcfg.URL,
@@ -101,6 +107,9 @@ func (m *Manager) Login(username, password string) (token string, user *userstor
 						TLS:           tcfg.TLS,
 						TLSSkipVerify: tcfg.TLSSkipVerify,
 					}, username, password)
+					if authErr != nil {
+						fmt.Printf("[DEBUG] tenant LDAP auth failed for %q: %v\n", username, authErr)
+					}
 					if authErr == nil {
 						role := tcfg.DefaultRole
 						if role == "" {