From caac522e3c7f10c2aece06ad178cfcf40be4eda9 Mon Sep 17 00:00:00 2001
From: sysops <sysops@LenovoT14Gen5>
Date: Wed, 1 Apr 2026 00:26:08 +0200
Subject: [PATCH] debug: erweitertes LDAP-Logging (upsert + success)

---
 internal/auth/auth.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index 4d5865f..9ff393d 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -107,10 +107,11 @@ func (m *Manager) Login(username, password string) (token string, user *userstor
 						TLS:           tcfg.TLS,
 						TLSSkipVerify: tcfg.TLSSkipVerify,
 					}, username, password)
-					if authErr != nil {
+						if authErr != nil {
 						fmt.Printf("[DEBUG] tenant LDAP auth failed for %q: %v\n", username, authErr)
 					}
 					if authErr == nil {
+						fmt.Printf("[DEBUG] tenant LDAP auth OK for %q, upserting...\n", username)
 						role := tcfg.DefaultRole
 						if role == "" {
 							role = userstore.RoleUser
@@ -129,6 +130,9 @@ func (m *Manager) Login(username, password string) (token string, user *userstor
 							email = username
 						}
 						ldapUser, upsertErr := m.store.UpsertLDAPUser(username, email, role, tenantID)
+						if upsertErr != nil {
+							fmt.Printf("[DEBUG] UpsertLDAPUser failed for %q: %v\n", username, upsertErr)
+						}
 						if upsertErr == nil {
 							if ldapUser.TOTPEnabled {
 								t, e := m.issuePendingTOTPToken(ldapUser)