manager: display ldap information even when erroneous (#73018)

2023-01-05 10:40:26 +01:00 · 2023-01-05 10:40:26 +01:00 · 1da9c9b3fb
parent 992bf52c4d
commit 1da9c9b3fb
3 changed files with 21 additions and 18 deletions
--- a/src/authentic2/manager/templates/authentic2/manager/ldap_details.html
+++ b/src/authentic2/manager/templates/authentic2/manager/ldap_details.html
@ -2,21 +2,20 @@
 <div class="section manager-ldap">
  <h3>{% trans "LDAP information, realm:" %} {{ ldap.realm }}</h3>
  <div class="a2-manager-ldap-{{ ldap.realm }}">
-    {% if not ldap.error %}
-      <h4>{% blocktrans %}Base ldapsearch command{% endblocktrans %}</h4>
-      <pre class="a2-manager-ldapsearch">{% if ldap.require_cert != 'demand' %}LDAPTLS_REQCERT={{ldap.require_cert}} {% endif %}ldapsearch -v -H {{ ldap.ldap_uri }} \
-    -D "{{ ldap.binddn }}" \
-    -w "{{ ldap.bindpw }}" \
-    -b "{{ ldap.basedn }}"{% if ldap.user_filter or ldap.sync_ldap_users_filter %}
-    "{% firstof ldap.sync_ldap_users_filter ldap.user_filter %}"{% endif %}</pre>
-    {% else %}
+    {% if ldap.error %}
      <div class="error">
-        <p>{% blocktrans %}Error while attempting to connect to LDAP server, base ldapsearch command won't be displayed.{% endblocktrans %}</p>
+        <p>{% blocktrans %}Error while attempting to connect to LDAP server, base ldapsearch command is still displayed but won’t work as such.{% endblocktrans %}</p>
        {% if ldap.errmsg %}
          <p>{% blocktrans with errmsg=ldap.errmsg %}Server error: {{ errmsg }}{% endblocktrans %}</p>
        {% endif %}
      </div>
    {% endif %}
+    <h4>{% blocktrans %}Base ldapsearch command{% endblocktrans %}</h4>
+    <pre class="a2-manager-ldapsearch">{% if ldap.require_cert != 'demand' %}LDAPTLS_REQCERT={{ldap.require_cert}} {% endif %}ldapsearch -v -H {{ ldap.ldap_uri }} \
+    -D "{{ ldap.binddn }}" \
+    -w "{{ ldap.bindpw }}" \
+    -b "{{ ldap.basedn }}"{% if ldap.user_filter or ldap.sync_ldap_users_filter %} \
+    "{% firstof ldap.sync_ldap_users_filter ldap.user_filter %}"{% endif %}</pre>
    <h4>{% trans "Configuration" %}</h4>
    <pre>{{ ldap.block }}</pre>
  </div>
--- a/src/authentic2/manager/views.py
+++ b/src/authentic2/manager/views.py
@ -771,14 +771,14 @@ class TechnicalInformationView(TitleMixin, MediaMixin, TemplateView):
                config['error'] = True
                config['errmsg'] = str(e)
            else:
-                config['block'] = json.dumps(block, indent=2, ensure_ascii=False)
                # retrieve ldap uri, not directly visible in configuration block
                config['ldap_uri'] = conn.get_option(ldap.OPT_URI)
-                # user filters need to be formatted to ldapsearch syntax
-                config['user_filter'] = force_str(block.get('user_filter'), '').replace('%s', '*')
-                config['sync_ldap_users_filter'] = (
-                    force_str(block.get('sync_ldap_users_filter'), '').replace('%s', '*').replace('%s', '*')
-                )
+            config['block'] = json.dumps(block, indent=2, ensure_ascii=False)
+            # user filters need to be formatted to ldapsearch syntax
+            config['user_filter'] = force_str(block.get('user_filter'), '').replace('%s', '*')
+            config['sync_ldap_users_filter'] = (
+                force_str(block.get('sync_ldap_users_filter'), '').replace('%s', '*').replace('%s', '*')
+            )

            kwargs['ldap_list'].append(config)
        return super().get_context_data(**kwargs)
--- a/tests/test_ldap.py
+++ b/tests/test_ldap.py
@ -2231,7 +2231,7 @@ def test_technical_info_ldap(app, admin, superuser, slapd, settings, monkeypatch
    assert '-b "o=ôrga"' in ldap_config_text
    assert '"(|(mail=*)(uid=*))"' in ldap_config_text

-    for opt in [
+    options = [
        'active_directory',
        'attribute_mappings',
        'attributes',
@ -2295,7 +2295,9 @@ def test_technical_info_ldap(app, admin, superuser, slapd, settings, monkeypatch
        'user_dn_template',
        'user_filter',
        'username_template',
-    ]:
+    ]
+
+    for opt in options:
        assert opt in ldap_config_text

    assert 'LDAPTLS_REQCERT' not in ldap_config_text
@ -2313,9 +2315,11 @@ def test_technical_info_ldap(app, admin, superuser, slapd, settings, monkeypatch
    resp = app.get(reverse('a2-manager-tech-info'))
    ldap_config_text = resp.pyquery('div#a2-manager-tech-info-ldap-list').text()

-    assert 'Base ldapsearch command' not in ldap_config_text
+    assert 'Base ldapsearch command' in ldap_config_text
    assert 'Error while attempting to connect to LDAP server' in ldap_config_text
    assert 'Server error: some buggy connection error message' in ldap_config_text
+    for opt in options:
+        assert opt in ldap_config_text


 class TestLookup: