ldap: include server address in error logs (#55383)

src/authentic2/backends/ldap_backend.py

@@ -437,7 +437,7 @@ class LDAPUser(User):
                 try:
                     password = force_text(crypto.aes_base64_decrypt(settings.SECRET_KEY, password))
                 except crypto.DecryptionError:
-                    logging.getLogger(__name__).error('unable to decrypt a stored LDAP password')
+                    log.error('unable to decrypt a stored LDAP password')
                     self.keep_password_in_session(None)
                     password = None
                 else:
@@ -755,7 +755,9 @@ class LDAPBackend(object):
                             try:
                                 query = filter_format(user_filter, (username,) * n)
                             except TypeError as e:
-                                log.error('user_filter syntax error %r: %s', block['user_filter'], e)
+                                log.error(
+                                    '[%s] user_filter syntax error %r: %s', ldap_uri, block['user_filter'], e
+                                )
                                 return
                             log.debug(
                                 '[%s] looking up dn for username %r using query %r', ldap_uri, username, query
@@ -827,14 +829,15 @@ class LDAPBackend(object):
                         continue
                 except ldap.NO_SUCH_OBJECT:
                     # should not happen as we just searched for this object !
-                    log.error('user bind failed: authz_id not found %r', ', '.join(authz_ids))
+                    log.error('[%s] user bind failed: authz_id not found %r', ldap_uri, ', '.join(authz_ids))
                     if block['replicas']:
                         break
                 return self._return_user(authz_id, password, conn, block)
             except ldap.CONNECT_ERROR:
                 log.error(
-                    'connection to %r failed, did you forget to declare the TLS certificate '
+                    '[%s] connection to %r failed, did you forget to declare the TLS certificate '
                     'in /etc/ldap/ldap.conf ?',
+                    ldap_uri,
                     block['url'],
                 )
             except ldap.TIMEOUT:
@@ -992,6 +995,7 @@ class LDAPBackend(object):
         """Retrieve group DNs from the LDAP by attributes (memberOf) or by
         filter.
         """
+        ldap_uri = conn.get_option(ldap.OPT_URI)
         group_base_dn = block['group_basedn'] or block['basedn']
         member_of_attribute = block['member_of_attribute']
         group_filter = block['group_filter']
@@ -1009,7 +1013,7 @@ class LDAPBackend(object):
             except ldap.NO_SUCH_OBJECT:
                 pass
             except ldap.TIMEOUT:
-                log.error('connection timed out while retrieving group DNs')
+                log.error('[%s] connection timed out while retrieving group DNs', ldap_uri)
             else:
                 group_dns.update(dn for dn, attrs in results)
         return group_dns
@@ -1180,11 +1184,13 @@ class LDAPBackend(object):
 
     @classmethod
     def get_ppolicy_attributes(cls, block, conn, dn):
+        ldap_uri = conn.get_option(ldap.OPT_URI)
+
         def get_attributes(dn, attributes):
             try:
                 results = conn.search_s(dn, ldap.SCOPE_BASE, u'(objectclass=*)', attributes)
             except ldap.LDAPError as e:
-                log.error('unable to retrieve attributes of dn %r: %r', dn, e)
+                log.error('[%s] unable to retrieve attributes of dn %r: %r', ldap_uri, dn, e)
                 return {}
             results = cls.normalize_ldap_results(results)
             attributes_results.update(results[0][1])
@@ -1228,13 +1234,14 @@ class LDAPBackend(object):
     def get_ldap_attributes(cls, block, conn, dn):
         """Retrieve some attributes from LDAP, add mandatory values then apply
         defined mappings between atrribute names"""
+        ldap_uri = conn.get_option(ldap.OPT_URI)
         attributes = cls.get_ldap_attributes_names(block)
         attribute_mappings = map_text(block['attribute_mappings'])
         mandatory_attributes_values = map_text(block['mandatory_attributes_values'])
         try:
             results = conn.search_s(dn, ldap.SCOPE_BASE, '(objectclass=*)', attributes)
         except ldap.LDAPError as e:
-            log.error('unable to retrieve attributes of dn %r: %r', dn, e)
+            log.error('[%s] unable to retrieve attributes of dn %r: %r', ldap_uri, dn, e)
             return None
         else:
             results = cls.normalize_ldap_results(results)
@@ -1527,11 +1534,10 @@ class LDAPBackend(object):
 
     @classmethod
     def get_users(cls):
-        logger = logging.getLogger(__name__)
         for block in cls.get_config():
             conn = cls.get_connection(block)
             if conn is None:
-                logger.warning(u'unable to synchronize with LDAP servers %s', force_text(block['url']))
+                log.warning(u'unable to synchronize with LDAP servers %s', force_text(block['url']))
                 continue
             cls.check_group_to_role_mappings(block)
             user_basedn = force_text(block.get('user_basedn') or block['basedn'])