ldap: include server address in error logs (#55383)
This commit is contained in:
parent
2928bbf704
commit
31f25ccc01
|
@ -437,7 +437,7 @@ class LDAPUser(User):
|
|||
try:
|
||||
password = force_text(crypto.aes_base64_decrypt(settings.SECRET_KEY, password))
|
||||
except crypto.DecryptionError:
|
||||
logging.getLogger(__name__).error('unable to decrypt a stored LDAP password')
|
||||
log.error('unable to decrypt a stored LDAP password')
|
||||
self.keep_password_in_session(None)
|
||||
password = None
|
||||
else:
|
||||
|
@ -755,7 +755,9 @@ class LDAPBackend(object):
|
|||
try:
|
||||
query = filter_format(user_filter, (username,) * n)
|
||||
except TypeError as e:
|
||||
log.error('user_filter syntax error %r: %s', block['user_filter'], e)
|
||||
log.error(
|
||||
'[%s] user_filter syntax error %r: %s', ldap_uri, block['user_filter'], e
|
||||
)
|
||||
return
|
||||
log.debug(
|
||||
'[%s] looking up dn for username %r using query %r', ldap_uri, username, query
|
||||
|
@ -827,14 +829,15 @@ class LDAPBackend(object):
|
|||
continue
|
||||
except ldap.NO_SUCH_OBJECT:
|
||||
# should not happen as we just searched for this object !
|
||||
log.error('user bind failed: authz_id not found %r', ', '.join(authz_ids))
|
||||
log.error('[%s] user bind failed: authz_id not found %r', ldap_uri, ', '.join(authz_ids))
|
||||
if block['replicas']:
|
||||
break
|
||||
return self._return_user(authz_id, password, conn, block)
|
||||
except ldap.CONNECT_ERROR:
|
||||
log.error(
|
||||
'connection to %r failed, did you forget to declare the TLS certificate '
|
||||
'[%s] connection to %r failed, did you forget to declare the TLS certificate '
|
||||
'in /etc/ldap/ldap.conf ?',
|
||||
ldap_uri,
|
||||
block['url'],
|
||||
)
|
||||
except ldap.TIMEOUT:
|
||||
|
@ -992,6 +995,7 @@ class LDAPBackend(object):
|
|||
"""Retrieve group DNs from the LDAP by attributes (memberOf) or by
|
||||
filter.
|
||||
"""
|
||||
ldap_uri = conn.get_option(ldap.OPT_URI)
|
||||
group_base_dn = block['group_basedn'] or block['basedn']
|
||||
member_of_attribute = block['member_of_attribute']
|
||||
group_filter = block['group_filter']
|
||||
|
@ -1009,7 +1013,7 @@ class LDAPBackend(object):
|
|||
except ldap.NO_SUCH_OBJECT:
|
||||
pass
|
||||
except ldap.TIMEOUT:
|
||||
log.error('connection timed out while retrieving group DNs')
|
||||
log.error('[%s] connection timed out while retrieving group DNs', ldap_uri)
|
||||
else:
|
||||
group_dns.update(dn for dn, attrs in results)
|
||||
return group_dns
|
||||
|
@ -1180,11 +1184,13 @@ class LDAPBackend(object):
|
|||
|
||||
@classmethod
|
||||
def get_ppolicy_attributes(cls, block, conn, dn):
|
||||
ldap_uri = conn.get_option(ldap.OPT_URI)
|
||||
|
||||
def get_attributes(dn, attributes):
|
||||
try:
|
||||
results = conn.search_s(dn, ldap.SCOPE_BASE, u'(objectclass=*)', attributes)
|
||||
except ldap.LDAPError as e:
|
||||
log.error('unable to retrieve attributes of dn %r: %r', dn, e)
|
||||
log.error('[%s] unable to retrieve attributes of dn %r: %r', ldap_uri, dn, e)
|
||||
return {}
|
||||
results = cls.normalize_ldap_results(results)
|
||||
attributes_results.update(results[0][1])
|
||||
|
@ -1228,13 +1234,14 @@ class LDAPBackend(object):
|
|||
def get_ldap_attributes(cls, block, conn, dn):
|
||||
"""Retrieve some attributes from LDAP, add mandatory values then apply
|
||||
defined mappings between atrribute names"""
|
||||
ldap_uri = conn.get_option(ldap.OPT_URI)
|
||||
attributes = cls.get_ldap_attributes_names(block)
|
||||
attribute_mappings = map_text(block['attribute_mappings'])
|
||||
mandatory_attributes_values = map_text(block['mandatory_attributes_values'])
|
||||
try:
|
||||
results = conn.search_s(dn, ldap.SCOPE_BASE, '(objectclass=*)', attributes)
|
||||
except ldap.LDAPError as e:
|
||||
log.error('unable to retrieve attributes of dn %r: %r', dn, e)
|
||||
log.error('[%s] unable to retrieve attributes of dn %r: %r', ldap_uri, dn, e)
|
||||
return None
|
||||
else:
|
||||
results = cls.normalize_ldap_results(results)
|
||||
|
@ -1527,11 +1534,10 @@ class LDAPBackend(object):
|
|||
|
||||
@classmethod
|
||||
def get_users(cls):
|
||||
logger = logging.getLogger(__name__)
|
||||
for block in cls.get_config():
|
||||
conn = cls.get_connection(block)
|
||||
if conn is None:
|
||||
logger.warning(u'unable to synchronize with LDAP servers %s', force_text(block['url']))
|
||||
log.warning(u'unable to synchronize with LDAP servers %s', force_text(block['url']))
|
||||
continue
|
||||
cls.check_group_to_role_mappings(block)
|
||||
user_basedn = force_text(block.get('user_basedn') or block['basedn'])
|
||||
|
|
Loading…
Reference in New Issue