entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 33 Releases Activity

ldap: add uniform reporting of exceptions (#61462)

This commit is contained in:
Frédéric Péters 2022-02-06 09:34:53 +01:00
parent ced3e83112
commit b8c499d892
1 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/authentic2/backends/ldap_backend.py
View File

@ -87,6 +87,10 @@ def filter_non_unicode_values(atvs):
pass
def ldap_error_str(e):
return repr(e) if not getattr(e, 'desc', None) else '%r - %s' % (e, e.desc)
class LDAPObject(NativeLDAPObject):
def __init__(
self,
@ -346,7 +350,7 @@ class LDAPUser(User):
except ldap.INVALID_CREDENTIALS:
return False
except ldap.LDAPError as e:
log.warning('ldap: check_password failed, %r', e)
log.warning('ldap: check_password failed (%s)', ldap_error_str(e))
log.warning('ldap: check_password failed, could not get a connection')
return False
@ -362,7 +366,7 @@ class LDAPUser(User):
try:
self.ldap_backend.modify_password(conn, self.block, self.dn, _current_password, new_password)
except ldap.LDAPError as e:
log.warning('ldap: set_password failed (%s)', type(e).__name__)
log.warning('ldap: set_password failed (%s)', ldap_error_str(e))
raise PasswordChangeError(_('LDAP directory refused the password change.'))
self._current_password = new_password
self.keep_password_in_session(new_password)
@ -674,7 +678,9 @@ class LDAPBackend:
break
continue
except ldap.LDAPError as e:
log.error('[%s] user lookup failed, with query %r: %r', ldap_uri, query, e)
log.error(
'[%s] user lookup failed, with query %r (%s)', ldap_uri, query, ldap_error_str(e)
)
continue
if not authz_ids:
continue
@ -1088,7 +1094,7 @@ class LDAPBackend:
try:
results = conn.search_s(dn, ldap.SCOPE_BASE, '(objectclass=*)', attributes)
except ldap.LDAPError as e:
log.error('[%s] unable to retrieve attributes of dn %r: %r', ldap_uri, dn, e)
log.error('[%s] unable to retrieve attributes of dn %r (%s)', ldap_uri, dn, ldap_error_str(e))
return {}
results = cls.normalize_ldap_results(results)
if results:
@ -1140,7 +1146,7 @@ class LDAPBackend:
try:
results = conn.search_s(dn, ldap.SCOPE_BASE, '(objectclass=*)', attributes)
except ldap.LDAPError as e:
log.error('[%s] unable to retrieve attributes of dn %r: %r', ldap_uri, dn, e)
log.error('[%s] unable to retrieve attributes of dn %r (%s)', ldap_uri, dn, ldap_error_str(e))
return None
else:
results = cls.normalize_ldap_results(results)
@ -1500,7 +1506,7 @@ class LDAPBackend:
count += 1
yield user
except ldap.LDAPError as e:
log.error('synchronization failed on an LDAP error: "%s"', e)
log.error('synchronization failed on an LDAP error (%s)', ldap_error_str(e))
user_filter = cls.get_sync_ldap_user_filter(block)
log.info('Search for %s returned %s users.', user_filter, count)
@ -1849,7 +1855,10 @@ class LDAPBackendPasswordLost(LDAPBackend):
dn = results[0][0]
except ldap.LDAPError as e:
log.warning(
'unable to find user %r based on external id %s: %r', user, external_id, e
'unable to find user %r based on external id %s (%s)',
user,
external_id,
ldap_error_str(e),
)
continue
return self._return_user(dn, None, conn, block)