Module: check_mk
Branch: master
Commit: 8f63640815b74ad55516aaa75d9d9b2bbc60579e
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8f63640815b74a…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Jul 12 12:30:41 2017 +0200
4988 FIX LDAP: Improve error handling in case of authentication failures
Change-Id: I9a73fcd6fd80d6b007bea0a060c67424c42c912c
---
.werks/4988 | 11 +++++++++++
web/plugins/userdb/ldap.py | 6 ++++--
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/.werks/4988 b/.werks/4988
new file mode 100644
index 0000000..12ab097
--- /dev/null
+++ b/.werks/4988
@@ -0,0 +1,11 @@
+Title: LDAP: Improve error handling in case of authentication failures
+Level: 1
+Component: multisite
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.5.0i1
+Date: 1499855423
+
+
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index d0776dc..65fd0a6 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -305,7 +305,7 @@ class LDAPUserConnector(UserConnector):
conn = self._ldap_obj
self.log('LDAP_BIND %s' % user_dn)
try:
- conn.simple_bind_s(user_dn, password)
+ conn.simple_bind_s(user_dn.encode("utf-8"), password)
self.log(' SUCCESS')
except ldap.LDAPError, e:
self.log(' FAILED (%s: %s)' % (e.__class__.__name__, e))
@@ -468,7 +468,7 @@ class LDAPUserConnector(UserConnector):
for key, val in obj.iteritems():
# Convert all keys to lower case!
new_obj[key.lower().decode('utf-8')] = [
i.decode('utf-8') for i in val ]
- result.append((dn.lower(), new_obj))
+ result.append((dn.lower().decode('utf-8'), new_obj))
success = True
except ldap.NO_SUCH_OBJECT, e:
raise MKLDAPException(_('The given base object "%s"
does not exist in LDAP (%s))') % (base, e))
@@ -879,6 +879,8 @@ class LDAPUserConnector(UserConnector):
self.bind(user_dn, password)
result = username.encode('utf-8')
except:
+ self.log(" Exception during authentication (User: %s): %s" %
+ (username, traceback.format_exc()))
result = False
self.default_bind(self._ldap_obj)