[checkmk-commits] 4988 FIX LDAP: Improve error handling in case of authentication failures

12 Jul 2017

Module: check_mk
Branch: master
Commit: 8f63640815b74ad55516aaa75d9d9b2bbc60579e
URL:   
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8f63640815b74a…

Author: Lars Michelsen &lt;lm(a)mathias-kettner.de&gt;
Date:   Wed Jul 12 12:30:41 2017 +0200

4988 FIX LDAP: Improve error handling in case of authentication failures

Change-Id: I9a73fcd6fd80d6b007bea0a060c67424c42c912c

---

 .werks/4988                | 11 +++++++++++
 web/plugins/userdb/ldap.py |  6 ++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/.werks/4988 b/.werks/4988
new file mode 100644
index 0000000..12ab097
--- /dev/null
+++ b/.werks/4988
@@ -0,0 +1,11 @@
+Title: LDAP: Improve error handling in case of authentication failures
+Level: 1
+Component: multisite
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.5.0i1
+Date: 1499855423
+
+
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index d0776dc..65fd0a6 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -305,7 +305,7 @@ class LDAPUserConnector(UserConnector):
             conn = self._ldap_obj
         self.log('LDAP_BIND %s' % user_dn)
         try:
-            conn.simple_bind_s(user_dn, password)
+            conn.simple_bind_s(user_dn.encode("utf-8"), password)
             self.log('  SUCCESS')
         except ldap.LDAPError, e:
             self.log('  FAILED (%s: %s)' % (e.__class__.__name__, e))
@@ -468,7 +468,7 @@ class LDAPUserConnector(UserConnector):
                         for key, val in obj.iteritems():
                             # Convert all keys to lower case!
                             new_obj[key.lower().decode('utf-8')] = [
i.decode('utf-8') for i in val ]
-                        result.append((dn.lower(), new_obj))
+                        result.append((dn.lower().decode('utf-8'), new_obj))
                     success = True
                 except ldap.NO_SUCH_OBJECT, e:
                     raise MKLDAPException(_('The given base object "%s"
does not exist in LDAP (%s))') % (base, e))
@@ -879,6 +879,8 @@ class LDAPUserConnector(UserConnector):
             self.bind(user_dn, password)
             result = username.encode('utf-8')
         except:
+            self.log("  Exception during authentication (User: %s): %s" %
+                                        (username, traceback.format_exc()))
             result = False
 
         self.default_bind(self._ldap_obj)


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[checkmk-commits] 4988 FIX LDAP: Improve error handling in case of authentication failures