[checkmk-commits] Check_MK Git: check_mk: FIX LDAP: Improved error messages of LDAP configuration test

Module: check_mk Branch: master Commit: 583ca16f849c633f5f7696c0a9b7ac3816fc675f URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=583ca16f849c63… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Dec 19 14:07:07 2013 +0100 FIX LDAP: Improved error messages of LDAP configuration test Replaced several internal exception / cryptic errors with (hopefully) better understandable error messages in LDAP configuration test dialog. --- .werks/392 | 11 +++++++++++ ChangeLog | 1 + web/htdocs/wato.py | 24 +++++++++++++++++++++++- web/plugins/config/builtin.py | 4 +++- web/plugins/userdb/ldap.py | 13 ++++++++++++- web/plugins/wato/check_mk_configuration.py | 3 ++- 6 files changed, 52 insertions(+), 4 deletions(-) diff --git a/.werks/392 b/.werks/392 new file mode 100644 index 0000000..bef9b79 --- /dev/null +++ b/.werks/392 @@ -0,0 +1,11 @@ +Title: LDAP: Improved error messages of LDAP configuration test +Level: 1 +Component: wato +Class: fix +State: unknown +Version: 1.2.5i1 +Date: 1387458361 +Targetversion: future + +Replaced several internal exception / cryptic errors with (hopefully) +better understandable error messages in LDAP configuration test dialog. diff --git a/ChangeLog b/ChangeLog index 56e4a11..e089e2f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -108,6 +108,7 @@ * 0385 FIX: Better error handling for invalid service regex in rule conditions... * 0389 FIX: Showing LDAP settings on site specific global settings page now... * 0400 FIX: WATO BI editor now supports percentages for count_ok... + * 0392 FIX: LDAP: Improved error messages of LDAP configuration test... Notifications: * 0362 sms: now searching PATH for sendsms and smssend commands... diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index bb10448..c896f93 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -6096,8 +6096,13 @@ def mode_ldap_config(phase): userdb.ldap_connect(enforce_new = True, enforce_server = address) if userdb.ldap_user_base_dn_exists(): return (True, _('The User Base DN could be found.')) + elif userdb.ldap_bind_credentials_configured(): + return (False, _('The User Base DN could not be found. Maybe the provided ' + 'user (provided via bind credentials) has no permission to ' + 'access the Base DN or the credentials are wrong.')) else: - return (False, _('The User Base DN could not be found.')) + return (False, _('The User Base DN could not be found. Seems you need ' + 'to configure proper bind credentials.')) def test_user_count(address): userdb.ldap_connect(enforce_new = True, enforce_server = address) @@ -6107,12 +6112,21 @@ def mode_ldap_config(phase): except Exception, e: ldap_users = None msg = str(e) + if 'successful bind must be completed' in msg: + if not userdb.ldap_bind_credentials_configured(): + return (False, _('Please configure proper bind credentials.')) + else: + return (False, _('Maybe the provided user (provided via bind credentials) has not ' + 'enough permissions or the credentials are wrong.')) + if ldap_users and len(ldap_users) > 0: return (True, _('Found %d users for synchronization.') % len(ldap_users)) else: return (False, msg) def test_group_base_dn(address): + if not userdb.ldap_group_base_dn_configured(): + return (False, _('The Group Base DN is not configured, not fetching any groups.')) userdb.ldap_connect(enforce_new = True, enforce_server = address) if userdb.ldap_group_base_dn_exists(): return (True, _('The Group Base DN could be found.')) @@ -6120,6 +6134,8 @@ def mode_ldap_config(phase): return (False, _('The Group Base DN could not be found.')) def test_group_count(address): + if not userdb.ldap_group_base_dn_configured(): + return (False, _('The Group Base DN is not configured, not fetching any groups.')) userdb.ldap_connect(enforce_new = True, enforce_server = address) try: ldap_groups = userdb.ldap_get_groups() @@ -6127,6 +6143,12 @@ def mode_ldap_config(phase): except Exception, e: ldap_groups = None msg = str(e) + if 'successful bind must be completed' in msg: + if not userdb.ldap_bind_credentials_configured(): + return (False, _('Please configure proper bind credentials.')) + else: + return (False, _('Maybe the provided user (provided via bind credentials) has not ' + 'enough permissions or the credentials are wrong.')) if ldap_groups and len(ldap_groups) > 0: return (True, _('Found %d groups for synchronization.') % len(ldap_groups)) else: diff --git a/web/plugins/config/builtin.py b/web/plugins/config/builtin.py index bec88d0..8881a22 100644 --- a/web/plugins/config/builtin.py +++ b/web/plugins/config/builtin.py @@ -214,7 +214,9 @@ escape_plugin_output = True user_connectors = ['htpasswd'] userdb_automatic_sync = [ 'wato_users', 'page', 'wato_pre_activate_changes', 'wato_snapshot_pushed' ] -ldap_connection = {} +ldap_connection = { + 'page_size' : 1000, +} ldap_userspec = { 'scope' : 'sub', 'user_id_umlauts' : 'replace', diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py index ca1fd6c..24dd484 100644 --- a/web/plugins/userdb/ldap.py +++ b/web/plugins/userdb/ldap.py @@ -435,6 +435,12 @@ def ldap_user_id_attr(): def ldap_member_attr(): return config.ldap_groupspec.get('member', ldap_attr('member')) +def ldap_bind_credentials_configured(): + return config.ldap_connection.get('bind', ('', ''))[0] != '' + +def ldap_group_base_dn_configured(): + return config.ldap_groupspec.get('dn', '') != '' + def ldap_user_base_dn_exists(): try: result = ldap_search(ldap_replace_macros(config.ldap_userspec['dn']), columns = ['dn'], scope = 'base') @@ -524,10 +530,15 @@ def ldap_get_users(add_filter = ''): return result def ldap_group_base_dn_exists(): + group_base_dn = ldap_replace_macros(config.ldap_groupspec['dn']) + if not group_base_dn: + return False + try: - result = ldap_search(ldap_replace_macros(config.ldap_groupspec['dn']), columns = ['dn'], scope = 'base') + result = ldap_search(group_base_dn, columns = ['dn'], scope = 'base') except Exception, e: return False + if not result: return False else: diff --git a/web/plugins/wato/check_mk_configuration.py b/web/plugins/wato/check_mk_configuration.py index f7b0a1a..7c75551 100644 --- a/web/plugins/wato/check_mk_configuration.py +++ b/web/plugins/wato/check_mk_configuration.py @@ -615,7 +615,7 @@ register_configvar(group, help = _("LDAP searches can be performed in paginated mode, for example to improve " "the performance. This enables pagination and configures the size of the pages."), minvalue = 1, - default_value = 100, + default_value = 1000, )), ("response_timeout", Integer( title = _("Response Timeout (sec)"), @@ -625,6 +625,7 @@ register_configvar(group, )), ], optional_keys = ['no_persistent', 'use_ssl', 'bind', 'page_size', 'response_timeout', 'failover_servers'], + default_keys = ['page_size'] ), domain = "multisite", in_global_settings = False,