Module: check_mk
Branch: master
Commit: f217fed3ef723dcc4d802e2ba81c8e10bbe002b2
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f217fed3ef723d…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jan 14 16:29:31 2013 +0100
LDAP: Improved error handling in case of misconfigurations
---
ChangeLog | 1 +
web/plugins/userdb/ldap.py | 9 +++++++++
2 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 06a6832..0239d36 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,7 @@
* FIX: LDAP: Fixed problem with special chars in LDAP queries when having
contactgroup sync plugin enabled
* LDAP: Role sync plugin validates the given group DNs with the group base dn now
+ * LDAP: Improved error handling in case of misconfigurations
1.2.1i4:
Core:
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index cecafc7..0742ee2 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -200,6 +200,12 @@ def ldap_search(base, filt = '(objectclass=*)', columns = [],
scope = None):
for key, val in obj.iteritems():
new_obj[key.lower().decode('utf-8')] = [
i.decode('utf-8') for i in val ]
result.append((dn, new_obj))
+ except ldap.NO_SUCH_OBJECT, e:
+ raise MKLDAPException(_('The given base object "%s" does not exist
in LDAP (%s))') % (base, e))
+
+ except ldap.FILTER_ERROR, e:
+ raise MKLDAPException(_('The given ldap filter "%s" is invalid
(%s)') % (filt, e))
+
except ldap.SIZELIMIT_EXCEEDED:
raise MKLDAPException(_('The response reached a size limit. This could be due
to '
'a sizelimit configuration on the LDAP server.<br
/>Throwing away the '
@@ -271,6 +277,9 @@ def ldap_get_users(add_filter = None):
result = {}
for dn, ldap_user in
ldap_search(ldap_replace_macros(config.ldap_userspec['dn']),
filt, columns = columns):
+ if ldap_user_id_attr() not in ldap_user:
+ raise MKLDAPException(_('The configured User-ID attribute "%s"
does not '
+ 'exist for the user "%s"') %
(ldap_user_id_attr(), dn))
user_id = ldap_user[ldap_user_id_attr()][0]
result[user_id] = ldap_user