diff --git a/data/users/externalldap.py b/data/users/externalldap.py index 1cfb61385..6e740a25a 100644 --- a/data/users/externalldap.py +++ b/data/users/externalldap.py @@ -274,7 +274,7 @@ class LDAPUsers(FederatedUsers): if err is not None: return (False, err) - if not list(it): + if not next(it, False): return (False, 'Group does not exist or is empty') return (True, None) @@ -301,24 +301,48 @@ class LDAPUsers(FederatedUsers): for user_search_dn in self._user_dns: # Conduct the initial search for users that are a member of the group. - if has_pagination: - msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, serverctrls=[lc], - attrlist=attributes) - else: - msgid = conn.search(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, attrlist=attributes) + logger.debug('Conducting LDAP search of DN: %s and filter %s', user_search_dn, search_flt) + try: + if has_pagination: + msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, + serverctrls=[lc], attrlist=attributes) + else: + msgid = conn.search(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, attrlist=attributes) + except ldap.LDAPError as lde: + logger.exception('Got error when trying to search %s with filter %s: %s', + user_search_dn, search_flt, lde.message) + break while True: - if has_pagination: - _, rdata, _, serverctrls = conn.result3(msgid) - else: - _, rdata = conn.result(msgid) + try: + if has_pagination: + _, rdata, _, serverctrls = conn.result3(msgid) + else: + _, rdata = conn.result(msgid) - # Yield any users found. - for userdata in rdata: - yield self._build_user_information(userdata[1]) + # Yield any users found. + found_results = 0 + for userdata in rdata: + found_results = found_results + 1 + yield self._build_user_information(userdata[1]) + + logger.debug('Found %s users in group %s; %s', found_results, user_search_dn, + search_flt) + except ldap.NO_SUCH_OBJECT as nsoe: + logger.debug('NSO when trying to lookup results of search %s with filter %s: %s', + user_search_dn, search_flt, nsoe.message) + except ldap.LDAPError as lde: + logger.exception('Error when trying to lookup results of search %s with filter %s: %s', + user_search_dn, search_flt, lde.message) + break + + # If no additional results, nothing more to do. + if not found_results: + break # If pagination is disabled, nothing more to do. if not has_pagination: + logger.debug('Pagination is disabled, no further queries') break # Filter down the controls with which the server responded, looking for the paging @@ -332,11 +356,13 @@ class LDAPUsers(FederatedUsers): # then conduct the next search. cookie = lc.cookie = pctrls[0].cookie if cookie: - msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, - serverctrls=[lc], attrlist=attributes) - continue + logger.debug('Pagination is supported for this LDAP server; trying next page') + msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, + serverctrls=[lc], attrlist=attributes) + continue else: # No additional results. + logger.debug('Pagination is supported for this LDAP server but on last page') break else: # Pagination is not supported.