vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add better debugging to LDAP

Browse source
This commit is contained in:
Joseph Schorr 2015-05-08 14:19:32 -04:00
parent 469f25b64c
commit f9c1f123c2
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
data/users.py
View file

@ -52,11 +52,15 @@ class LDAPUsers(object):
user_search_dn = ','.join(self._user_rdn + self._base_dn) user_search_dn = ','.join(self._user_rdn + self._base_dn)
query = u'(|({0}={2})({1}={2}))'.format(self._uid_attr, self._email_attr, query = u'(|({0}={2})({1}={2}))'.format(self._uid_attr, self._email_attr,
username_or_email) username_or_email)
logger.debug('Conducting user search: %s => %s', user_search_dn, query)
user = conn.search_s(user_search_dn, ldap.SCOPE_SUBTREE, query.encode('utf-8')) user = conn.search_s(user_search_dn, ldap.SCOPE_SUBTREE, query.encode('utf-8'))
logger.debug('Found user data: %s', user)
if len(user) != 1: if len(user) != 1:
return None return None
logger.debug('Found user: %s', user[0])
return user[0] return user[0]
def verify_user(self, username_or_email, password): def verify_user(self, username_or_email, password):
@ -75,10 +79,12 @@ class LDAPUsers(object):
found_dn, found_response = found_user found_dn, found_response = found_user
# First validate the password by binding as the user # First validate the password by binding as the user
logger.debug('Found user %s; validating password', username_or_email)
try: try:
with LDAPConnection(self._ldap_uri, found_dn, password.encode('utf-8')): with LDAPConnection(self._ldap_uri, found_dn, password.encode('utf-8')):
pass pass
except ldap.INVALID_CREDENTIALS: except ldap.INVALID_CREDENTIALS:
logger.exception('Invalid LDAP credentials')
return None return None
# Now check if we have a federated login for this user # Now check if we have a federated login for this user