From 9c69f677787a073505b5c1f5c4853fe8bf37444b Mon Sep 17 00:00:00 2001 From: Jens L Date: Thu, 18 May 2023 19:00:17 +0200 Subject: [PATCH] sources/ldap: log full exception when user password set fails (#5678) * sources/ldap: log full exception when user password set fails Signed-off-by: Jens Langhammer * Update authentik/sources/ldap/auth.py Co-authored-by: Tana M Berry Signed-off-by: Jens L. Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer Signed-off-by: Jens L. Co-authored-by: Tana M Berry --- authentik/sources/ldap/auth.py | 10 +++++----- authentik/sources/ldap/signals.py | 4 ++++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/authentik/sources/ldap/auth.py b/authentik/sources/ldap/auth.py index e312fd3fc..5cc21f991 100644 --- a/authentik/sources/ldap/auth.py +++ b/authentik/sources/ldap/auth.py @@ -55,7 +55,7 @@ class LDAPBackend(InbuiltBackend): """Attempt authentication by binding to the LDAP server as `user`. This method should be avoided as its slow to do the bind.""" # Try to bind as new user - LOGGER.debug("Attempting Binding as user", user=user) + LOGGER.debug("Attempting to bind as user", user=user) try: temp_connection = source.connection( connection_kwargs={ @@ -65,8 +65,8 @@ class LDAPBackend(InbuiltBackend): ) temp_connection.bind() return user - except LDAPInvalidCredentialsResult as exception: - LOGGER.debug("LDAPInvalidCredentialsResult", user=user, error=exception) - except LDAPException as exception: - LOGGER.warning(exception) + except LDAPInvalidCredentialsResult as exc: + LOGGER.debug("invalid LDAP credentials", user=user, exc=exc) + except LDAPException as exc: + LOGGER.warning("failed to bind to LDAP", exc=exc) return None diff --git a/authentik/sources/ldap/signals.py b/authentik/sources/ldap/signals.py index 32c622ded..e4279d40f 100644 --- a/authentik/sources/ldap/signals.py +++ b/authentik/sources/ldap/signals.py @@ -6,6 +6,7 @@ from django.dispatch import receiver from django.utils.translation import gettext_lazy as _ from ldap3.core.exceptions import LDAPOperationResult from rest_framework.serializers import ValidationError +from structlog.stdlib import get_logger from authentik.core.models import User from authentik.core.signals import password_changed @@ -20,6 +21,8 @@ from authentik.sources.ldap.sync.users import UserLDAPSynchronizer from authentik.sources.ldap.tasks import ldap_sync from authentik.stages.prompt.signals import password_validate +LOGGER = get_logger() + @receiver(post_save, sender=LDAPSource) def sync_ldap_source_on_save(sender, instance: LDAPSource, **_): @@ -67,6 +70,7 @@ def ldap_sync_password(sender, user: User, password: str, **_): try: changer.change_password(user, password) except LDAPOperationResult as exc: + LOGGER.warning("failed to set LDAP password", exc=exc) Event.new( EventAction.CONFIGURATION_ERROR, message=(