sources/ldap: log full exception when user password set fails (#5678)

* sources/ldap: log full exception when user password set fails

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update authentik/sources/ldap/auth.py

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
Jens L 2023-05-18 19:00:17 +02:00 committed by GitHub
parent 6cf7a72831
commit 9c69f67778
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 5 deletions

View file

@ -55,7 +55,7 @@ class LDAPBackend(InbuiltBackend):
"""Attempt authentication by binding to the LDAP server as `user`. This
method should be avoided as its slow to do the bind."""
# Try to bind as new user
LOGGER.debug("Attempting Binding as user", user=user)
LOGGER.debug("Attempting to bind as user", user=user)
try:
temp_connection = source.connection(
connection_kwargs={
@ -65,8 +65,8 @@ class LDAPBackend(InbuiltBackend):
)
temp_connection.bind()
return user
except LDAPInvalidCredentialsResult as exception:
LOGGER.debug("LDAPInvalidCredentialsResult", user=user, error=exception)
except LDAPException as exception:
LOGGER.warning(exception)
except LDAPInvalidCredentialsResult as exc:
LOGGER.debug("invalid LDAP credentials", user=user, exc=exc)
except LDAPException as exc:
LOGGER.warning("failed to bind to LDAP", exc=exc)
return None

View file

@ -6,6 +6,7 @@ from django.dispatch import receiver
from django.utils.translation import gettext_lazy as _
from ldap3.core.exceptions import LDAPOperationResult
from rest_framework.serializers import ValidationError
from structlog.stdlib import get_logger
from authentik.core.models import User
from authentik.core.signals import password_changed
@ -20,6 +21,8 @@ from authentik.sources.ldap.sync.users import UserLDAPSynchronizer
from authentik.sources.ldap.tasks import ldap_sync
from authentik.stages.prompt.signals import password_validate
LOGGER = get_logger()
@receiver(post_save, sender=LDAPSource)
def sync_ldap_source_on_save(sender, instance: LDAPSource, **_):
@ -67,6 +70,7 @@ def ldap_sync_password(sender, user: User, password: str, **_):
try:
changer.change_password(user, password)
except LDAPOperationResult as exc:
LOGGER.warning("failed to set LDAP password", exc=exc)
Event.new(
EventAction.CONFIGURATION_ERROR,
message=(