add ldap3 explanations for errors

2024-10-31 19:44:16 +00:00 · 2021-12-23 12:32:36 +03:00 · 2021-12-23 12:32:36 +03:00 · 9e832c2612
commit 9e832c2612
parent 13f332c9a5
2 changed files with 7 additions and 7 deletions
--- a/webvirtcloud/ldapbackend.py
+++ b/webvirtcloud/ldapbackend.py
@ -12,14 +12,13 @@ try:
    class LdapAuthenticationBackend(ModelBackend):
         
        def get_LDAP_user(self, username, password, filterString):
-            print('get_LDAP_user')
+            print('get_LDAP_user {}'.format(username))
            try:
                server = Server(settings.LDAP_URL, port=settings.LDAP_PORT,
                    use_ssl=settings.USE_SSL,get_info=ALL)
                connection = Connection(server,
                                        settings.LDAP_MASTER_DN,
                                        settings.LDAP_MASTER_PW, auto_bind=True)
-
                connection.search(settings.LDAP_ROOT_DN, 
                    '(&({attr}={login})({filter}))'.format(
                        attr=settings.LDAP_USER_UID_PREFIX, 
@ -31,11 +30,10 @@ try:
                    return None
                specificUser = connection.response[0]
                userDn = str(specificUser.get('raw_dn'),'utf-8')
-                with Connection(server,
-                                        userDn,
-                                        password) as con:
+                with Connection(server, userDn, password) as con:
                    return username
-            except:
+            except Exception as e:
+                print("LDAP Exception: {}".format(e))
                return None
            return None
    
@ -50,6 +48,7 @@ try:
            if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_ADMINS) is None:
                 if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_STAFF) is None:
                      if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_USERS) is None:
+                          print("User does not belong to any search group. Check LDAP_SEARCH_GROUP_FILTER in settings.")
                          return None
                 else:
                      isStaff = True
@ -62,7 +61,7 @@ try:
                attributes = UserAttributes.objects.get(user=user)
                # TODO VERIFY
            except User.DoesNotExist:
-                print("authenticate-create new user")
+                print("authenticate-create new user: {}".format(username))
                user = User(username=username)
                user.is_active = True
                user.is_staff = isStaff
--- a/webvirtcloud/settings.py.template
+++ b/webvirtcloud/settings.py.template
@ -268,6 +268,7 @@ LDAP_MASTER_PW = ''
 LDAP_ROOT_DN = ''
 ## Queries to identify the users, i use groupOfUniqueNames on openldap

+### PLEASE BE SURE memberOf overlay is activated on slapd
 ## e.g. memberOf=cn=admins,cn=staff,cn=webvirtcloud,ou=groups,dc=kendar,dc=org
 LDAP_SEARCH_GROUP_FILTER_ADMINS = ''
 ## e.g. memberOf=cn=staff,cn=webvirtcloud,ou=groups,dc=kendar,dc=org