From 0e0592e3b86ce09224fad12261ab021901331a2f Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Sat, 14 Dec 2024 09:02:36 +0100
Subject: [PATCH 1/3] extend copyright

---
 radicale/auth/ldap.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/radicale/auth/ldap.py b/radicale/auth/ldap.py
index a8e94794..a4c8f38c 100644
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@@ -1,5 +1,6 @@
 # This file is part of Radicale - CalDAV and CardDAV server
-# Copyright 2022 Peter Varkoly
+# Copyright © 2022-2024 Peter Varkoly
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

From 46acbfd9876b74fd4b02ad48cdb8a1adb48b1239 Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Sat, 14 Dec 2024 09:04:15 +0100
Subject: [PATCH 2/3] Improve: auth.ldap config shown on startup, terminate in
 case no password is supplied for bind user

---
 CHANGELOG.md          |  1 +
 radicale/auth/ldap.py | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cce047e0..80845b21 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@
 * Fix: also remove 'item' from cache on delete
 * Improve: avoid automatically invalid cache on upgrade in case no change on cache structure
 * Improve: log important module versions on startup
+* Improve: auth.ldap config shown on startup, terminate in case no password is supplied for bind user
 
 ## 3.3.1
 
diff --git a/radicale/auth/ldap.py b/radicale/auth/ldap.py
index a4c8f38c..b70affb9 100644
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@@ -79,6 +79,30 @@ class Auth(auth.BaseAuth):
                     self._ldap_ssl_verify_mode = ssl.CERT_NONE
                 elif tmp == "OPTIONAL":
                     self._ldap_ssl_verify_mode = ssl.CERT_OPTIONAL
+        logger.info("auth.ldap_uri             : %r" % self._ldap_uri)
+        logger.info("auth.ldap_base            : %r" % self._ldap_base)
+        logger.info("auth.ldap_reader_dn       : %r" % self._ldap_reader_dn)
+        logger.info("auth.ldap_load_groups     : %s" % self._ldap_load_groups)
+        logger.info("auth.ldap_filter          : %r" % self._ldap_filter)
+        if ldap_secret_file_path:
+            logger.info("auth.ldap_secret_file_path: %r" % ldap_secret_file_path)
+            if self._ldap_secret:
+                logger.info("auth.ldap_secret          : (from file)")
+        else:
+            logger.info("auth.ldap_secret_file_path: (not provided)")
+            if self._ldap_secret:
+                logger.info("auth.ldap_secret          : (from config)")
+        if self._ldap_reader_dn and not self._ldap_secret:
+            logger.error("auth.ldap_secret         : (not provided)")
+            raise RuntimeError("LDAP authentication requires ldap_secret for reader_dn")
+        logger.info("auth.ldap_use_ssl         : %s" % self._ldap_use_ssl)
+        if self._ldap_use_ssl is True:
+            logger.info("auth.ldap_ssl_verify_mode : %s" % self._ldap_ssl_verify_mode)
+            if self._ldap_ssl_ca_file:
+                logger.info("auth.ldap_ssl_ca_file     : %r" % self._ldap_ssl_ca_file)
+            else:
+                logger.info("auth.ldap_ssl_ca_file     : (not provided)")
+
 
     def _login2(self, login: str, password: str) -> str:
         try:

From 886f4ee8d05612eaa608a5956296dda8835e0ad0 Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Sat, 14 Dec 2024 09:09:36 +0100
Subject: [PATCH 3/3] make tox happy

---
 radicale/auth/ldap.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/radicale/auth/ldap.py b/radicale/auth/ldap.py
index b70affb9..2db88c95 100644
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@@ -103,7 +103,6 @@ class Auth(auth.BaseAuth):
             else:
                 logger.info("auth.ldap_ssl_ca_file     : (not provided)")
 
-
     def _login2(self, login: str, password: str) -> str:
         try:
             """Bind as reader dn"""