Merge pull request #1832 from marschap/protect-search

LDAP auth: protect LDAP search with a try: .. except clause
2025-09-15 20:36:55 +00:00 · 2025-07-20 20:18:52 +02:00 · 2025-07-20 20:18:52 +02:00 · 6c26f1f24f
commit 6c26f1f24f
parent bb84b62c4a be3d58c55d
1 changed files with 10 additions and 6 deletions
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@ -233,12 +233,16 @@ class Auth(auth.BaseAuth):
        """Search the user dn"""
        escaped_login = self.ldap3.utils.conv.escape_filter_chars(login)
        logger.debug(f"_login3 login escaped for LDAP filters: {escaped_login}")
+        try:
            conn.search(
                search_base=self._ldap_base,
                search_filter=self._ldap_filter.format(escaped_login),
                search_scope=self.ldap3.SUBTREE,
                attributes=self._ldap_attributes
            )
+        except Exception as e:
+            logger.error(f"_login3 LDAP search for {login} failed: {e}")
+            return ""
        if len(conn.entries) != 1:
            """User could not be found unambiguously"""
            logger.debug(f"_login3 no unique DN found for '{login}'")