LDAP auth: protect LDAP search with a try: .. except clause

Make sure to catch exceptions when searching for the user in LDAP, log as error and fail gracefully by declining login.
2025-08-01 18:18:31 +00:00 · 2025-07-20 13:58:37 +02:00 · 2025-07-20 13:58:37 +02:00 · be3d58c55d
commit be3d58c55d
parent 72002958cc
1 changed files with 10 additions and 6 deletions
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@ -233,12 +233,16 @@ class Auth(auth.BaseAuth):
        """Search the user dn"""
        escaped_login = self.ldap3.utils.conv.escape_filter_chars(login)
        logger.debug(f"_login3 login escaped for LDAP filters: {escaped_login}")
-        conn.search(
-            search_base=self._ldap_base,
-            search_filter=self._ldap_filter.format(escaped_login),
-            search_scope=self.ldap3.SUBTREE,
-            attributes=self._ldap_attributes
-        )
+        try:
+            conn.search(
+                search_base=self._ldap_base,
+                search_filter=self._ldap_filter.format(escaped_login),
+                search_scope=self.ldap3.SUBTREE,
+                attributes=self._ldap_attributes
+            )
+        except Exception as e:
+            logger.error(f"_login3 LDAP search for {login} failed: {e}")
+            return ""
        if len(conn.entries) != 1:
            """User could not be found unambiguously"""
            logger.debug(f"_login3 no unique DN found for '{login}'")