oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-08-01 18:18:31 +00:00
Code Wiki Activity

LDAP auth: protect LDAP search with a try: .. except clause

Browse source 
Make sure to catch exceptions when searching for the user in LDAP,
log as error and fail gracefully by declining login.
This commit is contained in:
Peter Marschall 2025-07-20 13:58:37 +02:00
parent 72002958cc
commit be3d58c55d
1 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

16
radicale/auth/ldap.py
View file

@ -233,12 +233,16 @@ class Auth(auth.BaseAuth):
"""Search the user dn""" """Search the user dn"""
escaped_login = self.ldap3.utils.conv.escape_filter_chars(login) escaped_login = self.ldap3.utils.conv.escape_filter_chars(login)
logger.debug(f"_login3 login escaped for LDAP filters: {escaped_login}") logger.debug(f"_login3 login escaped for LDAP filters: {escaped_login}")
conn.search( try:
search_base=self._ldap_base, conn.search(
search_filter=self._ldap_filter.format(escaped_login), search_base=self._ldap_base,
search_scope=self.ldap3.SUBTREE, search_filter=self._ldap_filter.format(escaped_login),
attributes=self._ldap_attributes search_scope=self.ldap3.SUBTREE,
) attributes=self._ldap_attributes
)
except Exception as e:
logger.error(f"_login3 LDAP search for {login} failed: {e}")
return ""
if len(conn.entries) != 1: if len(conn.entries) != 1:
"""User could not be found unambiguously""" """User could not be found unambiguously"""
logger.debug(f"_login3 no unique DN found for '{login}'") logger.debug(f"_login3 no unique DN found for '{login}'")