mirror of
https://github.com/Kozea/Radicale.git
synced 2025-08-01 18:18:31 +00:00
LDAP auth: protect LDAP search with a try: .. except clause
Make sure to catch exceptions when searching for the user in LDAP, log as error and fail gracefully by declining login.
This commit is contained in:
parent
72002958cc
commit
be3d58c55d
1 changed files with 10 additions and 6 deletions
|
@ -233,12 +233,16 @@ class Auth(auth.BaseAuth):
|
|||
"""Search the user dn"""
|
||||
escaped_login = self.ldap3.utils.conv.escape_filter_chars(login)
|
||||
logger.debug(f"_login3 login escaped for LDAP filters: {escaped_login}")
|
||||
conn.search(
|
||||
search_base=self._ldap_base,
|
||||
search_filter=self._ldap_filter.format(escaped_login),
|
||||
search_scope=self.ldap3.SUBTREE,
|
||||
attributes=self._ldap_attributes
|
||||
)
|
||||
try:
|
||||
conn.search(
|
||||
search_base=self._ldap_base,
|
||||
search_filter=self._ldap_filter.format(escaped_login),
|
||||
search_scope=self.ldap3.SUBTREE,
|
||||
attributes=self._ldap_attributes
|
||||
)
|
||||
except Exception as e:
|
||||
logger.error(f"_login3 LDAP search for {login} failed: {e}")
|
||||
return ""
|
||||
if len(conn.entries) != 1:
|
||||
"""User could not be found unambiguously"""
|
||||
logger.debug(f"_login3 no unique DN found for '{login}'")
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue