From 26f3275361a8233edd63dd0910651192cdb1fd9e Mon Sep 17 00:00:00 2001
From: Jens L <jens.langhammer@beryju.org>
Date: Fri, 24 Feb 2023 11:39:43 +0100
Subject: [PATCH] sources/ldap: improve error handling for password complexity
 (#4780)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/sources/ldap/password.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/authentik/sources/ldap/password.py b/authentik/sources/ldap/password.py
index df210939e..42946abf3 100644
--- a/authentik/sources/ldap/password.py
+++ b/authentik/sources/ldap/password.py
@@ -71,10 +71,13 @@ class LDAPPasswordChanger:
         except (LDAPAttributeError, KeyError, IndexError):
             return False
         raw_pwd_properties = root_attrs.get("attributes", {}).get("pwdProperties", None)
-        if raw_pwd_properties is None:
+        if not raw_pwd_properties:
             return False
 
-        pwd_properties = PwdProperties(raw_pwd_properties)
+        try:
+            pwd_properties = PwdProperties(raw_pwd_properties)
+        except ValueError:
+            return False
         if PwdProperties.DOMAIN_PASSWORD_COMPLEX in pwd_properties:
             return True