sources/ldap: log full exception when user password set fails (#5678)

* sources/ldap: log full exception when user password set fails Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Update authentik/sources/ldap/auth.py Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-05-18 19:00:17 +02:00 · 2023-05-18 19:00:17 +02:00 · 9c69f67778
parent 6cf7a72831
commit 9c69f67778
2 changed files with 9 additions and 5 deletions
--- a/authentik/sources/ldap/auth.py
+++ b/authentik/sources/ldap/auth.py
@ -55,7 +55,7 @@ class LDAPBackend(InbuiltBackend):
        """Attempt authentication by binding to the LDAP server as `user`. This
        method should be avoided as its slow to do the bind."""
        # Try to bind as new user
-        LOGGER.debug("Attempting Binding as user", user=user)
+        LOGGER.debug("Attempting to bind as user", user=user)
        try:
            temp_connection = source.connection(
                connection_kwargs={
@ -65,8 +65,8 @@ class LDAPBackend(InbuiltBackend):
            )
            temp_connection.bind()
            return user
-        except LDAPInvalidCredentialsResult as exception:
-            LOGGER.debug("LDAPInvalidCredentialsResult", user=user, error=exception)
-        except LDAPException as exception:
-            LOGGER.warning(exception)
+        except LDAPInvalidCredentialsResult as exc:
+            LOGGER.debug("invalid LDAP credentials", user=user, exc=exc)
+        except LDAPException as exc:
+            LOGGER.warning("failed to bind to LDAP", exc=exc)
        return None
--- a/authentik/sources/ldap/signals.py
+++ b/authentik/sources/ldap/signals.py
@ -6,6 +6,7 @@ from django.dispatch import receiver
 from django.utils.translation import gettext_lazy as _
 from ldap3.core.exceptions import LDAPOperationResult
 from rest_framework.serializers import ValidationError
+from structlog.stdlib import get_logger

 from authentik.core.models import User
 from authentik.core.signals import password_changed
@ -20,6 +21,8 @@ from authentik.sources.ldap.sync.users import UserLDAPSynchronizer
 from authentik.sources.ldap.tasks import ldap_sync
 from authentik.stages.prompt.signals import password_validate

+LOGGER = get_logger()
+

@receiver(post_save, sender=LDAPSource)
 def sync_ldap_source_on_save(sender, instance: LDAPSource, **_):
@ -67,6 +70,7 @@ def ldap_sync_password(sender, user: User, password: str, **_):
    try:
        changer.change_password(user, password)
    except LDAPOperationResult as exc:
+        LOGGER.warning("failed to set LDAP password", exc=exc)
        Event.new(
            EventAction.CONFIGURATION_ERROR,
            message=(