From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 3 Nov 2015 22:02:04 +0000 (-0500)
Subject: Be more verbose when logging errors in info LDAP plugin
X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=commitdiff_plain;h=7ba361e006e7cc178132a103fc62403409689516

Be more verbose when logging errors in info LDAP plugin

The infoldap plugin was logging raw exceptions but not providing
any context to them.

This breaks some of the calls into separate try/except to provide
more precise failure reasons.

Also fix a typo in the authldap plugin and handle ValueError
when validating the template syntax.

https://fedorahosted.org/ipsilon/ticket/39

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: John Dennis <jdennis@redhat.com>
---

diff --git a/ipsilon/info/infoldap.py b/ipsilon/info/infoldap.py
index 66e8d50..a197157 100644
--- a/ipsilon/info/infoldap.py
+++ b/ipsilon/info/infoldap.py
@@ -139,25 +139,48 @@ Info plugin that uses LDAP to retrieve user data. """
         reply = dict()
         try:
             ldapattrs = self._get_user_data(conn, dn)
-            self.debug(ldapattrs)
+            self.debug('LDAP attrs for %s: %s' % (dn, ldapattrs))
             userattrs, extras = self.mapper.map_attributes(ldapattrs)
             groups = self._get_user_groups(conn, base, username)
             reply = userattrs
             reply['_groups'] = groups
             reply['_extras'] = {'ldap': extras}
         except Exception, e:  # pylint: disable=broad-except
-            self.error(e)
+            self.error('Error fetching/mapping LDAP user data: %s' % e)
 
         return reply
 
     def get_user_attrs(self, user):
         try:
-            conn = self._ldap_bind()
             dn = self.user_dn_tmpl % {'username': user}
+        except ValueError as e:
+            self.error(
+                'DN generation failed with template %s, user %s: %s'
+                % (self.user_dn_tmpl, user, e)
+            )
+            return {}
+        except Exception as e:  # pylint: disable=broad-except
+            self.error(
+                'Unhandled error generating DN from %s, user %s: %s'
+                % (self.user_dn_tmpl, user, e)
+            )
+            return {}
+
+        try:
+            conn = self._ldap_bind()
             base = self.base_dn
             return self.get_user_data_from_conn(conn, dn, base, user)
-        except Exception, e:  # pylint: disable=broad-except
-            self.error(e)
+        except ldap.LDAPError as e:
+            self.error(
+                'LDAP search failed for DN %s on base %s: %s' %
+                (dn, base, e)
+            )
+            return {}
+        except Exception as e:  # pylint: disable=broad-except
+            self.error(
+                'Unhandled LDAP error for DN %s on base %s: %s' %
+                (dn, base, e)
+            )
             return {}
 
 
diff --git a/ipsilon/login/authldap.py b/ipsilon/login/authldap.py
index 1986490..6e9afd3 100644
--- a/ipsilon/login/authldap.py
+++ b/ipsilon/login/authldap.py
@@ -233,7 +233,13 @@ class Installer(LoginManagerInstaller):
                 opts['ldap_bind_dn_template'] % {'username': 'test'}
             except KeyError:
                 logging.error(
-                    'Bind DN template does not container %(username)s'
+                    'Bind DN template does not contain %(username)s'
+                )
+                return False
+            except ValueError as e:
+                logging.error(
+                    'Invalid syntax in Bind DN template: %s ',
+                    e
                 )
                 return False
             config['bind dn template'] = opts['ldap_bind_dn_template']