diff --git a/nipap/nipap.conf.dist b/nipap/nipap.conf.dist index 25e9708d8..0f09964ab 100644 --- a/nipap/nipap.conf.dist +++ b/nipap/nipap.conf.dist @@ -113,7 +113,7 @@ db_path = /etc/nipap/local_auth.db ; path to SQLite database used # #basedn = ou=Users,dc=example,dc=com ; base DN #uri = ldaps://ldap.example.com ; LDAP server URI -#tls = False ; initiate TLS, use ldap:// +#tls = false ; initiate TLS, use ldap:// # # LDAP style #binddn_fmt = uid={},ou=Users,dc=example,dc=com @@ -209,4 +209,4 @@ secret_key = {{WWW_SECRET_KEY}} # Specify OTLP HTTP endpoint. Used to send traces to OpenTelemetry Collector but also used when proxying traces to OpenTelemetry-Collector from nipap-cli # otlp_http_endpoint=http://opentelemetry-collector:4318/v1/traces # Set sampler. Valid values are always_on, always_off, parentbased_always_on, parentbased_always_off, traceidratio and parentbased_traceidratio. Default is parentbased_always_on. -# otel_traces_sampler = always_on \ No newline at end of file +# otel_traces_sampler = always_on diff --git a/nipap/nipap/authlib.py b/nipap/nipap/authlib.py index 92fd12c73..07b812887 100644 --- a/nipap/nipap/authlib.py +++ b/nipap/nipap/authlib.py @@ -486,6 +486,10 @@ def __init__(self, name, username, password, authoritative_source, auth_options= self._logger.error('Unable to load Python ldap module, please verify it is installed') raise AuthError('Unable to authenticate') + # Avoid following referrals for now, as NIPAP doesn't support + # initializing a separate connection for them anyway. + ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF) + self._logger.debug('LDAP URI: ' + self._ldap_uri) self._ldap_conn = ldap.initialize(self._ldap_uri) @@ -578,7 +582,8 @@ def authenticate(self): self.readonly = True except ldap.LDAPError as exc: - raise AuthError(exc) + self._logger.error("Got LDAP error: %s", exc) + raise AuthError("LDAP server returned an error") except KeyError: raise AuthError('LDAP attribute missing') except IndexError: