Re: [Kimchi-devel] [PATCHv3 3/8] Add LDAP authentication
On 2014年11月12日 23:19, Crístian Viana wrote:
On 10-11-2014 05:09, lvroyce(a)linux.vnet.ibm.com wrote:
> + try:
> + try:
> + result = connect.search_s(
> + ldap_search_base, ldap.SCOPE_SUBTREE,
> ldap_search_filter)
> + if len(result) == 0:
> + entity = ldap_search_filter % {'username':
> username}
> + raise ldap.LDAPError("Invalid ldap entity:%s" %
> entity)
> + except ldap.NO_SUCH_OBJECT:
> + # ldap search base specified wrongly.
> + raise ldap.LDAPError(
> + "invalid ldap search base %s" % ldap_search_base)
> +
> + try:
> + connect.bind_s(result[0][0], password)
> + except ldap.INVALID_CREDENTIALS:
> + # invalid user password
> + raise ldap.LDAPError("invalid user/passwd")
> + connect.unbind_s()
> + return True
> + except ldap.LDAPError, e:
> + arg = {"username": username, "code": e.message}
> + raise OperationFailed("KCHAUTH0001E", arg)
I think the code would look better without the external try/except block.
Do you
mean get them handled all by kimchi exception?
I've considered that, but like:
connect.search_s()
connect.bind_s()
connect.unbind_s()
all throw ldap.LDAPError, they also throw exception like:
ldap.INVALD_CREDENTIALS.
so if delete the external try/except, I need to add 3 excepts to each
operation.
You can see I do this because ldap lib does not handle all exception
with ldap.LDAPError.