On 2014年11月12日 23:19, Crístian Viana wrote:
On 10-11-2014 05:09, lvroyce@linux.vnet.ibm.com wrote:
+ try: + try: + result = connect.search_s( + ldap_search_base, ldap.SCOPE_SUBTREE, ldap_search_filter) + if len(result) == 0: + entity = ldap_search_filter % {'username': username} + raise ldap.LDAPError("Invalid ldap entity:%s" % entity) + except ldap.NO_SUCH_OBJECT: + # ldap search base specified wrongly. + raise ldap.LDAPError( + "invalid ldap search base %s" % ldap_search_base) + + try: + connect.bind_s(result[0][0], password) + except ldap.INVALID_CREDENTIALS: + # invalid user password + raise ldap.LDAPError("invalid user/passwd") + connect.unbind_s() + return True + except ldap.LDAPError, e: + arg = {"username": username, "code": e.message} + raise OperationFailed("KCHAUTH0001E", arg)
I think the code would look better without the external try/except block. Do you mean get them handled all by kimchi exception? I've considered that, but like: connect.search_s() connect.bind_s() connect.unbind_s() all throw ldap.LDAPError, they also throw exception like: ldap.INVALD_CREDENTIALS. so if delete the external try/except, I need to add 3 excepts to each operation. You can see I do this because ldap lib does not handle all exception with ldap.LDAPError.