[Kimchi-devel] [PATCHv3 3/8] Add LDAP authentication
Royce Lv
lvroyce at linux.vnet.ibm.com
Thu Nov 13 07:44:15 UTC 2014
On 2014年11月12日 23:19, Crístian Viana wrote:
> On 10-11-2014 05:09, lvroyce at linux.vnet.ibm.com wrote:
>> + try:
>> + try:
>> + result = connect.search_s(
>> + ldap_search_base, ldap.SCOPE_SUBTREE,
>> ldap_search_filter)
>> + if len(result) == 0:
>> + entity = ldap_search_filter % {'username':
>> username}
>> + raise ldap.LDAPError("Invalid ldap entity:%s" %
>> entity)
>> + except ldap.NO_SUCH_OBJECT:
>> + # ldap search base specified wrongly.
>> + raise ldap.LDAPError(
>> + "invalid ldap search base %s" % ldap_search_base)
>> +
>> + try:
>> + connect.bind_s(result[0][0], password)
>> + except ldap.INVALID_CREDENTIALS:
>> + # invalid user password
>> + raise ldap.LDAPError("invalid user/passwd")
>> + connect.unbind_s()
>> + return True
>> + except ldap.LDAPError, e:
>> + arg = {"username": username, "code": e.message}
>> + raise OperationFailed("KCHAUTH0001E", arg)
>
> I think the code would look better without the external try/except block.
Do you mean get them handled all by kimchi exception?
I've considered that, but like:
connect.search_s()
connect.bind_s()
connect.unbind_s()
all throw ldap.LDAPError, they also throw exception like:
ldap.INVALD_CREDENTIALS.
so if delete the external try/except, I need to add 3 excepts to each
operation.
You can see I do this because ldap lib does not handle all exception
with ldap.LDAPError.
More information about the Kimchi-devel
mailing list