From 5365d733c734518b5c0d1a0d4026a59e173e0432 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 19 Oct 2017 16:05:40 +0200
Subject: [PATCH 2/3] ldap_backend: detect failure to create a username
 (#19482)

---
 src/authentic2/backends/ldap_backend.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/authentic2/backends/ldap_backend.py b/src/authentic2/backends/ldap_backend.py
index 7b87eaf..18f2d3a 100644
--- a/src/authentic2/backends/ldap_backend.py
+++ b/src/authentic2/backends/ldap_backend.py
@@ -459,8 +459,12 @@ class LDAPBackend(object):
     def create_username(self, block, attributes):
         '''Build a username using the configured template'''
         username_template = unicode(block['username_template'])
-        return username_template.format(realm=block['realm'],
-                                        **attributes)
+        try:
+            return username_template.format(realm=block['realm'], **attributes)
+        except KeyError as e:
+            log.warning('missing attribute %s to build the username', e.args[0])
+            # attributes are missing to build the username
+            return None
 
     def populate_user_attributes(self, user, block, attributes):
         for legacy_attribute, legacy_field in (('email', 'email_field'),
@@ -801,6 +805,8 @@ class LDAPBackend(object):
             return
         log.debug('retrieved attributes for %r: %r', dn, attributes)
         username = self.create_username(block, attributes)
+        if not username:
+            return
         return self._return_django_user(dn, username, password, conn, block, attributes)
 
     def _return_django_user(self, dn, username, password, conn, block, attributes):
-- 
2.1.4