Project

General

Profile

Development #57733

crash LDAP sur changement de mot de passe

Added by Frédéric Péters 14 days ago. Updated 6 days ago.

Status:
Solution proposée
Priority:
Normal
Category:
-
Target version:
-
Start date:
11 Oct 2021
Due date:
% Done:

0%

Estimated time:
Patch proposed:
Yes
Planning:
No

Description

Internal Server Error: /accounts/password/change/

UNWILLING_TO_PERFORM at /accounts/password/change/
{'desc': 'Server is unwilling to perform', 'info': '00002077: SvcErr: DSID-03190F4C, problem 5003 (WILL_NOT_PERFORM), data 0\n'}

Request Method: POST
Request URL: https://.../accounts/password/change/

File "/usr/lib/python3/dist-packages/django/contrib/auth/forms.py" in save
  353.         self.user.set_password(password)

File "/usr/lib/python3/dist-packages/authentic2/backends/ldap_backend.py" in set_password
  479.                 self.ldap_backend.modify_password(conn, self.block, self.dn, _current_password, new_password)

File "/usr/lib/python3/dist-packages/authentic2/backends/ldap_backend.py" in modify_password
  1658.             conn.modify_s(dn, modlist)

File "/usr/lib/python3/dist-packages/authentic2/backends/ldap_backend.py" in modify_s
  149.             return NativeLDAPObject.modify_s(self, dn, new_modlist)

File "/usr/lib/python3/dist-packages/ldap/ldapobject.py" in modify_s
  629.     return self.modify_ext_s(dn,modlist,None,None)

File "/usr/lib/python3/dist-packages/ldap/ldapobject.py" in modify_ext_s
  1253.     return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs)

File "/usr/lib/python3/dist-packages/ldap/ldapobject.py" in _apply_method_s
  1197.       return func(self,*args,**kwargs)

File "/usr/lib/python3/dist-packages/ldap/ldapobject.py" in modify_ext_s
  602.     resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

File "/usr/lib/python3/dist-packages/ldap/ldapobject.py" in result3
  749.       resp_ctrl_classes=resp_ctrl_classes

File "/usr/lib/python3/dist-packages/authentic2/backends/ldap_backend.py" in result4
  176.                 resp_ctrl_classes=resp_ctrl_classes,

File "/usr/lib/python3/dist-packages/ldap/ldapobject.py" in result4
  756.     ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

File "/usr/lib/python3/dist-packages/ldap/ldapobject.py" in _ldap_call
  329.         reraise(exc_type, exc_value, exc_traceback)

File "/usr/lib/python3/dist-packages/ldap/compat.py" in reraise
  44.         raise exc_value

File "/usr/lib/python3/dist-packages/ldap/ldapobject.py" in _ldap_call
  313.         result = func(*args,**kwargs)

On doit mettre user_can_change_password à False pour ne pas que la modification de mot de passe soit proposée mais ça serait idéal de ne pas crasher.

(il y a déjà eu #20731 sur le sujet).


Files

History

#1

Updated by Valentin Deniaud 11 days ago

  • Assignee set to Valentin Deniaud
#2

Updated by Valentin Deniaud 11 days ago

#3

Updated by Benjamin Dauvergne 11 days ago

  • Status changed from Solution proposée to En cours

Pour l'exception prendre une classe plus large, ldap.LDAPError, et rapporter l'erreur dans le log, chaque serveur LDAP ayant un peu tendance à sortir l'erreur qui lui plaît.

--

Pour rendre la chose un peu visible à l'utilisateur, lever une exception nouvelle PasswordChangeError(_('LDAP directory refused the password change')) à récupérer dans authentic2.views.PasswordChange.form_valid() pour afficher un message (pas la peine de le faire pour la vue BO équivalente elle n'est pas capable de changer un mot de passe LDAP).

Also available in: Atom PDF