From 8f54d50cc5271a9a6eebd66f17d8ab20d61b7f71 Mon Sep 17 00:00:00 2001
From: Sistason <c3infra@sistason.de>
Date: Sat, 13 Mar 2021 14:13:19 +0100
Subject: [PATCH] when using connect_and_bind_to_ldap directly, handle the
 LDAPBINDError

also, don't request ldap3.ALL for a simple bind and forget connection
---
 uffd/session/views.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/uffd/session/views.py b/uffd/session/views.py
index b401563e..3b5027ee 100644
--- a/uffd/session/views.py
+++ b/uffd/session/views.py
@@ -33,9 +33,11 @@ def login_get_user(loginname, password):
 	else:
 		# When using a LDAP service connection, try bind with separate user connection
 		if current_app.config['LDAP_SERVICE_BIND_DN']:
-			server = ldap3.Server(current_app.config["LDAP_SERVICE_URL"], get_info=ldap3.ALL)
+			server = ldap3.Server(current_app.config["LDAP_SERVICE_URL"])
 			try:
 				conn = connect_and_bind_to_ldap(server, dn, password)
+				if conn is None:
+					raise LDAPBindError
 			except (LDAPBindError, LDAPPasswordIsMandatoryError):
 				return None
 		else:
-- 
GitLab