From c37e16bd093b2682410c836b16ce8961937dabaa Mon Sep 17 00:00:00 2001 From: Jon Lockwood Date: Tue, 27 Jul 2021 11:42:30 +0930 Subject: [PATCH] feat(ldap): validate the user and group search path to prevent exceptions in other locations, validate the user and group search paths at the timeof input. issue #13738 PR-#13777 --- .../doctype/ldap_settings/ldap_settings.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/frappe/integrations/doctype/ldap_settings/ldap_settings.py b/frappe/integrations/doctype/ldap_settings/ldap_settings.py index 068f88d2a8..30e8a82ea5 100644 --- a/frappe/integrations/doctype/ldap_settings/ldap_settings.py +++ b/frappe/integrations/doctype/ldap_settings/ldap_settings.py @@ -31,8 +31,18 @@ class LDAPSettings(Document): search_filter="(objectClass=*)", attributes=self.get_ldap_attributes()) + conn.search( + search_base=self.organizational_unit_for_groups, + search_filter="(objectClass=*)", + attributes=['cn']) + except ldap3.core.exceptions.LDAPAttributeError as ex: - frappe.throw(_("LDAP settings incorrect. validation response was: {0}").format(ex), title=_("Misconfigured")) + frappe.throw(_("LDAP settings incorrect. validation response was: {0}").format(ex), + title=_("Misconfigured")) + + except ldap3.core.exceptions.LDAPNoSuchObjectResult: + frappe.throw(_("Ensure the user and group search paths are correct."), + title=_("Misconfigured")) else: frappe.throw(_("LDAP Search String must be enclosed in '()' and needs to contian the user placeholder {0}, eg sAMAccountName={0}"))