Skip to content

Commit

Permalink
Merge pull request #381 from TeskaLabs/fix/ldap-authentication-logging
Browse files Browse the repository at this point in the history 
Do not log failed LDAP login as error
  • Loading branch information
@byewokko
byewokko authored May 22, 2024
2 parents e9b1785 + bc75a31 commit 03412ad
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
## v24.20

### Pre-releases
- `v24.20-alpha4`
- `v24.20-alpha3`
- `v24.20-alpha2`
- `v24.20-alpha1`
Expand All @@ -11,6 +12,7 @@
- Default password criteria are more restrictive (#372, `v24.20-alpha1`, Compatible with Seacat Auth Webui v24.19-alpha and later, Seacat Account Webui v24.08-beta and later)

### Fix
- Do not log failed LDAP login as error (#381, `v24.20-alpha4`)
- Properly handle Argon2 verification error in login call (#378, `v24.20-alpha3`)

### Features
Expand Down
3 changes: 2 additions & 1 deletion seacatauth/credentials/providers/ldap.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,8 @@ def _authenticate_worker(self, credentials_id: str, credentials: dict) -> bool:
try:
lc.simple_bind_s(dn, password)
except ldap.INVALID_CREDENTIALS:
L.error("LDAP: Invalid credentials", struct_data={"dn": dn})
L.log(asab.LOG_NOTICE, "Authentication failed: Invalid LDAP credentials.", struct_data={
"cid": credentials_id, "dn": dn})
return False

lc.unbind_s()
Expand Down

0 comments on commit 03412ad

Please sign in to comment.