Univention Bugzilla – Bug 37584
use the 'matched' attribute of python-ldap exceptions
Last modified: 2021-06-19 00:44:33 CEST
Created attachment 6622 [details] patch Exceptions from python-LDAP may contain a 'matched' attribute containing a DN. This field is not evaluated in our wrapping function _err2str(). """ A third possible field of this dictionary is matched and is set to a truncated form of the name provided or alias dereferenced for the lowest entry (object or alias) that was matched.""" → http://www.python-ldap.org/doc/html/ldap.html http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/Modules/errors.c?view=markup The concrete exceptions which contain this key are: * ALIAS_DEREF_PROBLEM * ALIAS_PROBLEM * INVALID_DN_SYNTAX * IS_LEAF * NO_SUCH_OBJECT For error detection it would be good to include it into the error message (as done in the attached patch).
Bugs like Bug #37375 would be immediately detected.
Btw: I needed to apply this patch on my system to debug some things. It works and the difference is, instead of: noObject: No such object this message is shown: noObject: No such object: cn=groups,ou=8058,dc=mydomain,dc=intranet
Created attachment 6755 [details] updated patch patch which applies to the latest changes.
*** Bug 38109 has been marked as a duplicate of this bug. ***
(In reply to Florian Best from comment #4) > *** Bug 38109 has been marked as a duplicate of this bug. *** Additional to the 'matched' attribute the search base could be added to the exception string (as this is the more important info).
Created attachment 8220 [details] patch Also consider all current noObject exceptions.
This would also be helpful for the support team. We had some issues with non existing group members in school environments, which could have been debugged a lot faster with this :)
FYI: the matched attribute doesn't contain the search base but the last existing object.
Created attachment 10753 [details] patch Still relevant. slightly adapted patch.