Merge pull request #1651 from pbiering/show_ldap_config_on_startup

Show ldap config on startup
2025-04-03 21:27:36 +03:00 · 2024-12-14 08:24:16 +00:00 · 2024-12-14 08:24:16 +00:00 · 0d29de6db9
commit 0d29de6db9
parent be5eab8671 886f4ee8d0
2 changed files with 26 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -11,6 +11,7 @@
 * Fix: also remove 'item' from cache on delete
 * Improve: avoid automatically invalid cache on upgrade in case no change on cache structure
 * Improve: log important module versions on startup
+* Improve: auth.ldap config shown on startup, terminate in case no password is supplied for bind user

 ## 3.3.1

--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@ -1,5 +1,6 @@
 # This file is part of Radicale - CalDAV and CardDAV server
-# Copyright 2022 Peter Varkoly
+# Copyright © 2022-2024 Peter Varkoly
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -78,6 +79,29 @@ class Auth(auth.BaseAuth):
                    self._ldap_ssl_verify_mode = ssl.CERT_NONE
                elif tmp == "OPTIONAL":
                    self._ldap_ssl_verify_mode = ssl.CERT_OPTIONAL
+        logger.info("auth.ldap_uri             : %r" % self._ldap_uri)
+        logger.info("auth.ldap_base            : %r" % self._ldap_base)
+        logger.info("auth.ldap_reader_dn       : %r" % self._ldap_reader_dn)
+        logger.info("auth.ldap_load_groups     : %s" % self._ldap_load_groups)
+        logger.info("auth.ldap_filter          : %r" % self._ldap_filter)
+        if ldap_secret_file_path:
+            logger.info("auth.ldap_secret_file_path: %r" % ldap_secret_file_path)
+            if self._ldap_secret:
+                logger.info("auth.ldap_secret          : (from file)")
+        else:
+            logger.info("auth.ldap_secret_file_path: (not provided)")
+            if self._ldap_secret:
+                logger.info("auth.ldap_secret          : (from config)")
+        if self._ldap_reader_dn and not self._ldap_secret:
+            logger.error("auth.ldap_secret         : (not provided)")
+            raise RuntimeError("LDAP authentication requires ldap_secret for reader_dn")
+        logger.info("auth.ldap_use_ssl         : %s" % self._ldap_use_ssl)
+        if self._ldap_use_ssl is True:
+            logger.info("auth.ldap_ssl_verify_mode : %s" % self._ldap_ssl_verify_mode)
+            if self._ldap_ssl_ca_file:
+                logger.info("auth.ldap_ssl_ca_file     : %r" % self._ldap_ssl_ca_file)
+            else:
+                logger.info("auth.ldap_ssl_ca_file     : (not provided)")

    def _login2(self, login: str, password: str) -> str:
        try: