diff --git a/CHANGELOG.md b/CHANGELOG.md index cce047e0..80845b21 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ * Fix: also remove 'item' from cache on delete * Improve: avoid automatically invalid cache on upgrade in case no change on cache structure * Improve: log important module versions on startup +* Improve: auth.ldap config shown on startup, terminate in case no password is supplied for bind user ## 3.3.1 diff --git a/radicale/auth/ldap.py b/radicale/auth/ldap.py index a4c8f38c..b70affb9 100644 --- a/radicale/auth/ldap.py +++ b/radicale/auth/ldap.py @@ -79,6 +79,30 @@ class Auth(auth.BaseAuth): self._ldap_ssl_verify_mode = ssl.CERT_NONE elif tmp == "OPTIONAL": self._ldap_ssl_verify_mode = ssl.CERT_OPTIONAL + logger.info("auth.ldap_uri : %r" % self._ldap_uri) + logger.info("auth.ldap_base : %r" % self._ldap_base) + logger.info("auth.ldap_reader_dn : %r" % self._ldap_reader_dn) + logger.info("auth.ldap_load_groups : %s" % self._ldap_load_groups) + logger.info("auth.ldap_filter : %r" % self._ldap_filter) + if ldap_secret_file_path: + logger.info("auth.ldap_secret_file_path: %r" % ldap_secret_file_path) + if self._ldap_secret: + logger.info("auth.ldap_secret : (from file)") + else: + logger.info("auth.ldap_secret_file_path: (not provided)") + if self._ldap_secret: + logger.info("auth.ldap_secret : (from config)") + if self._ldap_reader_dn and not self._ldap_secret: + logger.error("auth.ldap_secret : (not provided)") + raise RuntimeError("LDAP authentication requires ldap_secret for reader_dn") + logger.info("auth.ldap_use_ssl : %s" % self._ldap_use_ssl) + if self._ldap_use_ssl is True: + logger.info("auth.ldap_ssl_verify_mode : %s" % self._ldap_ssl_verify_mode) + if self._ldap_ssl_ca_file: + logger.info("auth.ldap_ssl_ca_file : %r" % self._ldap_ssl_ca_file) + else: + logger.info("auth.ldap_ssl_ca_file : (not provided)") + def _login2(self, login: str, password: str) -> str: try: