From f17dd09034a82799d0a252ef1f50a431d19ceb9d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Nov 03 2015 22:05:32 +0000
Subject: Be more verbose when logging errors in info LDAP plugin


The infoldap plugin was logging raw exceptions but not providing
any context to them.

This breaks some of the calls into separate try/except to provide
more precise failure reasons.

Also fix a typo in the authldap plugin and handle ValueError
when validating the template syntax.

https://fedorahosted.org/ipsilon/ticket/39

Signed-off-by: Rob Crittenden <rcritten@redhat.com>

---

diff --git a/ipsilon/info/infoldap.py b/ipsilon/info/infoldap.py
index 66e8d50..a197157 100644
--- a/ipsilon/info/infoldap.py
+++ b/ipsilon/info/infoldap.py
@@ -139,25 +139,48 @@ Info plugin that uses LDAP to retrieve user data. """
         reply = dict()
         try:
             ldapattrs = self._get_user_data(conn, dn)
-            self.debug(ldapattrs)
+            self.debug('LDAP attrs for %s: %s' % (dn, ldapattrs))
             userattrs, extras = self.mapper.map_attributes(ldapattrs)
             groups = self._get_user_groups(conn, base, username)
             reply = userattrs
             reply['_groups'] = groups
             reply['_extras'] = {'ldap': extras}
         except Exception, e:  # pylint: disable=broad-except
-            self.error(e)
+            self.error('Error fetching/mapping LDAP user data: %s' % e)
 
         return reply
 
     def get_user_attrs(self, user):
         try:
-            conn = self._ldap_bind()
             dn = self.user_dn_tmpl % {'username': user}
+        except ValueError as e:
+            self.error(
+                'DN generation failed with template %s, user %s: %s'
+                % (self.user_dn_tmpl, user, e)
+            )
+            return {}
+        except Exception as e:  # pylint: disable=broad-except
+            self.error(
+                'Unhandled error generating DN from %s, user %s: %s'
+                % (self.user_dn_tmpl, user, e)
+            )
+            return {}
+
+        try:
+            conn = self._ldap_bind()
             base = self.base_dn
             return self.get_user_data_from_conn(conn, dn, base, user)
-        except Exception, e:  # pylint: disable=broad-except
-            self.error(e)
+        except ldap.LDAPError as e:
+            self.error(
+                'LDAP search failed for DN %s on base %s: %s' %
+                (dn, base, e)
+            )
+            return {}
+        except Exception as e:  # pylint: disable=broad-except
+            self.error(
+                'Unhandled LDAP error for DN %s on base %s: %s' %
+                (dn, base, e)
+            )
             return {}
 
 
diff --git a/ipsilon/login/authldap.py b/ipsilon/login/authldap.py
index 1986490..037dacb 100644
--- a/ipsilon/login/authldap.py
+++ b/ipsilon/login/authldap.py
@@ -233,7 +233,12 @@ class Installer(LoginManagerInstaller):
                 opts['ldap_bind_dn_template'] % {'username': 'test'}
             except KeyError:
                 logging.error(
-                    'Bind DN template does not container %(username)s'
+                    'Bind DN template does not contain %(username)s'
+                )
+                return False
+            except ValueError as e:
+                logging.error(
+                    'Invalid syntax in Bind DN template: %s ' % e
                 )
                 return False
             config['bind dn template'] = opts['ldap_bind_dn_template']