From 84f6f2ac66ddeca3fac5423f937471d32d9153a4 Mon Sep 17 00:00:00 2001
From: Valerij Maljulin <vmaljuli@redhat.com>
Date: Oct 24 2020 00:21:00 +0000
Subject: LDAP tests fix


---

diff --git a/tests/test_access_control.py b/tests/test_access_control.py
index c6e7e95..7db11a0 100644
--- a/tests/test_access_control.py
+++ b/tests/test_access_control.py
@@ -39,8 +39,8 @@ class TestAccessControl(object):
                         content_type='application/json', headers=self.headers)
         res_data = json.loads(r.get_data(as_text=True))
         assert r.status_code == 500
-        assert res_data['message'] == ("LDAP_HOST and LDAP_BASE also need to be "
-                                       "defined if PERMISSION_MAPPING is defined.")
+        assert res_data['message'] == ('LDAP_HOST and LDAP_SEARCHES also need to be defined '
+                                       'if PERMISSION_MAPPING is defined.')
 
     @pytest.mark.usefixtures('enable_ldap_host')
     def test_ldap_host_defined_base_not(self, client, session):
diff --git a/waiverdb/api_v1.py b/waiverdb/api_v1.py
index 287aaf4..4f3261b 100644
--- a/waiverdb/api_v1.py
+++ b/waiverdb/api_v1.py
@@ -337,8 +337,11 @@ class WaiversResource(Resource):
         ldap_searches = current_app.config.get('LDAP_SEARCHES')
         if not ldap_searches:
             ldap_base = current_app.config.get('LDAP_BASE')
-            ldap_search_string = current_app.config.get('LDAP_SEARCH_STRING', '(memberUid={user})')
-            ldap_searches = [{'BASE': ldap_base, 'SEARCH_STRING': ldap_search_string}]
+            if ldap_base:
+                ldap_search_string = current_app.config.get(
+                    'LDAP_SEARCH_STRING', '(memberUid={user})'
+                )
+                ldap_searches = [{'BASE': ldap_base, 'SEARCH_STRING': ldap_search_string}]
         return verify_authorization(user, testcase, permission_mapping, ldap_host, ldap_searches)
 
     def _create_waiver(self, args, user):
diff --git a/waiverdb/authorization.py b/waiverdb/authorization.py
index e038fe0..70bbb7e 100644
--- a/waiverdb/authorization.py
+++ b/waiverdb/authorization.py
@@ -16,7 +16,7 @@ def get_group_membership(ldap, user, con, ldap_search):
     try:
         results = con.search_s(
             ldap_search['BASE'], ldap.SCOPE_SUBTREE,
-            ldap_search.get('SEARCH_STRING', '(memberUid={user})').format(user), ['cn']
+            ldap_search.get('SEARCH_STRING', '(memberUid={user})').format(user=user), ['cn']
         )
         return [group[1]['cn'][0].decode('utf-8') for group in results]
     except KeyError:
@@ -50,7 +50,11 @@ def verify_authorization(user, testcase, permission_mapping, ldap_host, ldap_sea
         raise InternalServerError(('If PERMISSION_MAPPING is defined, '
                                    'python-ldap needs to be installed.'))
 
-    con = ldap.initialize(ldap_host)
+    try:
+        con = ldap.initialize(ldap_host)
+    except ldap.LDAPError:
+        log.exception('Some error occurred initializing the LDAP connection.')
+        raise Unauthorized('Some error occurred initializing the LDAP connection.')
     group_membership = set()
 
     for cur_ldap_search in ldap_searches: