diff --git a/authserv/ldap_model.py b/authserv/ldap_model.py
index 8a903e2b6b763b1768774451316a8122ebb2c765..a3f73583f94c80fe509563e64447480b90abc91b 100644
--- a/authserv/ldap_model.py
+++ b/authserv/ldap_model.py
@@ -1,5 +1,6 @@
import contextlib
import ldap
+import logging
from ldap.dn import escape_dn_chars
from ldap.filter import escape_filter_chars
from ldap.ldapobject import LDAPObject
@@ -40,6 +41,7 @@ class UserDb(model.UserDb):
while isinstance(ldap_params, basestring):
ldap_params = self.service_map.get(ldap_params)
if not ldap_params:
+ logging.error('unknown service "%s"', service)
return None
with self._conn() as c:
@@ -61,6 +63,7 @@ class UserDb(model.UserDb):
base = ldap_params['base'].replace('%s', escape_dn_chars(username))
filt = ldap_params['filter'].replace('%s', escape_filter_chars(username))
scope = ldap.SCOPE_SUBTREE
+ logging.debug('ldap search: base=%s, scope=%s, filt=%s', base, scope, filt)
result = c.search_s(base, scope, filt, self.ldap_attrs)
if not result:
@@ -72,8 +75,9 @@ class UserDb(model.UserDb):
def get_user(self, username, service):
try:
- return User(username)
- except (Error, ldap.LDAPError):
+ return self._query_user(username, service)
+ except (Error, ldap.LDAPError), e:
+ logging.error('userdb error: %s', e)
return None
@@ -93,7 +97,7 @@ class User(model.User):
self._otp_enabled = True
self._totp_secret = values[0]
elif key == 'appSpecificPassword':
- self._asps = [v.split(':', 2) for v in values]
+ self._asps = [v.split(':', 1) for v in values]
def otp_enabled(self):
return self._otp_enabled
@@ -108,7 +112,7 @@ class User(model.User):
return self._totp_secret
def get_app_specific_passwords(self, service):
- return [x[2] for x in self._asps if x[0] == service]
+ return [x[1] for x in self._asps if x[0] == service]
def get_password(self):
return self._password