diff --git a/.werks/15933 b/.werks/15933 new file mode 100644 index 0000000000000..5b3303ee70bc8 --- /dev/null +++ b/.werks/15933 @@ -0,0 +1,16 @@ +Title: Fix failed LDAP sync because of invalid user ID +Class: fix +Compatible: compat +Component: wato +Date: 1691489253 +Edition: cre +Knowledge: doc +Level: 1 +Version: 2.3.0b1 + +Since 2.2, user IDs are validated when synchronizing LDAP connections. This +could result in a failed sync if one or more user IDs were invalid. + +From now on such users are skipped on synchronizing and logged to +~/var/log/web.log. + diff --git a/cmk/gui/userdb/ldap_connector.py b/cmk/gui/userdb/ldap_connector.py index 6f64601514b2d..07d2705676716 100644 --- a/cmk/gui/userdb/ldap_connector.py +++ b/cmk/gui/userdb/ldap_connector.py @@ -915,7 +915,13 @@ def get_users(self, add_filter: str = "") -> Users: _('The configured User-ID attribute "%s" does not exist for the user "%s"') % (user_id_attr, dn) ) - user_id = self._sanitize_user_id(ldap_user[user_id_attr][0]) + + try: + user_id = self._sanitize_user_id(ldap_user[user_id_attr][0]) + except ValueError as e: + self._logger.warning(f" SKIP SYNC {e}") + continue + if user_id: ldap_user["dn"] = dn # also add the DN result[user_id] = cast(UserSpec, ldap_user) diff --git a/tests/unit/cmk/gui/userdb/ldap_golden.py b/tests/unit/cmk/gui/userdb/ldap_golden.py index d7d848a7fd144..7f4d631ed354b 100644 --- a/tests/unit/cmk/gui/userdb/ldap_golden.py +++ b/tests/unit/cmk/gui/userdb/ldap_golden.py @@ -140,7 +140,10 @@ def _mock_simple_bind_s(mocker: MockerFixture, connector: LDAPUserConnector) -> def test_get_users(mocker: MockerFixture, mock_ldap: MagicMock) -> None: - ldap_result = [("user1", {"uid": ["USER1_ID"]})] + ldap_result = [ + ("user1", {"uid": ["USER1_ID"]}), + ("user2", {"uid": ["USER2_ID#"]}), # user with invalid user ID + ] # note that the key is lower-cased due to 'lower_user_ids' expected_result = {"user1_id": {"dn": "user1", "uid": ["USER1_ID"]}} add_filter = "my(*)filter"