ldap: fail if no mapping, make plugin less noisy

The ldap plugin provides map, session and identity functionality. As a map and session plugin, the ldap plugin currently always succeeds. This prevents an admin from making the ldap plugin requisite. The plugin also logs at error level. If the admin configures the plugin as optional then some failures are expected. For this reason, the patch moves the logging down the debug level. FOR RELEASE NOTES: Currently, the ldap gPlazma plugin never fails in the map- or session- phases of a login. With this change, the plugin will fail if no username is supplied or if there is no mapping for this user. Sites should check their gPlazma configuration if they use the ldap plugin. Target: master Request: 2.7 Requires-notes: yes Requires-book: yes Patch: http://rb.dcache.org/r/5937 Acked-by: Tigran Mkrtchyan
dCache · Sep 6, 2013 · 6509dd2 · 6509dd2
1 parent bac3ccc
commit 6509dd2
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/modules/gplazma2-ldap/src/main/java/org/dcache/gplazma/plugins/Ldap.java b/modules/gplazma2-ldap/src/main/java/org/dcache/gplazma/plugins/Ldap.java
@@ -142,9 +142,12 @@ public void map(Set<Principal> principals) throws AuthenticationException {
                     }
                 }
             } catch (NamingException e) {
-                _log.warn("Faild to get mapping: {}", e.toString());
+                _log.debug("Failed to get mapping: {}", e.toString());
+                throw new AuthenticationException("no mapping");
             }
         }
+
+        throw new AuthenticationException("no username");
     }
 
     @Override
@@ -172,7 +175,7 @@ public Principal map(Principal principal) throws NoSuchPrincipalException {
             }
 
         } catch (NamingException e) {
-            _log.warn("Faild to get mapping: {}", e.toString());
+            _log.debug("Failed to get mapping: {}", e.toString());
         }
         throw new NoSuchPrincipalException(principal);
     }
@@ -207,7 +210,7 @@ public Set<Principal> reverseMap(Principal principal) throws NoSuchPrincipalExce
             }
             return principals;
         } catch (NamingException e) {
-            _log.warn("Faild to get reverse mapping: {}", e.toString());
+            _log.debug("Faild to get reverse mapping: {}", e.toString());
         }
         throw new NoSuchPrincipalException(principal);
     }
@@ -228,10 +231,11 @@ public void session(Set<Principal> authorizedPrincipals, Set<Object> attrib) thr
                     attrib.add(new ReadOnly(false));
                 }
             } catch (NamingException e) {
-                throw new AuthenticationException("no mapping: "
-                        + e.getMessage(), e);
+                throw new AuthenticationException("no mapping");
             }
         }
+
+        throw new AuthenticationException("no username");
     }
 
     private SearchControls getSimplSearchControls(String... attr) {