Merge pull request #2832 from nsoranzo/fix_for_2805

Skip whoami check for LDAP servers not supporting it
galaxyproject · Aug 23, 2016 · b16a940 · b16a940
2 parents ac3f8b0 + 95113b9
commit b16a940
Showing 1 changed file with 13 additions and 5 deletions.
diff --git a/lib/galaxy/auth/providers/ldap_ad.py b/lib/galaxy/auth/providers/ldap_ad.py
@@ -162,12 +162,20 @@ def authenticate(self, email, username, password, options):
 
             l = ldap.initialize(_get_subs(options, 'server', params))
             l.protocol_version = 3
+            bind_password = _get_subs(options, 'bind-password', params)
+            if not bind_password:
+                raise RuntimeError('LDAP authenticate: empty password')
             l.simple_bind_s(_get_subs(
-                options, 'bind-user', params), _get_subs(options, 'bind-password', params))
-            whoami = l.whoami_s()
-            log.debug("LDAP authenticate: whoami is %s", whoami)
-            if whoami is None:
-                raise RuntimeError('LDAP authenticate: anonymous bind')
+                options, 'bind-user', params), bind_password)
+            try:
+                whoami = l.whoami_s()
+            except ldap.PROTOCOL_ERROR:
+                # The "Who am I?" extended operation is not supported by this LDAP server
+                pass
+            else:
+                log.debug("LDAP authenticate: whoami is %s", whoami)
+                if whoami is None:
+                    raise RuntimeError('LDAP authenticate: anonymous bind')
         except Exception:
             log.warning('LDAP authenticate: bind exception', exc_info=True)
             return (failure_mode, '', '')