Fixes #11153 - handle ldap errors gracefully

ohadlevy · Dec 13, 2017 · 0d0657a · 0d0657a
1 parent 0517edc
commit 0d0657a
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/app/controllers/external_usergroups_controller.rb b/app/controllers/external_usergroups_controller.rb
@@ -7,7 +7,9 @@ def refresh
     if @external_usergroup.refresh
       notice _("External user group %{name} refreshed") % { :name => @external_usergroup.name }
     else
-      warning _("External user group %{name} could not be refreshed") % { :name => @external_usergroup.name }
+      message = _("External user group %{name} could not be refreshed.") % { :name => @external_usergroup.name }
+      message += ' ' + @external_usergroup.errors.full_messages.join('. ') if @external_usergroup.errors.present?
+      warning message
     end
   rescue => e
     external_usergroups_error(@external_usergroup, e)

diff --git a/app/models/external_usergroup.rb b/app/models/external_usergroup.rb
@@ -19,6 +19,8 @@ def refresh
     internal_users = usergroup.users.
       where(:auth_source => AuthSourceInternal.first).map(&:login)
     my_users = users
+    return false unless my_users
+
     all_other_users = (usergroup.external_usergroups - [self]).map(&:users)
     all_users = (all_other_users + my_users).flatten.uniq
 
@@ -35,6 +37,9 @@ def refresh
 
   def users
     auth_source.users_in_group(name)
+  rescue Net::LDAP::Error, Net::LDAP::LdapError => e
+    errors.add :auth_source_id, _("LDAP error - %{message}") % { :message => e.message }
+    return false
   end
 
   private

diff --git a/app/models/usergroup.rb b/app/models/usergroup.rb
@@ -8,6 +8,7 @@ class Usergroup < ApplicationRecord
   include UserUsergroupCommon
 
   validates_lengths_from_database
+  validates_associated :external_usergroups
   before_destroy EnsureNotUsedBy.new(:hosts), :ensure_last_admin_group_is_not_deleted
 
   has_many :user_roles, :dependent => :destroy, :as => :owner