diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-06-25 13:37:27 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-07-12 09:32:33 -0400 |
| commit | ccaf537aa6323c5161d3420b653025771db75010 (patch) | |
| tree | 2e1e2dc830369d9619244e2ce11b039537578c1c /ipaserver | |
| parent | 7f9485f5bfc62f3a9d082d03b8118619bc283a94 (diff) | |
| download | freeipa-ccaf537aa6323c5161d3420b653025771db75010.tar.gz freeipa-ccaf537aa6323c5161d3420b653025771db75010.tar.xz freeipa-ccaf537aa6323c5161d3420b653025771db75010.zip | |
Handle errors raised by plugins more gracefully in mod_wsgi.
This started as an effort to display a more useful error message in the
Apache error log if retrieving the schema failed. I broadened the scope
a little to include limiting the output in the Apache error log
so errors are easier to find.
This adds a new configuration option, startup_traceback. Outside of
lite-server.py it is False by default so does not display the traceback
that lead to the StandardError being raised. This makes the mod_wsgi
error much easier to follow.
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/plugins/ldap2.py | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 987203caa..aebeb5c27 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -124,17 +124,20 @@ def global_init(url): try: if api.env.context == 'server': - # Create a new credentials cache for this Apache process - tmpdir = tempfile.mkdtemp(prefix = "tmp-") - ccache_file = 'FILE:%s/ccache' % tmpdir - krbcontext = krbV.default_context() - principal = str('HTTP/%s@%s' % (api.env.host, api.env.realm)) - keytab = krbV.Keytab(name='/etc/httpd/conf/ipa.keytab', context=krbcontext) - principal = krbV.Principal(name=principal, context=krbcontext) - os.environ['KRB5CCNAME'] = ccache_file - ccache = krbV.CCache(name=ccache_file, context=krbcontext, primary_principal=principal) - ccache.init(principal) - ccache.init_creds_keytab(keytab=keytab, principal=principal) + try: + # Create a new credentials cache for this Apache process + tmpdir = tempfile.mkdtemp(prefix = "tmp-") + ccache_file = 'FILE:%s/ccache' % tmpdir + krbcontext = krbV.default_context() + principal = str('HTTP/%s@%s' % (api.env.host, api.env.realm)) + keytab = krbV.Keytab(name='/etc/httpd/conf/ipa.keytab', context=krbcontext) + principal = krbV.Principal(name=principal, context=krbcontext) + os.environ['KRB5CCNAME'] = ccache_file + ccache = krbV.CCache(name=ccache_file, context=krbcontext, primary_principal=principal) + ccache.init(principal) + ccache.init_creds_keytab(keytab=keytab, principal=principal) + except krbV.Krb5Error, e: + raise StandardError('Unable to retrieve LDAP schema. Error initializing principal %s in %s: %s' % (principal.name, '/etc/httpd/conf/ipa.keytab', str(e))) conn = _ldap.initialize(url) conn.sasl_interactive_bind_s('', SASL_AUTH) @@ -155,8 +158,9 @@ def global_init(url): except _ldap.SERVER_DOWN: return (None, upg) except _ldap.LDAPError, e: - # TODO: raise a more appropriate exception - _handle_errors(e, **{}) + desc = e.args[0]['desc'].strip() + info = e.args[0].get('info', '').strip() + raise StandardError('Unable to retrieve LDAP schema: %s: %s' % (desc, info)) except IndexError: # no 'cn=schema' entry in LDAP? some servers use 'cn=subschema' # TODO: DS uses 'cn=schema', support for other server? |