From ccaf537aa6323c5161d3420b653025771db75010 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 25 Jun 2010 13:37:27 -0400
Subject: Handle errors raised by plugins more gracefully in mod_wsgi.

This started as an effort to display a more useful error message in the
Apache error log if retrieving the schema failed. I broadened the scope
a little to include limiting the output in the Apache error log
so errors are easier to find.

This adds a new configuration option, startup_traceback. Outside of
lite-server.py it is False by default so does not display the traceback
that lead to the StandardError being raised. This makes the mod_wsgi
error much easier to follow.
---
 ipaserver/plugins/ldap2.py | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

(limited to 'ipaserver/plugins/ldap2.py')

diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 987203caa..aebeb5c27 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -124,17 +124,20 @@ def global_init(url):
 
     try:
         if api.env.context == 'server':
-            # Create a new credentials cache for this Apache process
-            tmpdir = tempfile.mkdtemp(prefix = "tmp-")
-            ccache_file = 'FILE:%s/ccache' % tmpdir
-            krbcontext = krbV.default_context()
-            principal = str('HTTP/%s@%s' % (api.env.host, api.env.realm))
-            keytab = krbV.Keytab(name='/etc/httpd/conf/ipa.keytab', context=krbcontext)
-            principal = krbV.Principal(name=principal, context=krbcontext)
-            os.environ['KRB5CCNAME'] = ccache_file
-            ccache = krbV.CCache(name=ccache_file, context=krbcontext, primary_principal=principal)
-            ccache.init(principal)
-            ccache.init_creds_keytab(keytab=keytab, principal=principal)
+            try:
+                # Create a new credentials cache for this Apache process
+                tmpdir = tempfile.mkdtemp(prefix = "tmp-")
+                ccache_file = 'FILE:%s/ccache' % tmpdir
+                krbcontext = krbV.default_context()
+                principal = str('HTTP/%s@%s' % (api.env.host, api.env.realm))
+                keytab = krbV.Keytab(name='/etc/httpd/conf/ipa.keytab', context=krbcontext)
+                principal = krbV.Principal(name=principal, context=krbcontext)
+                os.environ['KRB5CCNAME'] = ccache_file
+                ccache = krbV.CCache(name=ccache_file, context=krbcontext, primary_principal=principal)
+                ccache.init(principal)
+                ccache.init_creds_keytab(keytab=keytab, principal=principal)
+            except krbV.Krb5Error, e:
+                raise StandardError('Unable to retrieve LDAP schema. Error initializing principal %s in %s: %s' % (principal.name, '/etc/httpd/conf/ipa.keytab', str(e)))
 
         conn = _ldap.initialize(url)
         conn.sasl_interactive_bind_s('', SASL_AUTH)
@@ -155,8 +158,9 @@ def global_init(url):
     except _ldap.SERVER_DOWN:
         return (None, upg)
     except _ldap.LDAPError, e:
-        # TODO: raise a more appropriate exception
-        _handle_errors(e, **{})
+        desc = e.args[0]['desc'].strip()
+        info = e.args[0].get('info', '').strip()
+        raise StandardError('Unable to retrieve LDAP schema: %s: %s' % (desc, info))
     except IndexError:
         # no 'cn=schema' entry in LDAP? some servers use 'cn=subschema'
         # TODO: DS uses 'cn=schema', support for other server?
-- 
cgit