From 8fd8e716ac8391b40c4ec59b737297304f56bb1d Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Wed, 17 Mar 2021 19:24:28 -0700
Subject: [PATCH] Changed debug level on bad LDAP connection (#9314)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Changed debug level on bad LDAP connection

TODO:

Unfuck all of this. It’s a mess and it really doesn’t work the way we think it does. AdLdap library strikes again. :(

Signed-off-by: snipe <snipe@snipe.net>

* Improved phrasing

Signed-off-by: snipe <snipe@snipe.net>
---
 .../Controllers/Api/SettingsController.php    | 35 ++++++++++++-------
 app/Services/LdapAd.php                       |  6 ++--
 2 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/app/Http/Controllers/Api/SettingsController.php b/app/Http/Controllers/Api/SettingsController.php
index f4177ea663..462c685361 100644
--- a/app/Http/Controllers/Api/SettingsController.php
+++ b/app/Http/Controllers/Api/SettingsController.php
@@ -36,13 +36,17 @@ class SettingsController extends Controller
     public function ldapAdSettingsTest(LdapAd $ldap): JsonResponse
     {
         if(!$ldap->init()) {
-            Log::info('LDAP is not enabled cannot test.');
+            Log::info('LDAP is not enabled so we cannot test.');
             return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400);
         }
 
         // The connect, bind and resulting users message
         $message = [];
 
+        
+        // This is all kinda fucked right now. The connection test doesn't actually do what you think,
+        // // and the way we parse the errors
+        // on the JS side is horrible. 
         Log::info('Preparing to test LDAP user login');
         // Test user can connect to the LDAP server
         try {
@@ -51,13 +55,11 @@ class SettingsController extends Controller
                 'message' => 'Successfully connected to LDAP server.'
             ];
         } catch (\Exception $ex) {
-                \Log::debug('LDAP connected but Bind failed. Please check your LDAP settings and try again.');
-            return response()->json([
-                'message' => 'Error logging into LDAP server, error: ' . $ex->getMessage() . ' - Verify your that your username and password are correct']);
+                \Log::debug('Connection to LDAP server '.Setting::getSettings()->ldap_server.' failed. Please check your LDAP settings and try again. Server Responded with error: ' . $ex->getMessage());
+            return response()->json(
+                ['message' => 'Connection to LDAP server '.Setting::getSettings()->ldap_server." failed. Verify that the LDAP hostname is entered correctly and that it can be reached from this web server. \n\nServer Responded with error: " . $ex->getMessage()
 
-        } catch (\Exception $e) {
-            \Log::info('LDAP connection failed but we cannot debug it any further on our end.');
-            return response()->json(['message' => 'The LDAP connection failed but we cannot debug it any further on our end. The error from the server is: '.$e->getMessage()], 500);
+                ], 400);
         }
 
         Log::info('Preparing to test LDAP bind connection');
@@ -66,12 +68,11 @@ class SettingsController extends Controller
             Log::info('Testing Bind');
             $ldap->testLdapAdBindConnection();
             $message['bind'] = [
-                'message' => 'Successfully binded to LDAP server.'
+                'message' => 'Successfully bound to LDAP server.'
             ];
         } catch (\Exception $ex) {
             Log::info('LDAP Bind failed');
-            return response()->json([
-                'message' => 'Error binding to LDAP server, error: ' . $ex->getMessage()
+            return response()->json(['message' => 'Connection to LDAP successful, but we were unable to Bind the LDAP user '.Setting::getSettings()->ldap_uname.". Verify your that your LDAP Bind username and password are correct. \n\nServer Responded with error: " . $ex->getMessage()
             ], 400);
         }
 
@@ -94,9 +95,17 @@ class SettingsController extends Controller
                     'email'           => $item[$settings['ldap_email']][0] ?? null,
                 ];
             });
-            $message['user_sync']  = [
-                'users' => $users
-            ];
+            if ($users->count() > 0) {
+                $message['user_sync']  = [
+                    'users' => $users
+                ];
+            } else {
+                $message['user_sync']  = [
+                    'message' => 'Connection to LDAP was successful, however there were no users returned from your query. You should confirm the Base Bind DN above.'
+                ];
+                return response()->json($message, 400);
+            }
+            
         } catch (\Exception $ex) {
             Log::info('LDAP sync failed');
             $message['user_sync']  = [
diff --git a/app/Services/LdapAd.php b/app/Services/LdapAd.php
index 85410ce7d1..01e6f77d59 100644
--- a/app/Services/LdapAd.php
+++ b/app/Services/LdapAd.php
@@ -504,9 +504,9 @@ class LdapAd extends LdapAdConfiguration
     {
         try {
             $this->ldap->connect();
-        } catch (\Adldap\Auth\BindException $e) {
-            Log::error($e);
-            throw new Exception('Unable to connect to LDAP directory!');
+        } catch (\Exception $e) {
+            Log::debug('LDAP ERROR: '.$e->getMessage());
+            throw new Exception($e->getMessage());
         }
     }