Added fix for python2 regex

Fix for python2 attributeError instead of TypeError on login with wrong openLDAP setting Added default empty string on LDAPCertificate Fix ldap as scheme for tls connection Enabled add user on LDAP Authentication LDAP config port is now number input Added header for user import config Added python ldap version to about section Fix: It's no longer possible to login via fallback password as long as LDAP server is available Fix: TypeError on bind is now catched and transformed to error message Update Readme Fixes for ldap
5 years ago · 4749eccfa5
parent a194216568
commit 4749eccfa5
12 changed files with 781 additions and 355 deletions
--- a/README.md
+++ b/README.md
@ -23,12 +23,12 @@ Calibre-Web is a web app providing a clean interface for browsing, reading and d
 - Send eBooks to Kindle devices with the click of a button
 - Sync your Kobo devices through Calibre-Web with your Calibre library
 - Support for reading eBooks directly in the browser (.txt, .epub, .pdf, .cbr, .cbt, .cbz)
- Upload new books in many formats
- Support for Calibre custom columns
+- Upload new books in many formats, including audio formats (.mp3, .m4a, .m4b)
+- Support for Calibre Custom Columns
 - Ability to hide content based on categories and Custom Column content per user
 - Self-update capability
 - "Magic Link" login to make it easy to log on eReaders
- Login via google/github oauth and via proxy authentication
+- Login via LDAP, google/github oauth and via proxy authentication

 ## Quick start

--- a/cps/about.py
+++ b/cps/about.py
@ -69,6 +69,7 @@ _VERSIONS = OrderedDict(
    pytz=pytz.__version__,
    Unidecode = unidecode_version,
    Flask_SimpleLDAP =  u'installed' if bool(services.ldap) else u'not installed',
+    python_LDAP = services.ldapVersion if bool(services.ldapVersion) else u'not installed',
    Goodreads = u'installed' if bool(services.goodreads_support) else u'not installed',
    jsonschema = services.SyncToken.__version__  if bool(services.SyncToken) else u'not installed',
 )
--- a/cps/admin.py
+++ b/cps/admin.py
@ -504,7 +504,7 @@ def _configuration_update_helper():
        with open(gdriveutils.CLIENT_SECRETS, 'r') as settings:
            gdrive_secrets = json.load(settings)['web']
        if not gdrive_secrets:
-            return _configuration_result('client_secrets.json is not configured for web application')
+            return _configuration_result(_('client_secrets.json Is Not Configured For Web Application'))
        gdriveutils.update_settings(
                            gdrive_secrets['client_id'],
                            gdrive_secrets['client_secret'],
@ -520,11 +520,11 @@ def _configuration_update_helper():

    reboot_required |= _config_string("config_keyfile")
    if config.config_keyfile and not os.path.isfile(config.config_keyfile):
-        return _configuration_result('Keyfile location is not valid, please enter correct path', gdriveError)
+        return _configuration_result(_('Keyfile Location is not Valid, Please Enter Correct Path'), gdriveError)

    reboot_required |= _config_string("config_certfile")
    if config.config_certfile and not os.path.isfile(config.config_certfile):
-        return _configuration_result('Certfile location is not valid, please enter correct path', gdriveError)
+        return _configuration_result(_('Certfile Location is not Valid, Please Enter Correct Path'), gdriveError)

    _config_checkbox_int("config_uploading")
    _config_checkbox_int("config_anonbrowse")
@ -542,45 +542,57 @@ def _configuration_update_helper():

    #LDAP configurator,
    if config.config_login_type == constants.LOGIN_LDAP:
-        _config_string("config_ldap_provider_url")
-        _config_int("config_ldap_port")
+        reboot_required |= _config_string("config_ldap_provider_url")
+        reboot_required |= _config_int("config_ldap_port")
        # _config_string("config_ldap_schema")
-        _config_string("config_ldap_dn")
-        _config_string("config_ldap_user_object")
+        reboot_required |= _config_string("config_ldap_dn")
+        reboot_required |= _config_string("config_ldap_serv_username")
+        reboot_required |= _config_string("config_ldap_user_object")
+        reboot_required |= _config_string("config_ldap_group_object_filter")
+        reboot_required |= _config_string("config_ldap_group_members_field")
+        reboot_required |= _config_checkbox("config_ldap_openldap")
+        reboot_required |= _config_int("config_ldap_encryption")
+        reboot_required |= _config_string("config_ldap_cert_path")
+        _config_string("config_ldap_group_name")
+        if "config_ldap_serv_password" in to_save and to_save["config_ldap_serv_password"] != "":
+            reboot_required |= 1
+            config.set_from_dictionary(to_save, "config_ldap_serv_password", base64.b64encode, encode='UTF-8')
+        config.save()
+
        if not config.config_ldap_provider_url \
            or not config.config_ldap_port \
            or not config.config_ldap_dn \
            or not config.config_ldap_user_object:
-                return _configuration_result('Please enter a LDAP provider, '
-                                             'port, DN and user object identifier', gdriveError)
+                return _configuration_result(_('Please Enter a LDAP Provider, '
+                                             'Port, DN and User Object Identifier'), gdriveError)

-        _config_string("config_ldap_serv_username")
-        if "config_ldap_serv_password" in to_save and to_save["config_ldap_serv_password"]:
-            config.set_from_dictionary(to_save, "config_ldap_serv_password", base64.b64encode, encode='UTF-8')

-        if not config.config_ldap_serv_username and not config.config_ldap_serv_password:
-            return _configuration_result('Please enter a LDAP service account and password', gdriveError)
+        if not config.config_ldap_serv_username or not bool(config.config_ldap_serv_password):
+            return _configuration_result('Please Enter a LDAP Service Account and Password', gdriveError)

-        _config_string("config_ldap_group_object_filter")
-        _config_string("config_ldap_group_members_field")
-        _config_string("config_ldap_group_name")
        #_config_checkbox("config_ldap_use_ssl")
        #_config_checkbox("config_ldap_use_tls")
-        _config_int("config_ldap_encryption")
-        _config_checkbox("config_ldap_openldap")
+        # reboot_required |= _config_checkbox("config_ldap_openldap")
        # _config_checkbox("config_ldap_require_cert")
-        _config_string("config_ldap_cert_path")

-        if config.config_ldap_group_object_filter.count("%s") != 1:
-            return _configuration_result('LDAP Group Object Filter Needs to Have One "%s" Format Identifier',
-                                         gdriveError)
+        if config.config_ldap_group_object_filter:
+            if config.config_ldap_group_object_filter.count("%s") != 1:
+                return _configuration_result(_('LDAP Group Object Filter Needs to Have One "%s" Format Identifier'),
+                                             gdriveError)
+            if config.config_ldap_group_object_filter.count("(") != config.config_ldap_group_object_filter.count(")"):
+                return _configuration_result(_('LDAP Group Object Filter Has Unmatched Parenthesis'),
+                                             gdriveError)

        if config.config_ldap_user_object.count("%s") != 1:
-            return _configuration_result('LDAP User Object Filter needs to Have One "%s" Format Identifier',
+            return _configuration_result(_('LDAP User Object Filter needs to Have One "%s" Format Identifier'),
+                                         gdriveError)
+        if config.config_ldap_user_object.count("(") != config.config_ldap_user_object.count(")"):
+            return _configuration_result(_('LDAP User Object Filter Has Unmatched Parenthesis'),
                                         gdriveError)

-        if config.config_ldap_cert_path and not os.path.isfile(config.config_ldap_cert_path):
-            return _configuration_result('LDAP Certfile location is not valid, please enter correct path', gdriveError)
+        if config.config_ldap_cert_path and not os.path.isdir(config.config_ldap_cert_path):
+            return _configuration_result(_('LDAP Certificate Location is not Valid, Please Enter Correct Path'),
+                                         gdriveError)

    # Remote login configuration
    _config_checkbox("config_remote_login")
@ -628,12 +640,12 @@ def _configuration_update_helper():
    reboot_required |= _config_int("config_log_level")
    reboot_required |= _config_string("config_logfile")
    if not logger.is_valid_logfile(config.config_logfile):
-        return _configuration_result('Logfile location is not valid, please enter correct path', gdriveError)
+        return _configuration_result(_('Logfile Location is not Valid, Please Enter Correct Path'), gdriveError)

    reboot_required |= _config_checkbox_int("config_access_log")
    reboot_required |= _config_string("config_access_logfile")
    if not logger.is_valid_logfile(config.config_access_logfile):
-        return _configuration_result('Access Logfile location is not valid, please enter correct path', gdriveError)
+        return _configuration_result(_('Access Logfile Location is not Valid, Please Enter Correct Path'), gdriveError)

    # Rarfile Content configuration
    _config_string("config_rarfile_location")
@ -652,7 +664,7 @@ def _configuration_update_helper():
    if db_change:
        # reload(db)
        if not db.setup_db(config):
-            return _configuration_result('DB location is not valid, please enter correct path', gdriveError)
+            return _configuration_result(_('DB Location is not Valid, Please Enter Correct Path'), gdriveError)

    config.save()
    flash(_(u"Calibre-Web configuration updated"), category="success")
@ -678,7 +690,7 @@ def _configuration_result(error_flash=None, gdriveError=None):
    show_login_button = config.db_configured and not current_user.is_authenticated
    if error_flash:
        config.load()
-        flash(_(error_flash), category="error")
+        flash(error_flash, category="error")
        show_login_button = False

    return render_title_template("config_edit.html", config=config, provider=oauthblueprints,
--- a/cps/config_sql.py
+++ b/cps/config_sql.py
@ -73,7 +73,7 @@ class _Settings(_Base):
    config_kobo_sync = Column(Boolean, default=False)

    config_default_role = Column(SmallInteger, default=0)
-    config_default_show = Column(SmallInteger, default=6143)
+    config_default_show = Column(SmallInteger, default=constants.ADMIN_USER_SIDEBAR)
    config_columns_to_ignore = Column(String)

    config_denied_tags = Column(String, default="")
@ -99,11 +99,11 @@ class _Settings(_Base):
    config_ldap_port = Column(SmallInteger, default=389)
    # config_ldap_schema = Column(String, default='ldap')
    config_ldap_serv_username = Column(String, default='cn=admin,dc=example,dc=org')
-    config_ldap_serv_password = Column(String)
+    config_ldap_serv_password = Column(String, default="")
    config_ldap_encryption = Column(SmallInteger, default=0)
    # config_ldap_use_tls = Column(Boolean, default=False)
    # config_ldap_require_cert = Column(Boolean, default=False)
-    config_ldap_cert_path = Column(String)
+    config_ldap_cert_path = Column(String, default="")
    config_ldap_dn = Column(String, default='dc=example,dc=org')
    config_ldap_user_object = Column(String, default='uid=%s')
    config_ldap_openldap = Column(Boolean, default=True)
@ -285,7 +285,9 @@ class _ConfigSQL(object):
        self._session.commit()
        self.load()

-    def invalidate(self):
+    def invalidate(self, error=None):
+        if error:
+            log.error(error)
        log.warning("invalidating configuration")
        self.db_configured = False
        self.config_calibre_dir = None
--- a/cps/db.py
+++ b/cps/db.py
@ -344,14 +344,13 @@ def setup_db(config):
                               isolation_level="SERIALIZABLE",
                               connect_args={'check_same_thread': False})
        conn = engine.connect()
-    except:
-        config.invalidate()
+        # conn.text_factory = lambda b: b.decode(errors = 'ignore') possible fix for #1302
+    except Exception as e:
+        config.invalidate(e)
        return False

    config.db_configured = True
    update_title_sort(config, conn.connection)
-    # conn.connection.create_function('lower', 1, lcase)
-    # conn.connection.create_function('upper', 1, ucase)

    if not cc_classes:
        cc = conn.execute("SELECT id, datatype FROM custom_columns")
--- a/cps/services/init.py
+++ b/cps/services/init.py
@ -30,10 +30,13 @@ except ImportError as err:
    goodreads_support = None


-try: from . import simpleldap as ldap
+try:
+    from . import simpleldap as ldap
+    from .simpleldap import ldapVersion
 except ImportError as err:
    log.debug("cannot import simpleldap, logging in with ldap will not work: %s", err)
    ldap = None
+    ldapVersion = None

 try:
    from . import SyncToken as SyncToken
--- a/cps/services/simpleldap.py
+++ b/cps/services/simpleldap.py
@ -23,6 +23,10 @@ from flask_simpleldap import LDAP, LDAPException

 from .. import constants, logger

+try:
+    from ldap.pkginfo import __version__ as ldapVersion
+except ImportError:
+    pass

 log = logger.create()
 _ldap = LDAP()
@ -34,14 +38,16 @@ def init_app(app, config):

    app.config['LDAP_HOST'] = config.config_ldap_provider_url
    app.config['LDAP_PORT'] = config.config_ldap_port
-    if config.config_ldap_encryption:
+    if config.config_ldap_encryption == 2:
        app.config['LDAP_SCHEMA'] = 'ldaps'
    else:
        app.config['LDAP_SCHEMA'] = 'ldap'
    # app.config['LDAP_SCHEMA'] = config.config_ldap_schema
    app.config['LDAP_USERNAME'] = config.config_ldap_serv_username
+    if config.config_ldap_serv_password is None:
+        config.config_ldap_serv_password = ''
    app.config['LDAP_PASSWORD'] = base64.b64decode(config.config_ldap_serv_password)
-    if config.config_ldap_cert_path:
+    if bool(config.config_ldap_cert_path):
        app.config['LDAP_REQUIRE_CERT'] = True
        app.config['LDAP_CERT_PATH'] = config.config_ldap_cert_path
    app.config['LDAP_BASE_DN'] = config.config_ldap_dn
@ -52,6 +58,7 @@ def init_app(app, config):
    app.config['LDAP_OPENLDAP'] = bool(config.config_ldap_openldap)
    app.config['LDAP_GROUP_OBJECT_FILTER'] = config.config_ldap_group_object_filter
    app.config['LDAP_GROUP_MEMBERS_FIELD'] = config.config_ldap_group_members_field
+    # app.config['LDAP_CUSTOM_OPTIONS'] = {'OPT_NETWORK_TIMEOUT': 10}

    _ldap.init_app(app)

@ -78,16 +85,22 @@ def bind_user(username, password):
    :returns: True if login succeeded, False if login failed, None if server unavailable.
    '''
    try:
-        result = _ldap.bind_user(username, password)
-        log.debug("LDAP login '%s': %r", username, result)
-        return result is not None
+        if _ldap.get_object_details(username):
+            result = _ldap.bind_user(username, password)
+            log.debug("LDAP login '%s': %r", username, result)
+            return result is not None, None
+        return None, None       # User not found
+    except (TypeError, AttributeError) as ex:
+        error = ("LDAP bind_user: %s" % ex)
+        return None, error
    except LDAPException as ex:
        if ex.message == 'Invalid credentials':
-            log.info("LDAP login '%s' failed: %s", username, ex)
-            return False
+            error = ("LDAP admin login failed")
+            return None, error
        if ex.message == "Can't contact LDAP server":
-            log.warning('LDAP Server down: %s', ex)
-            return None
+            # log.warning('LDAP Server down: %s', ex)
+            error = ('LDAP Server down: %s' % ex)
+            return None,  error
        else:
-            log.warning('LDAP Server error: %s', ex.message)
-            return None
+            error = ('LDAP Server error: %s' % ex.message)
+            return None, error
--- a/cps/templates/admin.html
+++ b/cps/templates/admin.html
@ -35,9 +35,8 @@
          {% endif %}
        {% endfor %}
      </table>
-      {% if not (config.config_login_type == 1) %}
        <div class="btn btn-default" id="admin_new_user"><a href="{{url_for('admin.new_user')}}">{{_('Add New User')}}</a></div>
-      {% else %}
+      {% if (config.config_login_type == 1) %}
        <div class="btn btn-default" id="import_ldap_users" data-toggle="modal" data-target="#StatusDialog">{{_('Import LDAP Users')}}</div>
        <!--a href="#" id="import_ldap_users" name="import_ldap_users"><button type="submit" class="btn btn-default">{{_('Import LDAP Users')}}</button></a-->
      {% endif %}
--- a/cps/templates/config_edit.html
+++ b/cps/templates/config_edit.html
@ -230,18 +230,11 @@
        </div>
        <div class="form-group">
          <label for="config_ldap_port">{{_('LDAP Server Port')}}</label>
-          <input type="text" class="form-control" id="config_ldap_port" name="config_ldap_port" value="{% if config.config_ldap_port != None %}{{ config.config_ldap_port }}{% endif %}" autocomplete="off">
+          <input type="number" min="1" max="65535" class="form-control" id="config_ldap_port" name="config_ldap_port" value="{% if config.config_ldap_port != None %}{{ config.config_ldap_port }}{% endif %}" autocomplete="off" required>
        </div>
        <div class="form-group">
-          <label for="config_ldap_serv_username">{{_('LDAP Administrator Username')}}</label>
-          <input type="text" class="form-control" id="config_ldap_serv_username" name="config_ldap_serv_username" value="{% if config.config_ldap_serv_username != None %}{{ config.config_ldap_serv_username }}{% endif %}" autocomplete="off">
-        </div>
-        <div class="form-group">
-          <label for="config_ldap_serv_password">{{_('LDAP Administrator Password')}}</label>
-          <input type="password" class="form-control" id="config_ldap_serv_password" name="config_ldap_serv_password" value="" autocomplete="off">
-        </div>
-        <div class="form-group">
-          <label for="config_ldap_encryption">{{_('Encryption')}}</label>
+          <label for="config_ldap_encryption">{{_('LDAP Encryption')}}</label>
+          <label for="config_ldap_encryption">{{_('LDAP Encryption')}}</label>
            <select name="config_ldap_encryption" id="config_ldap_encryption" class="form-control" data-controlall="ldap-cert-settings">
                <option value="0" {% if config.config_ldap_encryption == 0 %}selected{% endif %}>{{ _('None') }}</option>
                <option value="1" {% if config.config_ldap_encryption == 1 %}selected{% endif %}>{{ _('TLS') }}</option>
@ -250,10 +243,19 @@
        </div>
        <div data-related="ldap-cert-settings">
          <div class="form-group">
-            <label for="config_ldap_cert_path">{{_('LDAP SSL Certificate Path')}}</label>
+            <label for="config_ldap_cert_path">{{_('LDAP Certificate Path')}}</label>
            <input type="text" class="form-control" id="config_ldap_cert_path" name="config_ldap_cert_path" value="{% if config.config_ldap_cert_path != None %}{{ config.config_ldap_cert_path }}{% endif %}" autocomplete="off">
          </div>
        </div>
+
+        <div class="form-group">
+          <label for="config_ldap_serv_username">{{_('LDAP Administrator Username')}}</label>
+          <input type="text" class="form-control" id="config_ldap_serv_username" name="config_ldap_serv_username" value="{% if config.config_ldap_serv_username != None %}{{ config.config_ldap_serv_username }}{% endif %}" autocomplete="off">
+        </div>
+        <div class="form-group">
+          <label for="config_ldap_serv_password">{{_('LDAP Administrator Password')}}</label>
+          <input type="password" class="form-control" id="config_ldap_serv_password" name="config_ldap_serv_password" value="" autocomplete="off">
+        </div>
        <div class="form-group">
          <label for="config_ldap_dn">{{_('LDAP Distinguished Name (DN)')}}</label>
          <input type="text" class="form-control" id="config_ldap_dn" name="config_ldap_dn" value="{% if config.config_ldap_dn != None %}{{ config.config_ldap_dn }}{% endif %}" autocomplete="off">
@ -266,18 +268,19 @@
          <input type="checkbox" id="config_ldap_openldap" name="config_ldap_openldap" {% if config.config_ldap_openldap %}checked{% endif %}>
          <label for="config_ldap_openldap">{{_('LDAP Server is OpenLDAP?')}}</label>
        </div>
-        <div class="form-group">
-          <label for="config_ldap_group_object_filter">{{_('LDAP Group Object Filter')}}</label>
-          <input type="text" class="form-control" id="config_ldap_group_object_filter" name="config_ldap_group_object_filter" value="{% if config.config_ldap_group_object_filter != None %}{{ config.config_ldap_group_object_filter }}{% endif %}" autocomplete="off">
-        </div>
-        <div class="form-group">
-          <label for="config_ldap_group_members_field">{{_('LDAP Group Members Field')}}</label>
-          <input type="text" class="form-control" id="config_ldap_group_members_field" name="config_ldap_group_members_field" value="{% if config.config_ldap_group_members_field != None %}{{ config.config_ldap_group_members_field }}{% endif %}" autocomplete="off">
-        </div>
-        <div class="form-group">
-          <label for="config_ldap_group_name">{{_('LDAP Group Name')}}</label>
-          <input type="text" class="form-control" id="config_ldap_group_name" name="config_ldap_group_name" value="{% if config.config_ldap_group_name != None %}{{ config.config_ldap_group_name }}{% endif %}" autocomplete="off">
-        </div>
+          <h4 class="text-center">{{_('Following Settings are Needed For User Import')}}</h4>
+          <div class="form-group">
+            <label for="config_ldap_group_object_filter">{{_('LDAP Group Object Filter')}}</label>
+            <input type="text" class="form-control" id="config_ldap_group_object_filter" name="config_ldap_group_object_filter" value="{% if config.config_ldap_group_object_filter != None %}{{ config.config_ldap_group_object_filter }}{% endif %}" autocomplete="off">
+          </div>
+          <div class="form-group">
+            <label for="config_ldap_group_name">{{_('LDAP Group Name')}}</label>
+            <input type="text" class="form-control" id="config_ldap_group_name" name="config_ldap_group_name" value="{% if config.config_ldap_group_name != None %}{{ config.config_ldap_group_name }}{% endif %}" autocomplete="off">
+          </div>
+          <div class="form-group">
+            <label for="config_ldap_group_members_field">{{_('LDAP Group Members Field')}}</label>
+            <input type="text" class="form-control" id="config_ldap_group_members_field" name="config_ldap_group_members_field" value="{% if config.config_ldap_group_members_field != None %}{{ config.config_ldap_group_members_field }}{% endif %}" autocomplete="off">
+          </div>
      </div>
      {% endif %}
      {% if feature_support['oauth'] %}
--- a/cps/ub.py
+++ b/cps/ub.py
@ -232,7 +232,7 @@ class Anonymous(AnonymousUserMixin, UserBase):
        self.sidebar_view = data.sidebar_view
        self.default_language = data.default_language
        self.locale = data.locale
-        self.mature_content = data.mature_content
+        # self.mature_content = data.mature_content
        self.kindle_mail = data.kindle_mail
        self.denied_tags = data.denied_tags
        self.allowed_tags = data.allowed_tags
@ -441,14 +441,12 @@ def migrate_Database(session):
                            "locale VARCHAR(2),"
                            "sidebar_view INTEGER,"
                            "default_language VARCHAR(3),"
-                            "mature_content BOOLEAN,"
                            "UNIQUE (nickname),"
-                            "UNIQUE (email),"
-                            "CHECK (mature_content IN (0, 1)))")
+                            "UNIQUE (email))")
        conn.execute("INSERT INTO user_id(id, nickname, email, role, password, kindle_mail,locale,"
-                        "sidebar_view, default_language, mature_content) "
+                        "sidebar_view, default_language) "
                     "SELECT id, nickname, email, role, password, kindle_mail, locale,"
-                        "sidebar_view, default_language, mature_content FROM user")
+                        "sidebar_view, default_language FROM user")
        # delete old user table and rename new user_id table to user:
        conn.execute("DROP TABLE user")
        conn.execute("ALTER TABLE user_id RENAME TO user")
--- a/cps/web.py
+++ b/cps/web.py
@ -28,6 +28,7 @@ import json
 import mimetypes
 import traceback
 import binascii
+import re

 from babel import Locale as LC
 from babel.dates import format_date
@ -278,31 +279,66 @@ def import_ldap_users():
    showtext = {}
    try:
        new_users = services.ldap.get_group_members(config.config_ldap_group_name)
-    except services.ldap.LDAPException as e:
+    except (services.ldap.LDAPException, TypeError, AttributeError) as e:
        log.debug(e)
-        showtext['text'] = _(u'Error : %(ldaperror)s', ldaperror=e)
+        showtext['text'] = _(u'Error: %(ldaperror)s', ldaperror=e)
+        return json.dumps(showtext)
+    if not new_users:
+        log.debug('LDAP empty response')
+        showtext['text'] = _(u'Error: No user returned in response of LDAP server')
        return json.dumps(showtext)

    for username in new_users:
-        user_data = services.ldap.get_object_details(user=username, group=None, query_filter=None, dn_only=False)
-        content = ub.User()
-        content.nickname = username
-        content.password = username # dummy password which will be replaced by ldap one
-        content.email = user_data['mail'][0]
-        if (len(user_data['mail']) > 1):
-            content.kindle_mail = user_data['mail'][1]
-        content.role = config.config_default_role
-        content.sidebar_view = config.config_default_show
-        content.mature_content = bool(config.config_default_show & constants.MATURE_CONTENT)
-        ub.session.add(content)
-        try:
-            ub.session.commit()
-        except Exception as e:
-            log.warning("Failed to create LDAP user: %s - %s", username, e)
-            ub.session.rollback()
-            showtext['text'] = _(u'Failed to create at least one LDAP user')
+        user = username.decode('utf-8')
+        if '=' in user:
+            match = re.search("([a-zA-Z0-9-]+)=%s", config.config_ldap_user_object, re.IGNORECASE | re.UNICODE)
+            if match:
+                match_filter = match.group(1)
+                match = re.search(match_filter + "=([[\d\w-]+)", user, re.IGNORECASE | re.UNICODE)
+                if match:
+                    user = match.group(1)
+                else:
+                    log.warning("Could Not Parse LDAP User: %s", user)
+                    continue
+            else:
+                log.warning("Could Not Parse LDAP User: %s", user)
+                continue
+        if ub.session.query(ub.User).filter(ub.User.nickname == user.lower()).first():
+            log.warning("LDAP User: %s Already in Database", user)
+            continue
+        user_data = services.ldap.get_object_details(user=user,
+                                                     group=None,
+                                                     query_filter=None,
+                                                     dn_only=False)
+        if user_data:
+            content = ub.User()
+            content.nickname = user
+            content.password = '' # dummy password which will be replaced by ldap one
+            if 'mail' in user_data:
+                content.email = user_data['mail'][0].decode('utf-8')
+                if (len(user_data['mail']) > 1):
+                    content.kindle_mail = user_data['mail'][1].decode('utf-8')
+            else:
+                log.debug('No Mail Field Found in LDAP Response')
+                content.email = user + '@email.com'
+            content.role = config.config_default_role
+            content.sidebar_view = config.config_default_show
+            content.allowed_tags = config.config_allowed_tags
+            content.denied_tags = config.config_denied_tags
+            content.allowed_column_value = config.config_allowed_column_value
+            content.denied_column_value = config.config_denied_column_value
+            ub.session.add(content)
+            try:
+                ub.session.commit()
+            except Exception as e:
+                log.warning("Failed to create LDAP user: %s - %s", user, e)
+                ub.session.rollback()
+                showtext['text'] = _(u'Failed to Create at Least One LDAP User')
+        else:
+            log.warning("LDAP User: %s Not Found", user)
+            showtext['text'] = _(u'At Least One LDAP User Not Found in Database')
    if not showtext:
-        showtext['text'] = _(u'User successfully imported')
+        showtext['text'] = _(u'User Successfully Imported')
    return json.dumps(showtext)


@ -844,8 +880,9 @@ def reconnect():
@web.route("/search", methods=["GET"])
@login_required_if_no_ano
 def search():
-    term = request.args.get("query").strip().lower()
+    term = request.args.get("query")
    if term:
+        term.strip().lower()
        entries = get_search_results(term)
        ids = list()
        for element in entries:
@ -1175,24 +1212,27 @@ def login():
        form = request.form.to_dict()
        user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == form['username'].strip().lower())\
            .first()
-        if config.config_login_type == constants.LOGIN_LDAP and services.ldap and user:
-            login_result = services.ldap.bind_user(form['username'], form['password'])
+        if config.config_login_type == constants.LOGIN_LDAP and services.ldap and user and form['password'] != "":
+            login_result, error = services.ldap.bind_user(form['username'], form['password'])
+            # None if credentials are not matching
+            # -1 if LDAP Server error
+            # 0 if wrong passwort
            if login_result:
                login_user(user, remember=True)
                log.debug(u"You are now logged in as: '%s'", user.nickname)
                flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname),
                      category="success")
                return redirect_back(url_for("web.index"))
-            elif user and check_password_hash(str(user.password), form['password']) and user.nickname != "Guest":
+            elif login_result is None and user and check_password_hash(str(user.password), form['password']) and user.nickname != "Guest":
                login_user(user, remember=True)
-                log.info("LDAP Server Down, Fallback Login as: %(nickname)s", user.nickname)
-                flash(_(u"LDAP Server Down, Fallback Login as: '%(nickname)s'",
+                log.info("Local Fallback Login as: '%s'", user.nickname)
+                flash(_(u"Fallback Login as: '%(nickname)s', LDAP Server not reachable, or user not known",
                        nickname=user.nickname),
                        category="warning")
                return redirect_back(url_for("web.index"))
            elif login_result is None:
-                log.info("Could not login. LDAP server down")
-                flash(_(u"Could not login. LDAP server down, please contact your administrator"), category="error")
+                log.info(error)
+                flash(_(u"Could not login: %(message)s", message=error), category="error")
            else:
                ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
                log.info('LDAP Login failed for user "%s" IP-adress: %s', form['username'], ipAdress)
--- a/TestSummary.html
+++ b/TestSummary.html