diff --git a/radicale/acl/LDAP.py b/radicale/acl/LDAP.py index 32d0319..d6934ee 100644 --- a/radicale/acl/LDAP.py +++ b/radicale/acl/LDAP.py @@ -39,10 +39,18 @@ SCOPE = getattr(ldap, "SCOPE_%s" % config.get("acl", "ldap_scope").upper()) def has_right(owner, user, password): """Check if ``user``/``password`` couple is valid.""" + global CONNEXION + if not user or (owner not in acl.PRIVATE_USERS and user != owner): # No user given, or owner is not private and is not user, forbidden return False + try: + CONNEXION.whoami_s() + except: + log.LOGGER.debug("Reconnecting the LDAP server") + CONNEXION = ldap.initialize(config.get("acl", "ldap_url")) + if BINDDN and PASSWORD: log.LOGGER.debug("Initial LDAP bind as %s" % BINDDN) CONNEXION.simple_bind_s(BINDDN, PASSWORD)