# HG changeset patch
# User Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
# Date 1392375800 -3600
# Node ID cbc46f94081d69ed473f9e8d919d397aa7f6bed1
# Parent  0188e957ce84d8fc9d6229e9d085b2810f275efe
[ldapparser, book] document additional error causes

diff -r 0188e957ce84 -r cbc46f94081d doc/book/en/admin/ldap.rst
--- a/doc/book/en/admin/ldap.rst	Fri Feb 14 14:39:55 2014 +0100
+++ b/doc/book/en/admin/ldap.rst	Fri Feb 14 12:03:20 2014 +0100
@@ -85,7 +85,9 @@
 
 If the LDAP server accepts anonymous binds, then it is possible to
 leave data-cnx-dn and data-cnx-password empty. This is, however, quite
-unlikely in practice.
+unlikely in practice. Beware that the LDAP server might hide attributes
+such as "userPassword" while the rest of the attributes remain visible
+through an anonymous binding.
 
 LDAP schema mapping options:
 
diff -r 0188e957ce84 -r cbc46f94081d sobjects/ldapparser.py
--- a/sobjects/ldapparser.py	Fri Feb 14 14:39:55 2014 +0100
+++ b/sobjects/ldapparser.py	Fri Feb 14 12:03:20 2014 +0100
@@ -142,9 +142,11 @@
                 try:
                     tdict[tattr] = sdict[sattr]
                 except KeyError:
-                    raise ConfigurationError('source attribute %s is not present '
-                                             'in the source, please check the '
-                                             '%s-attrs-map field' %
+                    raise ConfigurationError('source attribute %s has not '
+                                             'been found in the source, '
+                                             'please check the %s-attrs-map '
+                                             'field and the permissions of '
+                                             'the LDAP binding user' %
                                              (sattr, etype[2:].lower()))
         return tdict
 
@@ -168,7 +170,7 @@
         etype = entity.cw_etype
         if etype == 'EmailAddress':
             return
-        # all CWUsers must be treated before CWGroups to have to in_group relation
+        # all CWUsers must be treated before CWGroups to have the in_group relation
         # set correctly in _associate_ldapusers
         elif etype == 'CWUser':
             groups = filter(None, [self._get_group(name)
@@ -196,7 +198,7 @@
         if not isinstance(emailaddrs, list):
             emailaddrs = [emailaddrs]
         for emailaddr in emailaddrs:
-            # search for existant email first, may be coming from another source
+            # search for existing email first, may be coming from another source
             rset = self._cw.execute('EmailAddress X WHERE X address %(addr)s',
                                    {'addr': emailaddr})
             if not rset: