From e7dcb39efb0b73c9f687c502951c5346d10fa633 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Wed, 21 Jan 2026 11:30:34 +0100 Subject: [PATCH 1/2] keyringer backend: handle 'Nothing matches' output, keyringer doesn't fail properly --- src/ldaptool/search/config.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/ldaptool/search/config.py b/src/ldaptool/search/config.py index 7c99562..3f9b490 100644 --- a/src/ldaptool/search/config.py +++ b/src/ldaptool/search/config.py @@ -121,7 +121,10 @@ class Keyringer(PasswordManager): check=True, encoding="utf-8", ) - return result.stdout.strip() + password = result.stdout.strip() + if "Nothing matches , try again." in password: + raise SystemExit(f"No password stored for {secretname}") + return password @dataclasses.dataclass From 5e3d9d8618f63737e3b07149a3dddcca7e29cf7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Wed, 21 Jan 2026 11:31:04 +0100 Subject: [PATCH 2/2] use only first line from multi-line password entries (and strip whitespace) --- src/ldaptool/search/_search.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/ldaptool/search/_search.py b/src/ldaptool/search/_search.py index 124f1f5..dcd577b 100644 --- a/src/ldaptool/search/_search.py +++ b/src/ldaptool/search/_search.py @@ -26,7 +26,10 @@ def search(*, config: Config, arguments: Arguments) -> typing.Iterable[Result]: if arguments.krb: ldap_con.sasl_gssapi_bind_s() else: - ldap_con.simple_bind_s(realm.account, config.get_password(realm)) + password = config.get_password(realm) + # use only first line (and without whitespace); assume remaining lines are comments/... + password = password.splitlines()[0].strip() + ldap_con.simple_bind_s(realm.account, password) assert arguments.base assert arguments.filter