directory: handle broken groups ACL, migrate to cn=sso
parent
2f8816cfda
commit
b3483a9b6d
|
@ -57,15 +57,22 @@ class LDAPUserProxy(object):
|
||||||
self.phone = data.get("mobile", [b""])[0].decode() or None
|
self.phone = data.get("mobile", [b""])[0].decode() or None
|
||||||
self.personal_email = data.get("mailRoutingAddress", [b""])[0].decode() or None
|
self.personal_email = data.get("mailRoutingAddress", [b""])[0].decode() or None
|
||||||
|
|
||||||
self.groups = [
|
try:
|
||||||
data["cn"][0].decode()
|
self.groups = [
|
||||||
for dn, data in conn.search_s(
|
data["cn"][0].decode()
|
||||||
app.config["LDAP_GROUPS_BASEDN"],
|
for dn, data in conn.search_s(
|
||||||
ldap.SCOPE_SUBTREE,
|
app.config["LDAP_GROUPS_BASEDN"],
|
||||||
app.config["LDAP_GROUP_MEMBERSHIP_FILTER"] % dn,
|
ldap.SCOPE_SUBTREE,
|
||||||
["cn"],
|
app.config["LDAP_GROUP_MEMBERSHIP_FILTER"] % dn,
|
||||||
|
["cn"],
|
||||||
|
)
|
||||||
|
]
|
||||||
|
except ldap.NO_SUCH_OBJECT:
|
||||||
|
logging.warning(
|
||||||
|
"ldap.NO_SUCH_OBJECT occured when searching groups, "
|
||||||
|
"LDAP_BIND_DN likely doesn't have access to groups basedn"
|
||||||
)
|
)
|
||||||
]
|
self.groups = []
|
||||||
|
|
||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
active = "active" if self.is_active else "inactive"
|
active = "active" if self.is_active else "inactive"
|
||||||
|
|
|
@ -42,7 +42,7 @@ LDAP_GROUP_MEMBERSHIP_FILTER = env.str(
|
||||||
)
|
)
|
||||||
|
|
||||||
LDAP_BIND_DN = env.str(
|
LDAP_BIND_DN = env.str(
|
||||||
"LDAP_BIND_DN", default="cn=auth,ou=Services,dc=hackerspace,dc=pl"
|
"LDAP_BIND_DN", default="cn=sso,ou=Services,dc=hackerspace,dc=pl"
|
||||||
)
|
)
|
||||||
LDAP_BIND_PASSWORD = env.str("LDAP_BIND_PASSWORD", default="insert password here")
|
LDAP_BIND_PASSWORD = env.str("LDAP_BIND_PASSWORD", default="insert password here")
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue