directory: handle broken groups ACL, migrate to cn=sso

This commit is contained in:
informatic 2020-10-10 18:56:07 +02:00
parent 2f8816cfda
commit b3483a9b6d
2 changed files with 16 additions and 9 deletions

View file

@ -57,15 +57,22 @@ class LDAPUserProxy(object):
self.phone = data.get("mobile", [b""])[0].decode() or None
self.personal_email = data.get("mailRoutingAddress", [b""])[0].decode() or None
self.groups = [
data["cn"][0].decode()
for dn, data in conn.search_s(
app.config["LDAP_GROUPS_BASEDN"],
ldap.SCOPE_SUBTREE,
app.config["LDAP_GROUP_MEMBERSHIP_FILTER"] % dn,
["cn"],
try:
self.groups = [
data["cn"][0].decode()
for dn, data in conn.search_s(
app.config["LDAP_GROUPS_BASEDN"],
ldap.SCOPE_SUBTREE,
app.config["LDAP_GROUP_MEMBERSHIP_FILTER"] % dn,
["cn"],
)
]
except ldap.NO_SUCH_OBJECT:
logging.warning(
"ldap.NO_SUCH_OBJECT occured when searching groups, "
"LDAP_BIND_DN likely doesn't have access to groups basedn"
)
]
self.groups = []
def __repr__(self):
active = "active" if self.is_active else "inactive"

View file

@ -42,7 +42,7 @@ LDAP_GROUP_MEMBERSHIP_FILTER = env.str(
)
LDAP_BIND_DN = env.str(
"LDAP_BIND_DN", default="cn=auth,ou=Services,dc=hackerspace,dc=pl"
"LDAP_BIND_DN", default="cn=sso,ou=Services,dc=hackerspace,dc=pl"
)
LDAP_BIND_PASSWORD = env.str("LDAP_BIND_PASSWORD", default="insert password here")