directory: handle broken groups ACL, migrate to cn=sso
This commit is contained in:
parent
2f8816cfda
commit
b3483a9b6d
2 changed files with 16 additions and 9 deletions
|
@ -57,15 +57,22 @@ class LDAPUserProxy(object):
|
|||
self.phone = data.get("mobile", [b""])[0].decode() or None
|
||||
self.personal_email = data.get("mailRoutingAddress", [b""])[0].decode() or None
|
||||
|
||||
self.groups = [
|
||||
data["cn"][0].decode()
|
||||
for dn, data in conn.search_s(
|
||||
app.config["LDAP_GROUPS_BASEDN"],
|
||||
ldap.SCOPE_SUBTREE,
|
||||
app.config["LDAP_GROUP_MEMBERSHIP_FILTER"] % dn,
|
||||
["cn"],
|
||||
try:
|
||||
self.groups = [
|
||||
data["cn"][0].decode()
|
||||
for dn, data in conn.search_s(
|
||||
app.config["LDAP_GROUPS_BASEDN"],
|
||||
ldap.SCOPE_SUBTREE,
|
||||
app.config["LDAP_GROUP_MEMBERSHIP_FILTER"] % dn,
|
||||
["cn"],
|
||||
)
|
||||
]
|
||||
except ldap.NO_SUCH_OBJECT:
|
||||
logging.warning(
|
||||
"ldap.NO_SUCH_OBJECT occured when searching groups, "
|
||||
"LDAP_BIND_DN likely doesn't have access to groups basedn"
|
||||
)
|
||||
]
|
||||
self.groups = []
|
||||
|
||||
def __repr__(self):
|
||||
active = "active" if self.is_active else "inactive"
|
||||
|
|
|
@ -42,7 +42,7 @@ LDAP_GROUP_MEMBERSHIP_FILTER = env.str(
|
|||
)
|
||||
|
||||
LDAP_BIND_DN = env.str(
|
||||
"LDAP_BIND_DN", default="cn=auth,ou=Services,dc=hackerspace,dc=pl"
|
||||
"LDAP_BIND_DN", default="cn=sso,ou=Services,dc=hackerspace,dc=pl"
|
||||
)
|
||||
LDAP_BIND_PASSWORD = env.str("LDAP_BIND_PASSWORD", default="insert password here")
|
||||
|
||||
|
|
Loading…
Reference in a new issue