From a39f5c622c9c85e0b4fa6e6ac4df861e7f8e3b62 Mon Sep 17 00:00:00 2001 From: Khanh Ngo Date: Wed, 24 Oct 2018 13:30:19 +0700 Subject: [PATCH] Avoid searching for AD user's memberOf while it is missing and LDAP_GROUP_SECURITY_ENABLED is ON --- app/models.py | 8 +++++++- app/templates/admin_setting_authentication.html | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/app/models.py b/app/models.py index 4053ca8..116053f 100644 --- a/app/models.py +++ b/app/models.py @@ -249,7 +249,13 @@ class User(db.Model): return False elif LDAP_TYPE == 'ad': user_ldap_groups = [] - for group in [g.decode("utf-8") for g in ldap_result[0][0][1]['memberOf']]: + user_ad_member_of = ldap_result[0][0][1].get('memberOf') + + if not user_ad_member_of: + logging.error('User {0} does not belong to any group while LDAP_GROUP_SECURITY_ENABLED is ON'.format(self.username)) + return False + + for group in [g.decode("utf-8") for g in user_ad_member_of]: user_ldap_groups += self.ad_recursive_groups( group ) if (LDAP_ADMIN_GROUP in user_ldap_groups): diff --git a/app/templates/admin_setting_authentication.html b/app/templates/admin_setting_authentication.html index 3becf6e..8bb629b 100644 --- a/app/templates/admin_setting_authentication.html +++ b/app/templates/admin_setting_authentication.html @@ -216,7 +216,7 @@ Basic filter - The filter that will be applied to all LDAP query by PDA. (e.g. (objectClass=inetorgperson) for OpenLDAP and (objectClass=organizationalPerson) for Active Directory)
  • - Username field - The field PDA will look for user's username. (e.g. uid for OpenLDAP and sAMAccountName or userPrincipalName for Active Directory) + Username field - The field PDA will look for user's username. (e.g. uid for OpenLDAP and sAMAccountName for Active Directory)