Avoid searching for AD user's memberOf while it is missing and LDAP_GROUP_SECURITY_ENABLED is ON

This commit is contained in:
Khanh Ngo 2018-10-24 13:30:19 +07:00
parent 4a0d580e32
commit a39f5c622c
No known key found for this signature in database
GPG Key ID: B9AE3BAF6D5A7B22
2 changed files with 8 additions and 2 deletions

View File

@ -249,7 +249,13 @@ class User(db.Model):
return False return False
elif LDAP_TYPE == 'ad': elif LDAP_TYPE == 'ad':
user_ldap_groups = [] user_ldap_groups = []
for group in [g.decode("utf-8") for g in ldap_result[0][0][1]['memberOf']]: user_ad_member_of = ldap_result[0][0][1].get('memberOf')
if not user_ad_member_of:
logging.error('User {0} does not belong to any group while LDAP_GROUP_SECURITY_ENABLED is ON'.format(self.username))
return False
for group in [g.decode("utf-8") for g in user_ad_member_of]:
user_ldap_groups += self.ad_recursive_groups( group ) user_ldap_groups += self.ad_recursive_groups( group )
if (LDAP_ADMIN_GROUP in user_ldap_groups): if (LDAP_ADMIN_GROUP in user_ldap_groups):

View File

@ -216,7 +216,7 @@
Basic filter - The filter that will be applied to all LDAP query by PDA. (e.g. <i>(objectClass=inetorgperson)</i> for OpenLDAP and <i>(objectClass=organizationalPerson)</i> for Active Directory) Basic filter - The filter that will be applied to all LDAP query by PDA. (e.g. <i>(objectClass=inetorgperson)</i> for OpenLDAP and <i>(objectClass=organizationalPerson)</i> for Active Directory)
</li> </li>
<li> <li>
Username field - The field PDA will look for user's username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i> or <i>userPrincipalName</i> for Active Directory) Username field - The field PDA will look for user's username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i> for Active Directory)
</li> </li>
</ul> </ul>
</dd> </dd>