mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-12-30 15:05:39 +00:00
Avoid searching for AD user's memberOf while it is missing and LDAP_GROUP_SECURITY_ENABLED is ON
This commit is contained in:
parent
4a0d580e32
commit
a39f5c622c
@ -249,7 +249,13 @@ class User(db.Model):
|
|||||||
return False
|
return False
|
||||||
elif LDAP_TYPE == 'ad':
|
elif LDAP_TYPE == 'ad':
|
||||||
user_ldap_groups = []
|
user_ldap_groups = []
|
||||||
for group in [g.decode("utf-8") for g in ldap_result[0][0][1]['memberOf']]:
|
user_ad_member_of = ldap_result[0][0][1].get('memberOf')
|
||||||
|
|
||||||
|
if not user_ad_member_of:
|
||||||
|
logging.error('User {0} does not belong to any group while LDAP_GROUP_SECURITY_ENABLED is ON'.format(self.username))
|
||||||
|
return False
|
||||||
|
|
||||||
|
for group in [g.decode("utf-8") for g in user_ad_member_of]:
|
||||||
user_ldap_groups += self.ad_recursive_groups( group )
|
user_ldap_groups += self.ad_recursive_groups( group )
|
||||||
|
|
||||||
if (LDAP_ADMIN_GROUP in user_ldap_groups):
|
if (LDAP_ADMIN_GROUP in user_ldap_groups):
|
||||||
|
@ -216,7 +216,7 @@
|
|||||||
Basic filter - The filter that will be applied to all LDAP query by PDA. (e.g. <i>(objectClass=inetorgperson)</i> for OpenLDAP and <i>(objectClass=organizationalPerson)</i> for Active Directory)
|
Basic filter - The filter that will be applied to all LDAP query by PDA. (e.g. <i>(objectClass=inetorgperson)</i> for OpenLDAP and <i>(objectClass=organizationalPerson)</i> for Active Directory)
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
Username field - The field PDA will look for user's username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i> or <i>userPrincipalName</i> for Active Directory)
|
Username field - The field PDA will look for user's username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i> for Active Directory)
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
</dd>
|
</dd>
|
||||||
|
Loading…
Reference in New Issue
Block a user