mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-08 22:50:26 +00:00
Fix LDAP password checking issue due to indention level
This commit is contained in:
parent
e4c8f5e100
commit
ea53ae340f
@ -212,7 +212,7 @@ class User(db.Model):
|
|||||||
LDAP_USER_GROUP = Setting().get('ldap_user_group')
|
LDAP_USER_GROUP = Setting().get('ldap_user_group')
|
||||||
LDAP_GROUP_SECURITY_ENABLED = Setting().get('ldap_sg_enabled')
|
LDAP_GROUP_SECURITY_ENABLED = Setting().get('ldap_sg_enabled')
|
||||||
|
|
||||||
# validate ldap user password
|
# validate AD user password
|
||||||
if Setting().get('ldap_type') == 'ad':
|
if Setting().get('ldap_type') == 'ad':
|
||||||
ldap_username = "{0}@{1}".format(self.username,Setting().get('ldap_domain'))
|
ldap_username = "{0}@{1}".format(self.username,Setting().get('ldap_domain'))
|
||||||
if not self.ldap_auth(ldap_username, self.password):
|
if not self.ldap_auth(ldap_username, self.password):
|
||||||
@ -231,6 +231,13 @@ class User(db.Model):
|
|||||||
else:
|
else:
|
||||||
try:
|
try:
|
||||||
ldap_username = ldap.filter.escape_filter_chars(ldap_result[0][0][0])
|
ldap_username = ldap.filter.escape_filter_chars(ldap_result[0][0][0])
|
||||||
|
|
||||||
|
if Setting().get('ldap_type') != 'ad':
|
||||||
|
# validate ldap user password
|
||||||
|
if not self.ldap_auth(ldap_username, self.password):
|
||||||
|
logging.error('User "{0}" input a wrong LDAP password. Authentication request from {1}'.format(self.username, src_ip))
|
||||||
|
return False
|
||||||
|
|
||||||
# check if LDAP_GROUP_SECURITY_ENABLED is True
|
# check if LDAP_GROUP_SECURITY_ENABLED is True
|
||||||
# user can be assigned to ADMIN or USER role.
|
# user can be assigned to ADMIN or USER role.
|
||||||
if LDAP_GROUP_SECURITY_ENABLED:
|
if LDAP_GROUP_SECURITY_ENABLED:
|
||||||
@ -277,12 +284,6 @@ class User(db.Model):
|
|||||||
logging.debug(traceback.format_exc())
|
logging.debug(traceback.format_exc())
|
||||||
return False
|
return False
|
||||||
|
|
||||||
if Setting().get('ldap_type') != 'ad':
|
|
||||||
# validate ldap user password
|
|
||||||
if not self.ldap_auth(ldap_username, self.password):
|
|
||||||
logging.error('User "{0}" input a wrong LDAP password. Authentication request from {1}'.format(self.username, src_ip))
|
|
||||||
return False
|
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logging.error('Wrong LDAP configuration. {0}'.format(e))
|
logging.error('Wrong LDAP configuration. {0}'.format(e))
|
||||||
logging.debug(traceback.format_exc())
|
logging.debug(traceback.format_exc())
|
||||||
|
Loading…
Reference in New Issue
Block a user