cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-11-08 14:40:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix LDAP password checking issue due to indention level

Browse Source
This commit is contained in:
Khanh Ngo 2018-11-12 16:30:18 +07:00
parent e4c8f5e100
commit ea53ae340f
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/models.py
View File

@ -212,7 +212,7 @@ class User(db.Model):
LDAP_USER_GROUP = Setting().get('ldap_user_group') LDAP_USER_GROUP = Setting().get('ldap_user_group')
LDAP_GROUP_SECURITY_ENABLED = Setting().get('ldap_sg_enabled') LDAP_GROUP_SECURITY_ENABLED = Setting().get('ldap_sg_enabled')
# validate ldap user password # validate AD user password
if Setting().get('ldap_type') == 'ad': if Setting().get('ldap_type') == 'ad':
ldap_username = "{0}@{1}".format(self.username,Setting().get('ldap_domain')) ldap_username = "{0}@{1}".format(self.username,Setting().get('ldap_domain'))
if not self.ldap_auth(ldap_username, self.password): if not self.ldap_auth(ldap_username, self.password):
@ -231,6 +231,13 @@ class User(db.Model):
else: else:
try: try:
ldap_username = ldap.filter.escape_filter_chars(ldap_result[0][0][0]) ldap_username = ldap.filter.escape_filter_chars(ldap_result[0][0][0])
if Setting().get('ldap_type') != 'ad':
# validate ldap user password
if not self.ldap_auth(ldap_username, self.password):
logging.error('User "{0}" input a wrong LDAP password. Authentication request from {1}'.format(self.username, src_ip))
return False
# check if LDAP_GROUP_SECURITY_ENABLED is True # check if LDAP_GROUP_SECURITY_ENABLED is True
# user can be assigned to ADMIN or USER role. # user can be assigned to ADMIN or USER role.
if LDAP_GROUP_SECURITY_ENABLED: if LDAP_GROUP_SECURITY_ENABLED:
@ -277,12 +284,6 @@ class User(db.Model):
logging.debug(traceback.format_exc()) logging.debug(traceback.format_exc())
return False return False
if Setting().get('ldap_type') != 'ad':
# validate ldap user password
if not self.ldap_auth(ldap_username, self.password):
logging.error('User "{0}" input a wrong LDAP password. Authentication request from {1}'.format(self.username, src_ip))
return False
except Exception as e: except Exception as e:
logging.error('Wrong LDAP configuration. {0}'.format(e)) logging.error('Wrong LDAP configuration. {0}'.format(e))
logging.debug(traceback.format_exc()) logging.debug(traceback.format_exc())