oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-07-02 16:58:30 +00:00
Code Wiki Activity

LDAP auth: do not blindly assume groups have a 2-letter naming attribute

Browse source 
Instead, strip away everything before (and including) the '=' sign of ther RDN.
This commit is contained in:
Peter Marschall 2024-12-29 13:18:39 +01:00
parent 8c2feb4726
commit 0253682c00
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
radicale/auth/ldap.py
View file

@ -142,7 +142,9 @@ class Auth(auth.BaseAuth):
if self._ldap_load_groups: if self._ldap_load_groups:
tmp = [] tmp = []
for g in user_entry[1]['memberOf']: for g in user_entry[1]['memberOf']:
tmp.append(g.decode('utf-8').split(',')[0][3:]) """Get group g's RDN's attribute value"""
g = g.decode('utf-8').split(',')[0]
tmp.append(g.partition('=')[2])
self._ldap_groups = set(tmp) self._ldap_groups = set(tmp)
logger.debug("_login2 LDAP groups of user: %s", ",".join(self._ldap_groups)) logger.debug("_login2 LDAP groups of user: %s", ",".join(self._ldap_groups))
conn.unbind() conn.unbind()
@ -205,7 +207,9 @@ class Auth(auth.BaseAuth):
if self._ldap_load_groups: if self._ldap_load_groups:
tmp = [] tmp = []
for g in user_entry['attributes']['memberOf']: for g in user_entry['attributes']['memberOf']:
tmp.append(g.split(',')[0][3:]) """Get group g's RDN's attribute value"""
g = g.split(',')[0]
tmp.append(g.partition('=')[2])
self._ldap_groups = set(tmp) self._ldap_groups = set(tmp)
logger.debug("_login3 LDAP groups of user: %s", ",".join(self._ldap_groups)) logger.debug("_login3 LDAP groups of user: %s", ",".join(self._ldap_groups))
conn.unbind() conn.unbind()