Adapt code to the review.

Adapt includes to satisfy isort.
2025-06-26 16:45:52 +00:00 · 2025-05-30 18:38:45 +02:00 · 2025-05-30 18:38:45 +02:00 · 5b20813bd7
commit 5b20813bd7
parent e3b5a6040b
12 changed files with 25 additions and 24 deletions
--- a/7
+++ b/7
@ -92,10 +92,13 @@
 # Path of the file containing password of the reader DN
 #ldap_secret_file = /run/secrets/ldap_password
-# The attribute to read the group memberships. This can be memberOf from the user's LDAP entry. member or uniqueMember can also be used. In this case an additional ldap search will be executed to find the groups where the user is member of.
+# The attribute in user entry to read the group memberships.
 #ldap_groups_attribute =
-# The base dn to find the groups. Will be used only if ldap_groups_attribute is member or uniqueMember. If not given ldap_base will be used.
+# The attribute in group entries to read the group memberships.
 #ldap_group_members_attribute =
 # The base dn to find the groups. Necessary only if ldap_group_members_attribute is defined and other then ldap_base.
 #ldap_groups_base =
 # The filter to find the DN of the user. This filter must contain a python-style placeholder for the login
--- a/radicale/app/proppatch.py
+++ b/radicale/app/proppatch.py
@ -27,7 +27,6 @@ from http import client
 from typing import Dict, Optional, cast
 import defusedxml.ElementTree as DefusedET
 import radicale.item as radicale_item
 from radicale import httputils, storage, types, xmlutils
 from radicale.app.base import Access, ApplicationBase
--- a/radicale/auth/htpasswd.py
+++ b/radicale/auth/htpasswd.py
@ -60,7 +60,6 @@ import time
 from typing import Any, Tuple
 from passlib.hash import apr_md5_crypt, sha256_crypt, sha512_crypt
 from radicale import auth, config, logger
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@ -79,6 +79,7 @@ class Auth(auth.BaseAuth):
        self._ldap_filter = configuration.get("auth", "ldap_filter")
        self._ldap_user_attr = configuration.get("auth", "ldap_user_attribute")
        self._ldap_groups_attr = configuration.get("auth", "ldap_groups_attribute")
        self._ldap_group_members_attr = configuration.get("auth", "ldap_group_members_attribute")
        self._ldap_groups_base = configuration.get("auth", "ldap_groups_base")
        if self._ldap_groups_base == "":
            self._ldap_groups_base = self._ldap_base
@ -134,8 +135,8 @@ class Auth(auth.BaseAuth):
            else:
                logger.info("auth.ldap_ssl_ca_file     : (not provided)")
        """Extend attributes to to be returned in the user query"""
-        if self._ldap_groups_attr == "memberOf":
+        if self._ldap_groups_attr:
-            self._ldap_attributes.append("memberOf")
+            self._ldap_attributes.append(self._ldap_groups_attr)
        if self._ldap_user_attr:
            self._ldap_attributes.append(self._ldap_user_attr)
        logger.info("ldap_attributes           : %r" % self._ldap_attributes)
@ -177,13 +178,13 @@ class Auth(auth.BaseAuth):
            conn.simple_bind_s(user_dn, password)
            tmp: list[str] = []
            gdns: list[str] = []
-            if self._ldap_groups_attr == "memberOf":
+            if self._ldap_groups_attr:
                gdns = user_entry[1][self._ldap_groups_attr]
-            elif self._ldap_groups_attr == "member" or self._ldap_groups_attr == "uniqueMember":
+            elif self._ldap_group_members_attr:
                res = conn.search_s(
                    self._ldap_groups_base,
                    self.ldap.SCOPE_SUBTREE,
-                    filterstr="({0}={1})".format(self._ldap_groups_attr,user_dn),
+                    filterstr="({0}={1})".format(self._ldap_group_members_attr,user_dn),
                    attrlist=self._ldap_attributes
                )
            for g in gdns:
@ -275,12 +276,12 @@ class Auth(auth.BaseAuth):
            tmp: list[str] = []
            gdns: list[str] = []
            """Let's collect the groups of the user."""
-            if self._ldap_groups_attr == "memberOf":
+            if self._ldap_groups_attr:
-                gdns = user_entry['attributes']['memberOf']
+                gdns = user_entry['attributes'][self._ldap_groups_attr]
-            elif self._ldap_groups_attr == "member" or self._ldap_groups_attr == "uniqueMember":
+            elif self._ldap_group_members_attr:
                conn.search(
                    search_base=self._ldap_groups_base,
-                    search_filter="({0}={1})".format(self._ldap_groups_attr,user_dn),
+                    search_filter="({0}={1})".format(self._ldap_group_members_attr,user_dn),
                    search_scope=self.ldap3.SUBTREE,
                    attributes="dn"
                )
--- a/radicale/config.py
+++ b/radicale/config.py
@ -293,11 +293,15 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
            "type": str}),
        ("ldap_groups_attribute", {
            "value": "",
-            "help": "Attribute to read the group memberships from. Valid values are memberOf, member or uniqueMember. If no value is given group memebership will be ignored.",
+            "help": "Attribute in the user entry to read the group memberships from.",
            "type": str}),
        ("ldap_group_members_attribute", {
            "value": "",
            "help": "Attribute in the group entries to read the group memberships from.",
            "type": str}),
        ("ldap_groups_base_dn", {
            "value": "",
-            "help": "The base dn to find the groups. Necessary only if ldap_groups attribute is member or uniqueMember. If not given ldap_base will be used.",
+            "help": "The base dn to find the groups. Necessary only if ldap_group_members_attribute is defined and other then ldap_base.",
            "type": str}),
        ("ldap_use_ssl", {
            "value": "False",
--- a/radicale/hook/rabbitmq/init.py
+++ b/radicale/hook/rabbitmq/init.py
@ -1,6 +1,5 @@
 import pika
 from pika.exceptions import ChannelWrongStateError, StreamLostError
 from radicale import hook
 from radicale.hook import HookNotificationItem
 from radicale.log import logger
--- a/radicale/tests/init.py
+++ b/radicale/tests/init.py
@ -31,9 +31,9 @@ from io import BytesIO
 from typing import Any, Dict, List, Optional, Tuple, Union
 from urllib.parse import quote
 import defusedxml.ElementTree as DefusedET
 import vobject
 import defusedxml.ElementTree as DefusedET
 import radicale
 from radicale import app, config, types, xmlutils
--- a/radicale/tests/test_auth.py
+++ b/radicale/tests/test_auth.py
@ -29,7 +29,6 @@ import sys
 from typing import Iterable, Tuple, Union
 import pytest
 from radicale import xmlutils
 from radicale.tests import BaseTest
--- a/radicale/tests/test_base.py
+++ b/radicale/tests/test_base.py
@ -26,9 +26,9 @@ import os
 import posixpath
 from typing import Any, Callable, ClassVar, Iterable, List, Optional, Tuple
 import defusedxml.ElementTree as DefusedET
 import vobject
 import defusedxml.ElementTree as DefusedET
 from radicale import storage, xmlutils
 from radicale.tests import RESPONSES, BaseTest
 from radicale.tests.helpers import get_file_content
--- a/radicale/tests/test_config.py
+++ b/radicale/tests/test_config.py
@ -21,7 +21,6 @@ from configparser import RawConfigParser
 from typing import List, Tuple
 import pytest
 from radicale import config, types
 from radicale.tests.helpers import configuration_to_dict
--- a/radicale/tests/test_server.py
+++ b/radicale/tests/test_server.py
@ -34,7 +34,6 @@ from urllib import request
 from urllib.error import HTTPError, URLError
 import pytest
 from radicale import config, server
 from radicale.tests import BaseTest
 from radicale.tests.helpers import configuration_to_dict, get_file_path
--- a/radicale/tests/test_storage.py
+++ b/radicale/tests/test_storage.py
@ -26,7 +26,6 @@ import shutil
 from typing import ClassVar, cast
 import pytest
 import radicale.tests.custom.storage_simple_sync
 from radicale.tests import BaseTest
 from radicale.tests.helpers import get_file_content