oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-09-30 21:12:05 +00:00
Code Wiki Activity

LDAP auth: move evaluation of quirk for Authentik where it belongs

Browse source 
The evaluation of the quirk for the Authentik LDAP server changes the behaviour
of Python's `ldap3` module, and that module only.
Evaluating the quirk in `__init__` which is used for both, `ldap` and `ldap3`
is thus wrong, and may lead to errors when this setting is used together with
the `ldap` module.

Signed-off-by: Peter Marschall <peter@adpm.de>
This commit is contained in:
Peter Marschall 2025-09-19 18:06:50 +02:00
parent 8f76e9913b
commit 5f89d18df6
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
radicale/auth/ldap.py
View file

@ -88,9 +88,6 @@ class Auth(auth.BaseAuth):
raise RuntimeError("LDAP authentication requires the ldap3 module") from e raise RuntimeError("LDAP authentication requires the ldap3 module") from e
self._ldap_ignore_attribute_create_modify_timestamp = configuration.get("auth", "ldap_ignore_attribute_create_modify_timestamp") self._ldap_ignore_attribute_create_modify_timestamp = configuration.get("auth", "ldap_ignore_attribute_create_modify_timestamp")
if self._ldap_ignore_attribute_create_modify_timestamp:
logger.info("auth.ldap_ignore_attribute_create_modify_timestamp will be applied")
self._ldap_uri = configuration.get("auth", "ldap_uri") self._ldap_uri = configuration.get("auth", "ldap_uri")
self._ldap_base = configuration.get("auth", "ldap_base") self._ldap_base = configuration.get("auth", "ldap_base")
self._ldap_reader_dn = configuration.get("auth", "ldap_reader_dn") self._ldap_reader_dn = configuration.get("auth", "ldap_reader_dn")
@ -165,6 +162,8 @@ class Auth(auth.BaseAuth):
logger.info("auth.ldap_ssl_ca_file : %r" % self._ldap_ssl_ca_file) logger.info("auth.ldap_ssl_ca_file : %r" % self._ldap_ssl_ca_file)
else: else:
logger.info("auth.ldap_ssl_ca_file : (not provided)") logger.info("auth.ldap_ssl_ca_file : (not provided)")
if self._ldap_ignore_attribute_create_modify_timestamp:
logger.info("auth.ldap_ignore_attribute_create_modify_timestamp applied (relevant for ldap3 only)")
"""Extend attributes to to be returned in the user query""" """Extend attributes to to be returned in the user query"""
if self._ldap_groups_attr: if self._ldap_groups_attr:
self._ldap_attributes.append(self._ldap_groups_attr) self._ldap_attributes.append(self._ldap_groups_attr)
@ -258,9 +257,10 @@ class Auth(auth.BaseAuth):
return "" return ""
def _login3(self, login: str, password: str) -> str: def _login3(self, login: str, password: str) -> str:
"""Connect the server"""
if self._ldap_ignore_attribute_create_modify_timestamp: if self._ldap_ignore_attribute_create_modify_timestamp:
self.ldap3.utils.config._ATTRIBUTES_EXCLUDED_FROM_CHECK.extend(['createTimestamp', 'modifyTimestamp']) self.ldap3.utils.config._ATTRIBUTES_EXCLUDED_FROM_CHECK.extend(['createTimestamp', 'modifyTimestamp'])
"""Connect the server"""
try: try:
logger.debug(f"_login3 {self._ldap_uri}, {self._ldap_reader_dn}") logger.debug(f"_login3 {self._ldap_uri}, {self._ldap_reader_dn}")
if self._use_encryption: if self._use_encryption: