Merge pull request #1570 from petervarkoly/master

Fix issue #197
2025-08-01 18:18:31 +00:00 · 2024-09-17 20:28:40 +02:00 · 2024-09-17 20:28:40 +02:00 · 7fbc0e70e9
commit 7fbc0e70e9
parent da844f48e6 15ed41fa09
1 changed files with 17 additions and 7 deletions
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@ -59,6 +59,7 @@ class Auth(auth.BaseAuth):
    def _login2(self, login: str, password: str) -> str:
        try:
            """Bind as reader dn"""
            logger.debug(f"_login2 {self._ldap_uri}, {self._ldap_reader_dn}")
            conn = self.ldap.initialize(self._ldap_uri)
            conn.protocol_version = 3
            conn.set_option(self.ldap.OPT_REFERRALS, 0)
@ -72,8 +73,8 @@ class Auth(auth.BaseAuth):
            logger.debug("LDAP Auth user: %s", user_dn)
            """Close ldap connection"""
            conn.unbind()
-        except Exception:
+        except Exception as e:
-            raise RuntimeError("Invalide ldap configuration")
+            raise RuntimeError(f"Invalid ldap configuration:{e}")
        try:
            """Bind as user to authenticate"""
@ -96,43 +97,52 @@ class Auth(auth.BaseAuth):
    def _login3(self, login: str, password: str) -> str:
        """Connect the server"""
        try:
            logger.debug(f"_login3 {self._ldap_uri}, {self._ldap_reader_dn}")
            server = self.ldap3.Server(self._ldap_uri)
            conn = self.ldap3.Connection(server, self._ldap_reader_dn, password=self._ldap_secret)
        except self.ldap3.core.exceptions.LDAPSocketOpenError:
            raise RuntimeError("Unable to reach ldap server")
-        except Exception:
+        except Exception as e:
            logger.debug(f"_login3 error 1 {e}")
            pass
        if not conn.bind():
            logger.debug("_login3 can not bind")
            raise RuntimeError("Unable to read from ldap server")
        logger.debug(f"_login3 bind as {self._ldap_reader_dn}")
        """Search the user dn"""
        conn.search(
            search_base=self._ldap_base,
            search_filter=self._ldap_filter.format(login),
-            search_scope='SUBTREE',
+            search_scope=self.ldap3.SUBTREE,
            attributes=['memberOf']
        )
        if len(conn.entries) == 0:
            logger.debug(f"_login3 user '{login}' can not be find")
            """User could not be find"""
            return ""
-        user_entry = conn.entries[0].entry_to_json()
+        user_entry = conn.response[0]
        conn.unbind()
        user_dn = user_entry['dn']
        logger.debug(f"_login3 found user_dn {user_dn}")
        try:
            """Try to bind as the user itself"""
            conn = self.ldap3.Connection(server, user_dn, password=password)
            if not conn.bind():
                logger.debug(f"_login3 user '{login}' can not be find")
                return ""
            if self._ldap_load_groups:
                tmp = []
                for g in user_entry['attributes']['memberOf']:
-                    tmp.append(g)
+                    tmp.append(g.split(',')[0][3:])
                self._ldap_groups = set(tmp)
            conn.unbind()
            logger.debug(f"_login3 {login} successfully authorized")
            return login
-        except Exception:
+        except Exception as e:
            logger.debug(f"_login3 error 2 {e}")
            pass
        return ""