mirror of
https://github.com/Kozea/Radicale.git
synced 2025-09-30 21:12:05 +00:00
8821612fa8
Instead of searching for the membership attribute on the user side (usually AD: memberOf, Novell eDirectory: groupMembership) to determine the groups the user loging on is a member of, allow performing a separate search for the groups having the user as member and use the found groups' DNs. The group search is performed in the context of 'ldap_reader_dn', after the user DN has been found in the directory, but before the authentication has been performed by doing an LDAP bind in the user's context. Although this may - in the case of unsuccessful login attempts - double the number of queries to the LDAP server, it has been done this way to keep the number of LDAP contexts minimal. Doing the group search in the context of the user logging on is no viable option, because there are known implementations where regular users do not have the necessary permissions to query the groups they are a member in. |
||
|---|---|---|
| .. | ||
| app | ||
| auth | ||
| hook | ||
| item | ||
| rights | ||
| storage | ||
| tests | ||
| web | ||
| __init__.py | ||
| __main__.py | ||
| config.py | ||
| httputils.py | ||
| log.py | ||
| pathutils.py | ||
| py.typed | ||
| server.py | ||
| types.py | ||
| utils.py | ||
| xmlutils.py | ||