mirrors/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-04-03 05:07:40 +03:00
Code Issues Projects Releases Packages Wiki Activity

LDAP auth: flexibilize parsing of 'ldap_groups_attribute'

Browse source 
Use helper methods from the LDAP modules to get individual elements
(like in our case the RDN value) out of attributes with DN syntax
in a standard compliant way instead fiddling around ourselves.

If these methods fail, fall back to using the whole attribute value,
which allows us to also use attributes with non-DN syntax for groups
and permissions.
This commit is contained in:
Peter Marschall 2025-01-02 14:23:15 +01:00
parent f9dd3efc3a
commit d6c4e6487a
1 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

14
radicale/auth/ldap.py
View file

@ -160,8 +160,11 @@ class Auth(auth.BaseAuth):
tmp = []
for g in user_entry[1][self._ldap_groups_attr]:
"""Get group g's RDN's attribute value"""
g = g.decode('utf-8').split(',')[0]
tmp.append(g.partition('=')[2])
try:
rdns = self.ldap.dn.explode_dn(g, notypes=True)
tmp.append(rdns[0])
except Exception:
tmp.append(g.decode('utf8'))
self._ldap_groups = set(tmp)
logger.debug("_login2 LDAP groups of user: %s", ",".join(self._ldap_groups))
if self._ldap_user_attr:
@ -230,8 +233,11 @@ class Auth(auth.BaseAuth):
tmp = []
for g in user_entry['attributes'][self._ldap_groups_attr]:
"""Get group g's RDN's attribute value"""
g = g.split(',')[0]
tmp.append(g.partition('=')[2])
try:
rdns = self.ldap3.utils.dn.parse_dn(g)
tmp.append(rdns[0][1])
except Exception:
tmp.append(g)
self._ldap_groups = set(tmp)
logger.debug("_login3 LDAP groups of user: %s", ",".join(self._ldap_groups))
if self._ldap_user_attr: