Ticket #924: 0001-use-attribute-from-LDAP_USER_DN_TEMPLATE-instead-of-.patch

File 0001-use-attribute-from-LDAP_USER_DN_TEMPLATE-instead-of-.patch, 1.4 KB (added by sumpfralle, 10 years ago)

  • mediagoblin/plugins/ldap/tools.py 

    From 5f9faddf0d302954638d0d3aaf15641a45cbc009 Mon Sep 17 00:00:00 2001
From: Lars Kruse <devel@sumpfralle.de>
Date: Fri, 25 Jul 2014 23:24:23 +0200
Subject: [PATCH] use attribute from LDAP_USER_DN_TEMPLATE instead of "uid"

The email address retrieval function in the LDAP authentication plugin assumes
that the LDAP entry contains a uid=USERNAME value. This assumption is not always
true.
The first part of the LDAP_USER_DN_TEMPLATE is a more reasonable choice.
---
 mediagoblin/plugins/ldap/tools.py |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/mediagoblin/plugins/ldap/tools.py b/mediagoblin/plugins/ldap/tools.py
index 1c43679..e3c6f55 100644
    a b class LDAP(object):  
    3535
    3636    def _get_email(self, server, username):
    3737        try:
     38            filter_string = server['LDAP_USER_DN_TEMPLATE'].split(",")[0]
    3839            results = self.conn.search_s(server['LDAP_SEARCH_BASE'],
    39                                         ldap.SCOPE_SUBTREE, 'uid={0}'
    40                                         .format(username),
     40                                        ldap.SCOPE_SUBTREE, filter_string
     41                                        .format(username=username),
    4142                                        [server['EMAIL_SEARCH_FIELD']])
    4243
    4344            email = results[0][1][server['EMAIL_SEARCH_FIELD']][0]