Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix to LDAP RO group validation and CLI credentials quoting #1405

Merged
merged 2 commits into from
Nov 4, 2024

Conversation

garberg
Copy link
Member

@garberg garberg commented Nov 4, 2024

The read-only group name validation was missing an UTF-8 encode.
Improved the quoting of the credentials made by the CLI.

Instruct the urllib quote function to also quote '/'.
Make sure the LDAP RO group name is encoded before validating whether
the user is member of it or not.
@@ -569,7 +571,7 @@ def authenticate(self):
# if ro_group is configured, and the user is a member of
# neither the ro_group nor the rw_group, fail authentication.
if self._ldap_ro_group:
if self._ldap_ro_group not in res[0][1].get('memberOf', []):
if self._ldap_ro_group.encode('utf-8') not in res[0][1].get('memberOf', []):

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

line too long (100 > 79 characters)

@@ -553,6 +553,8 @@ def authenticate(self):
['cn', 'memberOf'],
)

self._logger.debug("User %s is member of groups: %s", self.username, res[0][1].get('memberOf', []))

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

line too long (111 > 79 characters)

@garberg garberg merged commit 145fcf4 into SpriteLink:master Nov 4, 2024
6 checks passed
@garberg garberg deleted the ldap_ro_and_cli_pwd_quote branch January 10, 2025 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants