Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Account Creation: validate 'sponsor' field before attempting to write to LDAP #1

Open
andrewferguson opened this issue Jul 12, 2021 · 3 comments
Open

Account Creation: validate 'sponsor' field before attempting to write to LDAP #1

andrewferguson opened this issue Jul 12, 2021 · 3 comments

Comments

@andrewferguson
Copy link

Attempting to leave the 'sponsor' field blank during account creation results in the following error:

Traceback (most recent call last):
  File "/usr/local/bin/tardis", line 9, in <module>
    load_entry_point('tardis-usertools==2.2', 'console_scripts', 'tardis')()
  File "/usr/local/lib/python2.7/dist-packages/tardis_usertools-2.2-py2.7.egg/tardis/interactive.py", line 24, in main
    args.func(args)
  File "/usr/local/lib/python2.7/dist-packages/tardis_usertools-2.2-py2.7.egg/tardis/commands/adduser.py", line 94, in command
    ldap.addUser(args.username, newuser)
  File "/usr/local/lib/python2.7/dist-packages/tardis_usertools-2.2-py2.7.egg/tardis/ldaptools.py", line 51, in addUser
    self.conn.add_s('uid=%s, ou=People, %s' %(username, self.base), updates)
  File "/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 202, in add_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 465, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 469, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/local/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
ldap.INVALID_SYNTAX: {'info': 'sponsors: value #0 invalid per syntax', 'desc': 'Invalid syntax'}

It would be nice to modify the adduser command to validate the 'sponsor' field during input (and prevent the script from continuing if invalid input is entered), rather than accepting invalid values and throwing an LDAP error later.
@mayacopeland
Copy link
Contributor

Should we check if the user is actually in the LDAP? That would make sense to me

@qaisjp
Copy link
Member

qaisjp commented Oct 11, 2021

Should we check if the user is actually in the LDAP? That would make sense to me

Yes. What other solution were you thinking of?

@mayacopeland
Copy link
Contributor

Should we check if the user is actually in the LDAP? That would make sense to me

Yes. What other solution were you thinking of?

There is no other /simple/ solution. I'm surprised that isn't a thing already.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@qaisjp @andrewferguson @mayacopeland