| Request | LDAP User Folder -- bug report -- by Mauro Amico |
| Posted on | May 20, 2009 1:22 am |
| Subscribe |
| Resolve by Jens Vagelpohl on May 20, 2009 8:05 am | |
|
I have checked in a fix that uses a different implementation but should have the same outcome. If you could give this a try and provide feedback that would be great: - trunk: http://svn.dataflake.org/viewvc?view=rev&revision=1784 - Series 2 branch: http://svn.dataflake.org/viewvc?view=rev&revision=1785 |
|
|
|
| Initial Request by Mauro Amico on May 20, 2009 1:22 am | |
|
User authentication (with LDAPMultiPlugin), in depth, uses the method _lookupuserbyattr, but this, seems, doesn't make checks for the property extra_user_filter. This is my proposal patch against 2.13. thx. --- Products/LDAPUserFolder/LDAPUserFolder.py 2009-05-17 11:57:01.000000000 +0200 +++ Products/LDAPUserFolder/LDAPUserFolder.py 2009-05-17 12:58:11.000000000 +0200 @@ -223,7 +223,7 @@ return None, None, None, None users_base = to_utf8(value) - search_str = '(objectClass=*)' + ob_flt = ['(objectClass=*)'] elif name == 'objectGUID': users_base = self.users_base # we need to convert the GUID to a specially formatted string @@ -235,14 +235,15 @@ ob_flt = ['(%s=%s)' % (name, value)] ob_flt.extend( [filter_format('(%s=%s)', ('objectClass', o)) for o in self._user_objclasses] ) - search_str = '(&%s)' % ''.join(ob_flt) - else: users_base = self.users_base ob_flt = [filter_format('(%s=%s)', (name, value))] ob_flt.extend( [filter_format('(%s=%s)', ('objectClass', o)) for o in self._user_objclasses] ) - search_str = '(&%s)' % ''.join(ob_flt) + extra_filter = self.getProperty('_extra_user_filter') + if extra_filter: + ob_flt.append(extra_filter) + search_str = '(&%s)' % ''.join(ob_flt) # Step 1: Bind either as the Manager or anonymously to look # up the user from the login given |
