Modify

Opened 6 years ago

Last modified 6 years ago

#4773 new defect

LdapPlugin does not honour group_rdn in get_groups

Reported by: abbot Owned by: eblot
Priority: high Component: LdapPlugin
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

The group_rdn option specified in the config is not used in get_groups. This leads to a problem when there are groups with the same names in the different parts of the LDAP tree.

The proposed patch is below:

diff --git a/api.py b/api.py
index 13a912e..35792ba 100644
--- a/api.py
+++ b/api.py
@@ -32,12 +32,12 @@ LDAP_MODULE_CONFIG = [ 'enable', 'permfilter',
                        'global_perms', 'manage_groups'
                        'cache_ttl', 'cache_size',
                        'group_bind', 'store_bind',
-                       'user_rdn', 'group_rdn' ]
+                       'user_rdn' ]
 
 LDAP_DIRECTORY_PARAMS = [ 'host', 'port', 'use_tls', 'basedn',
                           'bind_user', 'bind_passwd',
                           'groupname', 'groupmember', 'groupmemberisdn',
-                          'groupattr', 'uidattr', 'permattr']
+                          'groupattr', 'group_rdn', 'uidattr', 'permattr']
                           
 GROUP_PREFIX = '@'
 
@@ -510,6 +510,7 @@ class LdapConnection(object):
         self.groupname = 'groupofnames'
         self.groupmember = 'member'
         self.groupattr = 'cn'
+       self.group_rdn = None
         self.uidattr = 'uid'
         self.permattr = 'tracperm'
         self.bind_user = None
@@ -538,7 +539,10 @@ class LdapConnection(object):
 
     def get_groups(self):
         """Return a list of available group dns"""
-        groups = self.get_dn(self.basedn, 'objectclass=' + self.groupname)
+       if self.group_rdn:
+            groups = self.get_dn('%s,%s' % (self.group_rdn, self.basedn), 'obje
+        else:
+            groups = self.get_dn(self.basedn, 'objectclass=' + self.groupname)
         return groups
     
     def is_in_group(self, userdn, groupdn):

Attachments (1)

ldapplugin-groups.patch (1.5 KB) - added by abbot 6 years ago.

Download all attachments as: .zip

Change History (3)

comment:1 Changed 6 years ago by jpschewe

You're patch got chopped off after 'obje can you post the full patch again?

Changed 6 years ago by abbot

comment:2 Changed 6 years ago by abbot

I've attached the patch to the ticket.

Add Comment

Modify Ticket

Action
as new The owner will remain eblot.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.