[patch] Check for sAMAccountName attribute presence
|Reported by:||olaf.meeuwissen@…||Owned by:||pacopablo|
I'm at the mercy of our Active Directory administrators.
It turns out that we have entries for which objectCategory=person is true but do not have an sAMAccountName attribute. Seeing that this attribute is needed for Trac's account management, it would be better to silently ignore these than causing a backtrace in _get_userinfo().
The attached patch adds a minimal filter to the list comprehension in get_users().
As a matter of fact, we have all kinds of things with objectCategory=person that really aren't, even though they have an sAMAccountName attribute. As I didn't want the company cars and meeting rooms in my list of users ;-), I requested a few more attributes (surname, given name) in the AD search and expanded the filter implementation.
Of course, you may be able to get rid of unwanted stuff by divining the proper base_dn and auth_group but that's beyond me.