Modify

Opened 3 years ago

Closed 2 years ago

#9219 closed defect (fixed)

[patch] Check for sAMAccountName attribute presence

Reported by: olaf.meeuwissen@… Owned by: pacopablo
Priority: normal Component: DirectoryAuthPlugin
Severity: critical Keywords:
Cc: Trac Release: 0.11

Description

I'm at the mercy of our Active Directory administrators.

It turns out that we have entries for which objectCategory=person is true but do not have an sAMAccountName attribute. Seeing that this attribute is needed for Trac's account management, it would be better to silently ignore these than causing a backtrace in _get_userinfo().

The attached patch adds a minimal filter to the list comprehension in get_users().

As a matter of fact, we have all kinds of things with objectCategory=person that really aren't, even though they have an sAMAccountName attribute. As I didn't want the company cars and meeting rooms in my list of users ;-), I requested a few more attributes (surname, given name) in the AD search and expanded the filter implementation.

Of course, you may be able to get rid of unwanted stuff by divining the proper base_dn and auth_group but that's beyond me.

Attachments (1)

adauth-validation.diff (899 bytes) - added by olaf.meeuwissen@… 3 years ago.
Skip users without an sAMAccountName attribute

Download all attachments as: .zip

Change History (2)

Changed 3 years ago by olaf.meeuwissen@…

Skip users without an sAMAccountName attribute

comment:1 Changed 2 years ago by sandinak

  • Resolution set to fixed
  • Status changed from new to closed

Integrated into 0.3

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.