Opened 7 years ago

Closed 6 years ago

#9219 closed defect (fixed)

[patch] Check for sAMAccountName attribute presence

Reported by: olaf.meeuwissen@… Owned by: John Hampton
Priority: normal Component: DirectoryAuthPlugin
Severity: critical Keywords:
Cc: Trac Release: 0.11


I'm at the mercy of our Active Directory administrators.

It turns out that we have entries for which objectCategory=person is true but do not have an sAMAccountName attribute. Seeing that this attribute is needed for Trac's account management, it would be better to silently ignore these than causing a backtrace in _get_userinfo().

The attached patch adds a minimal filter to the list comprehension in get_users().

As a matter of fact, we have all kinds of things with objectCategory=person that really aren't, even though they have an sAMAccountName attribute. As I didn't want the company cars and meeting rooms in my list of users ;-), I requested a few more attributes (surname, given name) in the AD search and expanded the filter implementation.

Of course, you may be able to get rid of unwanted stuff by divining the proper base_dn and auth_group but that's beyond me.

Attachments (1)

adauth-validation.diff (899 bytes) - added by olaf.meeuwissen@… 7 years ago.
Skip users without an sAMAccountName attribute

Download all attachments as: .zip

Change History (2)

Changed 7 years ago by olaf.meeuwissen@…

Attachment: adauth-validation.diff added

Skip users without an sAMAccountName attribute

comment:1 Changed 6 years ago by branson

Resolution: fixed
Status: newclosed

Integrated into 0.3

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain John Hampton.
The resolution will be deleted.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.