Opened 6 years ago

Closed 5 years ago

# [patch] Check for sAMAccountName attribute presence

Reported by: Owned by: olaf.meeuwissen@… John Hampton normal DirectoryAuthPlugin critical 0.11

### Description

I'm at the mercy of our Active Directory administrators.

It turns out that we have entries for which objectCategory=person is true but do not have an sAMAccountName attribute. Seeing that this attribute is needed for Trac's account management, it would be better to silently ignore these than causing a backtrace in _get_userinfo().

The attached patch adds a minimal filter to the list comprehension in get_users().

As a matter of fact, we have all kinds of things with objectCategory=person that really aren't, even though they have an sAMAccountName attribute. As I didn't want the company cars and meeting rooms in my list of users ;-), I requested a few more attributes (surname, given name) in the AD search and expanded the filter implementation.

Of course, you may be able to get rid of unwanted stuff by divining the proper base_dn and auth_group but that's beyond me.

### Changed 6 years ago by olaf.meeuwissen@…

Skip users without an sAMAccountName attribute

### comment:1 Changed 5 years ago by branson

Resolution: → fixed new → closed

Integrated into 0.3

### Modify Ticket

Change Properties