ldap: add option to disable referral following
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful

This commit is contained in:
Benjamin Renard 2022-12-09 12:33:09 +01:00
parent c643fd30ac
commit cb4b8d6974

View file

@ -60,12 +60,14 @@ class LdapServer:
con = 0 con = 0
def __init__(self, uri, dn=None, pwd=None, v2=None, def __init__(self, uri, dn=None, pwd=None, v2=None,
raiseOnError=False, logger=False, checkCert=True): raiseOnError=False, logger=False, checkCert=True,
disableReferral=False):
self.uri = uri self.uri = uri
self.dn = dn self.dn = dn
self.pwd = pwd self.pwd = pwd
self.raiseOnError = raiseOnError self.raiseOnError = raiseOnError
self.checkCert = checkCert self.checkCert = checkCert
self.disableReferral = disableReferral
if v2: if v2:
self.v2 = True self.v2 = True
if logger: if logger:
@ -85,6 +87,9 @@ class LdapServer:
if not self.checkCert: if not self.checkCert:
# pylint: disable=no-member # pylint: disable=no-member
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
if self.disableReferral:
# pylint: disable=no-member
ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
con = ldap.initialize(self.uri) con = ldap.initialize(self.uri)
if self.v2: if self.v2:
con.protocol_version = ldap.VERSION2 # pylint: disable=no-member con.protocol_version = ldap.VERSION2 # pylint: disable=no-member
@ -468,6 +473,9 @@ class LdapClient:
section.add_option( section.add_option(
BooleanOption, 'checkcert', default=True, BooleanOption, 'checkcert', default=True,
comment='Check LDAP certificate') comment='Check LDAP certificate')
section.add_option(
BooleanOption, 'disablereferral', default=False,
comment='Disable referral following')
return section return section
@ -480,7 +488,9 @@ class LdapClient:
log.info("Connect to LDAP server %s as %s", uri, binddn if binddn else 'annonymous') log.info("Connect to LDAP server %s as %s", uri, binddn if binddn else 'annonymous')
self._conn = LdapServer( self._conn = LdapServer(
uri, dn=binddn, pwd=self._get_option('bindpwd'), uri, dn=binddn, pwd=self._get_option('bindpwd'),
checkCert=self._get_option('checkcert'), raiseOnError=True checkCert=self._get_option('checkcert'),
disableReferral=self._get_option('disablereferral'),
raiseOnError=True
) )
# Reset cache # Reset cache
self._cached_objects = {} self._cached_objects = {}