feat(ldap): validate LDAP search filter
Validate the LDAP search filter including enclosing in '()'. Note: if a user has a complex filter that misses the last ')' it will not be added. i.e. (&(objectclass=posixgroup)(uid={0}) is invalid but will pass validation.
issue #13738
This commit is contained in:
Jon Lockwood
parent
f971b8c456
commit
05e978c5ec
2 changed files with 20 additions and 7 deletions
|
|
@ -93,7 +93,7 @@
|
|||
"reqd": 1
|
||||
},
|
||||
{
|
||||
"description": "Must include '{0}', which is a placeholder for the user/login name. i.e. (&(objectclass=user)(uid={0}))",
|
||||
"description": "Must be enclosed in '()' and include '{0}', which is a placeholder for the user/login name. i.e. (&(objectclass=user)(uid={0}))",
|
||||
"fieldname": "ldap_search_string",
|
||||
"fieldtype": "Data",
|
||||
"label": "LDAP Search String",
|
||||
|
|
@ -266,7 +266,7 @@
|
|||
"in_create": 1,
|
||||
"issingle": 1,
|
||||
"links": [],
|
||||
"modified": "2021-07-20 13:17:04.153968",
|
||||
"modified": "2021-07-20 15:36:08.639876",
|
||||
"modified_by": "Administrator",
|
||||
"module": "Integrations",
|
||||
"name": "LDAP Settings",
|
||||
|
|
|
|||
|
|
@ -13,10 +13,17 @@ class LDAPSettings(Document):
|
|||
return
|
||||
|
||||
if not self.flags.ignore_mandatory:
|
||||
if not self.ldap_search_string.startswith('('):
|
||||
self.ldap_search_string = '(' + self.ldap_search_string
|
||||
|
||||
if not self.ldap_search_string.endswith(')'):
|
||||
self.ldap_search_string = self.ldap_search_string + ')'
|
||||
|
||||
if self.ldap_search_string and "{0}" in self.ldap_search_string:
|
||||
|
||||
self.connect_to_ldap(base_dn=self.base_dn, password=self.get_password(raise_exception=False))
|
||||
else:
|
||||
frappe.throw(_("LDAP Search String needs to contian the user placeholder {0}, eg sAMAccountName={0}"))
|
||||
frappe.throw(_("LDAP Search String must be enclosed in '()' and needs to contian the user placeholder {0}, eg sAMAccountName={0}"))
|
||||
|
||||
def connect_to_ldap(self, base_dn, password, read_only=True):
|
||||
try:
|
||||
|
|
@ -204,10 +211,16 @@ class LDAPSettings(Document):
|
|||
|
||||
conn = self.connect_to_ldap(self.base_dn, self.get_password(raise_exception=False))
|
||||
|
||||
conn.search(
|
||||
search_base=self.organizational_unit,
|
||||
search_filter="{0}".format(user_filter),
|
||||
attributes=ldap_attributes)
|
||||
try:
|
||||
import ldap3
|
||||
|
||||
conn.search(
|
||||
search_base=self.organizational_unit,
|
||||
search_filter="{0}".format(user_filter),
|
||||
attributes=ldap_attributes)
|
||||
|
||||
except ldap3.core.exceptions.LDAPInvalidFilterError:
|
||||
frappe.throw(_("Please use a valid LDAP search filter"), title=_("Misconfigured"))
|
||||
|
||||
if len(conn.entries) == 1 and conn.entries[0]:
|
||||
user = conn.entries[0]
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue