This is a snapshot of Indico's old Trac site. Any information contained herein is most probably outdated. Access our new GitHub site here.

Opened 3 years ago

Closed 3 years ago

#1038 closed defect (duplicate)

Fix for groups in LDAP auth

Reported by: makub Owned by:
Priority: critical Milestone: v0.99.0
Component: General Version: 0.98-dev
Keywords: Cc:

Description

The implementation of handling LDAP groups in Indico 0.98.1 is broken.

There were two plain bugs in the user.py and Core.js.pack files.

The MaKaC/user.py file had a missing import for ldapFindGroupMemberUids function.

The Core.js.pack file had a hardcoded list of local and CERNGroup only, it has caused admin pages working with LDAP groups to hang indefinitely.

Another problem most probably comes from the fact that there are two common ways how to implement group membership in LDAP, the Active Directory way and the OpenLDAP/SLAPD way. The difference is that in Active Directory users have multivalued attribute memberof with list of groups, while in OpenLDAP/SLAPD groups have multivalued attribute member with list of users.

I have changed the MaKaC/common/Configuration.py file to add a new setting groupStyle which have one of two values: SLAPD or ActiveDirectory?. The membershipQuery setting was removed because it is no longer necessary, the query depends on the groupStyle setting.

I have changed the MaKaC/authentication/LDAPAuthentication.py file to have alternative implementations for group membership queries for ActiveDirectory? and SLAPD, and also a bit refactored the handling of personal information so that it can be more easily customised.

Attachments (5)

Configuration.py.patch (673 bytes) - added by makub 3 years ago.
removed membershipQuery and added groupStyle setting
user.py.patch (509 bytes) - added by makub 3 years ago.
fixed missing import
Core.js.pack.patch (5.4 KB) - added by makub 3 years ago.
added missing LDAPGroup
LDAPAuthentication.py.patch (14.6 KB) - added by makub 3 years ago.
implemented alternative group membership queries for Active Directory and SLAPD
VLC_FFmpeg_Decoder_incorrect_framerate_handli.png (381.5 KB) - added by Slavon 3 years ago.
http://netipotby.com

Download all attachments as: .zip

Change History (10)

Changed 3 years ago by makub

removed membershipQuery and added groupStyle setting

Changed 3 years ago by makub

fixed missing import

Changed 3 years ago by makub

added missing LDAPGroup

Changed 3 years ago by makub

implemented alternative group membership queries for Active Directory and SLAPD

comment:1 Changed 3 years ago by jbenito

  • Milestone changed from v0.98.2 to v0.99.0
  • Priority changed from normal to critical
  • Status changed from new to awaiting_merge

comment:2 Changed 3 years ago by arescope

  • Status changed from awaiting_merge to infoneeded

comment:3 Changed 3 years ago by arescope

  • Status changed from infoneeded to assigned

It will be merged to #939

comment:4 Changed 3 years ago by arescope

  • Status changed from assigned to new

comment:5 Changed 3 years ago by arescope

  • Resolution set to duplicate
  • Status changed from new to closed

It will be merged to #939

Changed 3 years ago by Slavon

http://netipotby.com

Note: See TracTickets for help on using tickets.