Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: ldap search scope #629

Open
ds-04 opened this issue Oct 29, 2024 · 4 comments
Open

Feature: ldap search scope #629

ds-04 opened this issue Oct 29, 2024 · 4 comments
Labels
documentation documentation to be updated enhancement Improvement to existing feature

Comments

@ds-04
Copy link
Contributor

ds-04 commented Oct 29, 2024

Description

It appears the ldap search scope is one, it would be useful if it could be sub.

Component

Other

Additional information

No response
@ds-04 ds-04 added documentation documentation to be updated enhancement Improvement to existing feature labels Oct 29, 2024
@ds-04
Copy link
Contributor Author

ds-04 commented Nov 5, 2024

Certainly auth is using onelevel via python-ldap, changing to be able to use subtree would be good.

coldfront/config/plugins
diff ldap.py ldap.py.orig

32,33c23,24
< AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_BASE, ldap.SCOPE_SUBTREE, '(uid=%(user)s)')
< AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASE, ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)')
---
> AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_BASE, ldap.SCOPE_ONELEVEL, '(uid=%(user)s)')
> AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASE, ldap.SCOPE_ONELEVEL, '(objectClass=groupOfNames)')

The ldap user search I think is actually using subtree by default (python ldap3 default) and there is an issue with one of my test accounts in the test OpenLDAP instance in a particular OU, which I'm trying to get to the bottom of.

@aebruno
Copy link
Member

aebruno commented Nov 6, 2024

Agree, this looks good. Probably makes sense to make this a config option?

@ds-04
Copy link
Contributor Author

ds-04 commented Nov 7, 2024

Agree, this looks good. Probably makes sense to make this a config option?

Yes it would make sense as a config option.

@ds-04
Copy link
Contributor Author

ds-04 commented Nov 15, 2024

PR #637 created for review, thanks

@ds-04 ds-04 mentioned this issue Nov 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation documentation to be updated enhancement Improvement to existing feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aebruno @ds-04