LDAP referrals fail

[ilsaloving]

If you'd like to report a bug in Flask-Appbuilder, fill out the template below. Provide
any extra information that may be useful

Responsible disclosure:
We want to keep Flask-AppBuilder safe for everyone. If you've discovered a security vulnerability
please report to danielvazgaspar@gmail.com.

I am trying to configure Superset to use LDAP authentication, but the LDAP search fails with the below error.

I see that there have been other tickets raised regarding this, but they've been closed with the reason "Referrals suck so we won't fix it" which is inexcusable. I've use countless LDAP integrations in the past and no other system has had this kind of difficulty dealing with referrals.

I tried the workaround of adding an OU to the search base, but it didn't help.

Environment

Flask-Appbuilder version:

pip freeze output:

Describe the expected results

LDAP Authentication should work

Paste a minimal example that causes the problem.

Describe the actual results

Login fails. The log shows:

ERROR:flask_appbuilder.security.manager:{'msgtype': 101, 'msgid': 2, 'result': 10, 'desc': 'Referral', 'ctrls': [], 'info': 'Referral:\nldap://MYDOMAIN.com/ou=USEROU,dc=MYDOMAIN,dc=com'}

Steps to reproduce

Configure LDAP.

[ilsaloving]

FYI, in my particular case, it turns out that the referrals were happening because I had a typo in my Base DN. Authentication worked once that was fixed. I think the point still stands though... Referrals should be handled better.