From 8cc1374543c7562395e654004bb52407d1792c3a Mon Sep 17 00:00:00 2001 From: Brian Lin Date: Mon, 18 Dec 2023 17:16:58 -0600 Subject: [PATCH 1/3] Use supported LDAP search_scope (SOFTWARE-5766) Unhelpfully missing from the Python documentation (https://ldap3.readthedocs.io/en/latest/searches.html): BASE: retrieves attributes of the entry specified in the search_base. LEVEL: retrieves attributes of the entries contained in the search_base. The base must reference a container object. SUBTREE: retrieves attributes of the entries specified in the search_base and all subordinate containers downward. --- src/webapp/ldap_data.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/webapp/ldap_data.py b/src/webapp/ldap_data.py index 2bcaae334..549019d1d 100644 --- a/src/webapp/ldap_data.py +++ b/src/webapp/ldap_data.py @@ -35,7 +35,7 @@ def get_cilogon_ldap_id_map(ldap_url, ldap_user, ldap_pass): conn = ldap3.Connection(server, ldap_user, ldap_pass, receive_timeout=CILOGON_LDAP_TIMEOUT) if not conn.bind(): return None # connection failure - conn.search(_cilogon_basedn, _ACTIVE_COPERSON_FILTER, search_scope='one', attributes=['*']) + conn.search(_cilogon_basedn, _ACTIVE_COPERSON_FILTER, search_scope='LEVEL', attributes=['*']) result_data = [ (e.entry_dn, e.entry_attributes_as_dict) for e in conn.entries ] conn.unbind() From a9476d1e8f50b5d970c52fec090e20200848a250 Mon Sep 17 00:00:00 2001 From: Brian Lin Date: Mon, 18 Dec 2023 17:29:58 -0600 Subject: [PATCH 2/3] Be safe and use the library constant (SOFTWARE-5766) --- src/webapp/ldap_data.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/webapp/ldap_data.py b/src/webapp/ldap_data.py index 549019d1d..2204c2817 100644 --- a/src/webapp/ldap_data.py +++ b/src/webapp/ldap_data.py @@ -35,7 +35,7 @@ def get_cilogon_ldap_id_map(ldap_url, ldap_user, ldap_pass): conn = ldap3.Connection(server, ldap_user, ldap_pass, receive_timeout=CILOGON_LDAP_TIMEOUT) if not conn.bind(): return None # connection failure - conn.search(_cilogon_basedn, _ACTIVE_COPERSON_FILTER, search_scope='LEVEL', attributes=['*']) + conn.search(_cilogon_basedn, _ACTIVE_COPERSON_FILTER, search_scope=ldap3.LEVEL, attributes=['*']) result_data = [ (e.entry_dn, e.entry_attributes_as_dict) for e in conn.entries ] conn.unbind() From 086bf657e8d075b660b281918cf142bbf3d7e8a4 Mon Sep 17 00:00:00 2001 From: Brian Lin Date: Mon, 18 Dec 2023 17:30:30 -0600 Subject: [PATCH 3/3] Whitespace niceties --- src/webapp/ldap_data.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/webapp/ldap_data.py b/src/webapp/ldap_data.py index 2204c2817..b1410375a 100644 --- a/src/webapp/ldap_data.py +++ b/src/webapp/ldap_data.py @@ -35,7 +35,10 @@ def get_cilogon_ldap_id_map(ldap_url, ldap_user, ldap_pass): conn = ldap3.Connection(server, ldap_user, ldap_pass, receive_timeout=CILOGON_LDAP_TIMEOUT) if not conn.bind(): return None # connection failure - conn.search(_cilogon_basedn, _ACTIVE_COPERSON_FILTER, search_scope=ldap3.LEVEL, attributes=['*']) + conn.search(_cilogon_basedn, + _ACTIVE_COPERSON_FILTER, + search_scope=ldap3.LEVEL, + attributes=['*']) result_data = [ (e.entry_dn, e.entry_attributes_as_dict) for e in conn.entries ] conn.unbind()