trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

sources/ldap: add case when group does not have uniqueness attribute

Browse source
This commit is contained in:
Jens Langhammer 2021-02-04 21:18:49 +01:00
parent 005b4d8dda
commit e639d8ab56
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
authentik/sources/ldap/sync/membership.py
View file

@ -52,10 +52,19 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer):
def get_group(self, group_dict: dict[str, Any]) -> Optional[Group]: def get_group(self, group_dict: dict[str, Any]) -> Optional[Group]:
"""Check if we fetched the group already, and if not cache it for later""" """Check if we fetched the group already, and if not cache it for later"""
group_dn = group_dict.get("attributes", {}).get(LDAP_DISTINGUISHED_NAME, [])
group_uniq = group_dict.get("attributes", {}).get( group_uniq = group_dict.get("attributes", {}).get(
self._source.object_uniqueness_field, "" self._source.object_uniqueness_field, []
) )
group_dn = group_dict.get("attributes", {}).get(LDAP_DISTINGUISHED_NAME, "") # group_uniq might be a single string or an array with (hopefully) a single string
if isinstance(group_uniq, list):
if len(group_uniq) < 1:
self._logger.warning(
"Group does not have a uniqueness attribute.",
group=group_dn,
)
return None
group_uniq = group_uniq[0]
if group_uniq not in self.group_cache: if group_uniq not in self.group_cache:
groups = Group.objects.filter( groups = Group.objects.filter(
**{f"attributes__{LDAP_UNIQUENESS}": group_uniq} **{f"attributes__{LDAP_UNIQUENESS}": group_uniq}