From bc9fa57a2b70c0dbda9a8d1f9cab9ab36972d71f Mon Sep 17 00:00:00 2001 From: Jan Lindemann Date: Thu, 11 Sep 2025 21:35:01 +0200 Subject: [PATCH] ldap.Auth: Fix half-baked use of jwutils.ldap module ldap.Auth lost a lot of code when jwutils.ldap was introduced, and rightfully so, because jwutils.ldap contains most of it. OTOH, it was used wrongly, fix that. Signed-off-by: Jan Lindemann --- tools/python/jwutils/auth/ldap/Auth.py | 63 ++++++++++++-------------- 1 file changed, 29 insertions(+), 34 deletions(-) diff --git a/tools/python/jwutils/auth/ldap/Auth.py b/tools/python/jwutils/auth/ldap/Auth.py index 27674f3..989052e 100644 --- a/tools/python/jwutils/auth/ldap/Auth.py +++ b/tools/python/jwutils/auth/ldap/Auth.py @@ -6,6 +6,7 @@ import ldap from ...log import * from ...ldap import bind +from ...Config import Config from .. import Access from .. import Auth as AuthBase from .. import Group as GroupBase @@ -69,45 +70,39 @@ class Auth(AuthBase): # export if self.___users is None: ret: dict[str, User] = {} ret_by_email: dict[str, User] = {} - ldap_result_id = self.__conn.search( + for res in self.__conn.find( self.__user_base_dn, ldap.SCOPE_SUBTREE, "objectClass=inetOrgPerson", ('uid', 'cn', 'uidNumber', 'mail', 'maildrop') - ) - while True: - result_type, result_data = self.__conn.result(ldap_result_id, 0) - if (result_data == []): - break - if result_type != ldap.RES_SEARCH_ENTRY: - continue - for res in result_data: - try: - display_name = None - if 'displayName' in res[1]: - cn = res[1]['displayName'][0].decode('utf-8') - else: - cn = res[1]['cn'][0].decode('utf-8') - uid = res[1]['uid'][0].decode('utf-8') - uidNumber = res[1]['uidNumber'][0].decode('utf-8') - emails = [] - #for attr in ['mail', 'maildrop']: - for attr in ['mail']: - if attr in res[1]: - for entry in res[1][attr]: - emails.append(entry.decode('utf-8')) - if not emails: - slog(DEBUG, f'No email for user "{uid}", skipping') - continue - user = User(self, name=uid, cn=cn, email=emails[0]) - ret[uid] = user - for email in emails: - ret_by_email[email] = user - except Exception as e: - slog(WARNING, f'Exception {e}') + ): + try: + display_name = None + if 'displayName' in res[1]: + cn = res[1]['displayName'][0].decode('utf-8') + else: + cn = res[1]['cn'][0].decode('utf-8') + uid = res[1]['uid'][0].decode('utf-8') + uidNumber = res[1]['uidNumber'][0].decode('utf-8') + emails = [] + #for attr in ['mail', 'maildrop']: + for attr in ['mail']: + if attr in res[1]: + for entry in res[1][attr]: + emails.append(entry.decode('utf-8')) + if not emails: + slog(DEBUG, f'No email for user "{uid}", skipping') continue - for user in self.__dummy.users.values(): - ret[user.name] = user + user = User(self, name=uid, cn=cn, email=emails[0]) + ret[uid] = user + for email in emails: + ret_by_email[email] = user + except Exception as e: + slog(WARNING, f'Exception {e}') + raise + continue + for user in self.__dummy.users.values(): + ret[user.name] = user self.___users = ret self.___user_by_email = ret_by_email return self.___users