Projet

Général

Profil

0001-manager-display-ldap-information-even-when-erroneous.patch

Paul Marillonnet, 05 janvier 2023 11:02

Télécharger (5,41 ko)

Voir les différences: 

Subject: [PATCH] manager: display ldap information even when erroneous
 (#73018)


 .../authentic2/manager/ldap_details.html        | 17 ++++++++---------
 src/authentic2/manager/views.py                 | 12 ++++++------
 tests/test_ldap.py                              | 10 +++++++---
 3 files changed, 21 insertions(+), 18 deletions(-)
src/authentic2/manager/templates/authentic2/manager/ldap_details.html
2 2 
<div class="section manager-ldap">
3 3 
  <h3>{% trans "LDAP information, realm:" %} {{ ldap.realm }}</h3>
4 4 
  <div class="a2-manager-ldap-{{ ldap.realm }}">
5 
    {% if not ldap.error %}
6 
      <h4>{% blocktrans %}Base ldapsearch command{% endblocktrans %}</h4>
7 
      <pre class="a2-manager-ldapsearch">{% if ldap.require_cert != 'demand' %}LDAPTLS_REQCERT={{ldap.require_cert}} {% endif %}ldapsearch -v -H {{ ldap.ldap_uri }} \
8 
    -D "{{ ldap.binddn }}" \
9 
    -w "{{ ldap.bindpw }}" \
10 
    -b "{{ ldap.basedn }}"{% if ldap.user_filter or ldap.sync_ldap_users_filter %}
11 
    "{% firstof ldap.sync_ldap_users_filter ldap.user_filter %}"{% endif %}</pre>
12 
    {% else %}
5 
    {% if ldap.error %}
13 6 
      <div class="error">
14 
        <p>{% blocktrans %}Error while attempting to connect to LDAP server, base ldapsearch command won't be displayed.{% endblocktrans %}</p>
7 
        <p>{% blocktrans %}Error while attempting to connect to LDAP server, base ldapsearch command is still displayed but won’t work as such.{% endblocktrans %}</p>
15 8 
        {% if ldap.errmsg %}
16 9 
          <p>{% blocktrans with errmsg=ldap.errmsg %}Server error: {{ errmsg }}{% endblocktrans %}</p>
17 10 
        {% endif %}
18 11 
      </div>
19 12 
    {% endif %}
13 
    <h4>{% blocktrans %}Base ldapsearch command{% endblocktrans %}</h4>
14 
    <pre class="a2-manager-ldapsearch">{% if ldap.require_cert != 'demand' %}LDAPTLS_REQCERT={{ldap.require_cert}} {% endif %}ldapsearch -v -H {{ ldap.ldap_uri }} \
15 
    -D "{{ ldap.binddn }}" \
16 
    -w "{{ ldap.bindpw }}" \
17 
    -b "{{ ldap.basedn }}"{% if ldap.user_filter or ldap.sync_ldap_users_filter %}
18 
    "{% firstof ldap.sync_ldap_users_filter ldap.user_filter %}"{% endif %}</pre>
20 19 
    <h4>{% trans "Configuration" %}</h4>
21 20 
    <pre>{{ ldap.block }}</pre>
22 21 
  </div>
src/authentic2/manager/views.py
771 771 
                config['error'] = True
772 772 
                config['errmsg'] = str(e)
773 773 
            else:
774 
                config['block'] = json.dumps(block, indent=2, ensure_ascii=False)
775 774 
                # retrieve ldap uri, not directly visible in configuration block
776 775 
                config['ldap_uri'] = conn.get_option(ldap.OPT_URI)
777 
                # user filters need to be formatted to ldapsearch syntax
778 
                config['user_filter'] = force_str(block.get('user_filter'), '').replace('%s', '*')
779 
                config['sync_ldap_users_filter'] = (
780 
                    force_str(block.get('sync_ldap_users_filter'), '').replace('%s', '*').replace('%s', '*')
781 
                )
776 
            config['block'] = json.dumps(block, indent=2, ensure_ascii=False)
777 
            # user filters need to be formatted to ldapsearch syntax
778 
            config['user_filter'] = force_str(block.get('user_filter'), '').replace('%s', '*')
779 
            config['sync_ldap_users_filter'] = (
780 
                force_str(block.get('sync_ldap_users_filter'), '').replace('%s', '*').replace('%s', '*')
781 
            )
782 782 

  		




  783
  783
  
    
            kwargs['ldap_list'].append(config)

  		




  784
  784
  
    
        return super().get_context_data(**kwargs)

  		












  

    
      tests/test_ldap.py
    
  





  2231
  2231
  
    
    assert '-b "o=ôrga"' in ldap_config_text

  		




  2232
  2232
  
    
    assert '"(|(mail=*)(uid=*))"' in ldap_config_text

  		




  2233
  2233
  
    

  		




  2234
  
  
    
    for opt in [

  		




  
  2234
  
    
    options = [

  		




  2235
  2235
  
    
        'active_directory',

  		




  2236
  2236
  
    
        'attribute_mappings',

  		




  2237
  2237
  
    
        'attributes',

  		




  ......




  2295
  2295
  
    
        'user_dn_template',

  		




  2296
  2296
  
    
        'user_filter',

  		




  2297
  2297
  
    
        'username_template',

  		




  2298
  
  
    
    ]:

  		




  
  2298
  
    
    ]

  		




  
  2299
  
    

  		




  
  2300
  
    
    for opt in options:

  		




  2299
  2301
  
    
        assert opt in ldap_config_text

  		




  2300
  2302
  
    

  		




  2301
  2303
  
    
    assert 'LDAPTLS_REQCERT' not in ldap_config_text

  		




  ......




  2313
  2315
  
    
    resp = app.get(reverse('a2-manager-tech-info'))

  		




  2314
  2316
  
    
    ldap_config_text = resp.pyquery('div#a2-manager-tech-info-ldap-list').text()

  		




  2315
  2317
  
    

  		




  2316
  
  
    
    assert 'Base ldapsearch command' not in ldap_config_text

  		




  
  2318
  
    
    assert 'Base ldapsearch command' in ldap_config_text

  		




  2317
  2319
  
    
    assert 'Error while attempting to connect to LDAP server' in ldap_config_text

  		




  2318
  2320
  
    
    assert 'Server error: some buggy connection error message' in ldap_config_text

  		




  
  2321
  
    
    for opt in options:

  		




  
  2322
  
    
        assert opt in ldap_config_text

  		




  2319
  2323
  
    

  		




  2320
  2324
  
    

  		




  2321
  2325
  
    
class TestLookup:

  		




  2322
  
  
    
-