From 168217e74ec952578ba7a5a084ec3b3f23b88428 Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Tue, 26 Oct 2021 17:50:03 +0200 Subject: [PATCH] ldap: support trailing slash on tls errors (#58149) --- src/authentic2/backends/ldap_backend.py | 10 +++------- tests/test_ldap.py | 5 +++-- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/src/authentic2/backends/ldap_backend.py b/src/authentic2/backends/ldap_backend.py index 7bcb4f4e..b16127d2 100644 --- a/src/authentic2/backends/ldap_backend.py +++ b/src/authentic2/backends/ldap_backend.py @@ -1788,13 +1788,9 @@ class LDAPBackend: return False, 'timeout' except ldap.SERVER_DOWN: if block['use_tls']: - url = block['url'] - if url and isinstance(url, (list, tuple)): - url = url[0] - hostname = url.split('://')[-1] - port = 636 - if ':' in hostname: - hostname, port = hostname.split(':') + url = urllib.parse.urlparse(ldap_uri) + hostname = url.hostname + port = url.port or 636 context = ssl.create_default_context() try: with socket.create_connection((hostname, port), timeout=2) as sock: diff --git a/tests/test_ldap.py b/tests/test_ldap.py index 578175bf..706118f3 100644 --- a/tests/test_ldap.py +++ b/tests/test_ldap.py @@ -1116,7 +1116,8 @@ def test_tls(db, tls_slapd, settings, client): assert force_bytes('name="username"') not in result.content -def test_tls_connect_on_ldap_errors(db, tls_slapd, settings, client, caplog): +@pytest.mark.parametrize('trailing_slash', ('', '/')) +def test_tls_connect_on_ldap_errors(db, tls_slapd, settings, client, caplog, trailing_slash): conn = tls_slapd.get_connection_admin() conn.modify_s( 'cn=config', @@ -1129,7 +1130,7 @@ def test_tls_connect_on_ldap_errors(db, tls_slapd, settings, client, caplog): settings.LDAP_AUTH_SETTINGS = [ { - 'url': [tls_slapd.ldap_url], + 'url': [tls_slapd.ldap_url + trailing_slash], 'basedn': 'o=ôrga', 'use_tls': True, 'cacertfile': cert_file, -- 2.30.2