# HG changeset patch # User Mads Kiilerich # Date 1477315131 -7200 # Node ID a00a583237296c2c90a4915400f5fff128761420 # Parent c073c723e26413ce8863ac78a41fd05eb80dbfb9 auth: refactor LDAP authentication - make it more clear in program flow when authentication is accepted diff -r c073c723e264 -r a00a58323729 kallithea/lib/auth_modules/auth_ldap.py --- a/kallithea/lib/auth_modules/auth_ldap.py Mon Oct 24 15:18:51 2016 +0200 +++ b/kallithea/lib/auth_modules/auth_ldap.py Mon Oct 24 15:18:51 2016 +0200 @@ -148,18 +148,21 @@ try: log.debug('Trying simple bind with %s', dn) server.simple_bind_s(dn, safe_str(password)) - attrs = server.search_ext_s(dn, ldap.SCOPE_BASE, - '(objectClass=*)')[0][1] - break + results = server.search_ext_s(dn, ldap.SCOPE_BASE, + '(objectClass=*)') + if len(results) == 1: + dn_, attrs = results[0] + assert dn_ == dn + return dn, attrs except ldap.INVALID_CREDENTIALS: log.debug("LDAP rejected password for user '%s' (%s): %s", uid, username, dn) + continue # accept authentication as another ldap user with same username - else: - log.debug("No matching LDAP objects for authentication " - "of '%s' (%s)", uid, username) - raise LdapPasswordError() + log.debug("No matching LDAP objects for authentication " + "of '%s' (%s)", uid, username) + raise LdapPasswordError() except ldap.NO_SUCH_OBJECT: log.debug("LDAP says no such user '%s' (%s)", uid, username) @@ -167,8 +170,6 @@ except ldap.SERVER_DOWN: raise LdapConnectionError("LDAP can't access authentication server") - return dn, attrs - class KallitheaAuthPlugin(auth_modules.KallitheaExternalAuthPlugin): def __init__(self):