Patch for HUE-1442.

Review Request #3392 - Created July 30, 2013 and submitted

Chris Conner
old-hue
Master
HUE-1442
abec, enricoberti, romain
Patch for HUE-1442.  Changed all LDAP auth from direct bind to search/bind per:

http://pythonhosted.org/django-auth-ldap/authentication.html#search-bind

I removed "nt_domain" and "ldap_username_pattern" requirement all together.  No need for them at all.
Tested against AD and OpenDS with both ldapsync of user and group along with Auth.  Then tested against Directory Server where entry looked like:

dn: employeeNumber=1234,ou=people,dc=example,dc=com
employeeNumber: 1234
cn: Sam Carter
sn: Carter
givenname: Sam
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Accounting
ou: People
l: Sunnyvale
uid: scarter 

Notice that uid is nowhere to be found in the DN, however, the end user would still login with "uid".
  • 0
  • 0
  • 2
  • 0
  • 2
Description From Last Updated
  1. Can you create a new branch in github? That way, we can tinker with this.
  2. 
      
  1. Every thing looks good except for one thing! Please attach the fixed patch to the jira and submit this review request!
  2. desktop/core/src/desktop/auth/backend.py (Diff revision 1)
     
     
     
    If BIND_DN is not configured, shouldn't set AUTH_LDAP_BIND_DN. Same with AUTH_LDAP_BIND_PASSWORD.
  3. 
      
  1. One last thing, then perfect!
  2. desktop/core/src/desktop/auth/backend.py (Diff revision 3)
     
     
     
     
     
     
     
    The warning message might best be in 'desktop.conf.config_validator'.
  3. 
      
  1. Ship It!
  2. 
      
Review request changed

Status: Closed (submitted)

Loading...