search

ContinuumIO / flask-ldap-login

Flask ldap integration
BSD 2-Clause "Simplified" License
105 stars 35 forks source link

LDAP: KEY_MAP existence causing mixed results #15

Closed ijstokes closed 8 years ago

ijstokes commented 8 years ago

From @amccarty on October 5, 2015 20:52

I'm getting difference results when I use a KEY_MAP vs when I don't.

In the config below (it works, so feel free to test with it) I'm mapping email and name. The database results are below:

{
    "accounts":"wk_server.plugins.accounts.ldap2",
    "LDAP" : {
        "URI": "ldap://openldap.testcio.com",
        "BIND_DN": "cn=Bob Jones,ou=Users,DC=testcio,DC=com",
        "BIND_AUTH": "p@ssw0rd",
        "USER_SEARCH": {"base": "DC=testcio,DC=com",
                        "filter": "(| (& (ou=Payroll) (uid=%(username)s)) (& (ou=Janitorial) (uid=%(username)s)))"
                        },
        "KEY_MAP": {"email": "mail",
                    "name": "cn" 
                }
    }
}

Resulting DB entry:

{ "_id" : ObjectId("5612e02de138230dabf14cd1"),
 "username" : "NewportC",
 "_username" : "newportc",
 "name" : "Chok Newport",
 "is_active" : true,
 "attrs" : {
    "username" : "NewportC"
  }, 
"time" : {
    "last_seen" : ISODate("2015-10-05T20:40:22.912Z"),
    "modified" : ISODate("2015-10-05T20:40:22.899Z"),
    "created" : ISODate("2015-10-05T20:40:13.862Z")
 },
"password" : null, 
"email" : "NewportC@ns-mail6.com" 
}

In this config, I'm not mapping. The database results are below:

{
    "accounts":"wk_server.plugins.accounts.ldap2",
    "LDAP" : {
        "URI": "ldap://openldap.testcio.com",
        "BIND_DN": "cn=Bob Jones,ou=Users,DC=testcio,DC=com",
        "BIND_AUTH": "p@ssw0rd",
        "USER_SEARCH": {"base": "DC=testcio,DC=com",
                        "filter": "(| (& (ou=Payroll) (uid=%(username)s)) (& (ou=Janitorial) (uid=%(username)s)))"
                        }
    }
}

Resulting DB entry:

{ "_id" : ObjectId("5612df5ce138230d65c7674c"), 
"cn" : "Chok Newport", 
"objectClass" : [ 
   "top",  
   "person",  
   "organizationalPerson",  
   "inetOrgPerson" 
], 
"secretary" : "cn=Gee Serbus,ou=Management,dc=testcio,dc=com", 
"manager" : "cn=Mehmud Jarnak,ou=Administrative,dc=testcio,dc=com", 
"attrs" : {  
   "username" : "NewportC" 
}, 
"uid" : "NewportC", 
"employeeType" : "Employee", 
"title" : "Junior Janitorial Grunt", 
"facsimileTelephoneNumber" : "+1 415 245-1438", 
"mail" : "NewportC@ns-mail6.com", 
"postalAddress" : "Janitorial$Orem", 
"email" : null, 
"username" : "NewportC",
 "departmentNumber" : "2209", 
"_username" : "newportc", 
"description" : "This is Chok Newport's description", 
"is_active" : true, 
"password" : null, 
"pager" : "+1 415 144-7812", 
"homePhone" : "+1 415 412-9970",
 "telephoneNumber" : "+1 415 773-1661", 
"mobile" : "+1 415 965-5956", 
"roomNumber" : "9087", 
"l" : "Orem", 
"carLicense" : "76HIQX", 
"sn" : "Newport", 
"time" : { 
   "last_seen" : ISODate("2015-10-05T20:36:44.096Z"),  
   "modified" : ISODate("2015-10-05T20:36:44.047Z"),  
   "created" : ISODate("2015-10-05T20:36:44.047Z") 
},  
"ou" : "Janitorial",  
"givenName" : "Chok",  
"initials" : "C. N." 
}
`

_Copied from original issue: ContinuumIO/wakari-server#487_
ijstokes commented 8 years ago

From @amccarty on October 5, 2015 21:4

As you can see, when I don't map keys/attributes, I get much more detail from LDAP.

ijstokes commented 8 years ago

@amccarty is this a problem for you? I haven't looked at the code, but I'm assuming that the behavior is intentional: a key-map will also act as a selection filter as a side-effect. I'm moving this issue to the flask-ldap-login repo.

amccarty commented 8 years ago

I think we're good here - thanks @ijstokes