search

dpgaspar / Flask-AppBuilder

Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Demo (login with guest/welcome) - http://flaskappbuilder.pythonanywhere.com/
BSD 3-Clause "New" or "Revised" License
4.7k stars 1.36k forks source link

AUTH_ROLES_MAPPING doesn't work in LDAP config #1561

Closed mikle7771 closed 3 years ago

mikle7771 commented 3 years ago

Flask-Appbuilder version: 3.1.1

pip freeze output:

aiohttp==3.7.2 alembic==1.4.3 amqp==2.6.1 apispec==3.3.2 async-timeout==3.0.1 attrs==20.2.0 Babel==2.8.0 backoff==1.10.0 billiard==3.6.3.0 bleach==3.2.1 boto3==1.16.10 botocore==1.19.10 Brotli==1.0.9 cached-property==1.5.2 cachelib==0.1.1 certifi==2020.6.20 cffi==1.14.3 chardet==3.0.4 click==7.1.2 colorama==0.4.4 contextlib2==0.6.0.post1 convertdate==2.3.0 cron-descriptor==1.2.24 croniter==0.3.36 cryptography==3.2.1 decorator==4.4.2 defusedxml==0.6.0 dnspython==2.0.0 email-validator==1.1.1 et-xmlfile==1.0.1 Flask==1.1.2 Flask-AppBuilder==3.1.1 Flask-Babel==1.0.0 Flask-Caching==1.9.0 Flask-Compress==1.8.0 Flask-Cors==3.0.9 Flask-JWT-Extended==3.24.1 Flask-Login==0.4.1 Flask-Migrate==2.5.3 Flask-OpenID==1.2.5 Flask-SQLAlchemy==2.4.4 flask-talisman==0.7.0 Flask-WTF==0.14.3 future==0.18.2 geographiclib==1.50 geopy==2.0.0 gunicorn==20.0.4 holidays==0.10.3 humanize==3.1.0 idna==2.10 ijson==3.1.2.post0 importlib-metadata==2.1.1 iso8601==0.1.13 isodate==0.6.0 itsdangerous==1.1.0 jdcal==1.4.1 Jinja2==2.11.2 jmespath==0.10.0 jsonlines==1.2.0 jsonschema==3.2.0 kombu==4.6.11 korean-lunar-calendar==0.2.1 linear-tsv==1.1.0 Mako==1.1.3 Markdown==3.3.3 MarkupSafe==1.1.1 marshmallow==3.9.0 marshmallow-enum==1.5.1 marshmallow-sqlalchemy==0.23.1 msgpack==1.0.0 multidict==5.0.0 natsort==7.0.1 numpy==1.19.4 openpyxl==3.0.5 packaging==20.4 pandas==1.1.4 parsedatetime==2.6 pathlib2==2.3.5 pgsanity==0.2.9 Pillow==7.2.0 polyline==1.4.0 prison==0.1.3 py==1.9.0 pyarrow==1.0.1 pyasn1==0.4.8 pyasn1-modules==0.2.8 pycparser==2.20 PyJWT==1.7.1 PyMeeus==0.3.7 pyparsing==2.4.7 pyrsistent==0.16.1 python-dateutil==2.8.1 python-dotenv==0.15.0 python-editor==1.0.4 python-geohash==0.8.5 python-ldap==3.3.1 python3-openid==3.2.0 pytz==2020.4 PyYAML==5.3.1 redis==3.5.3 requests==2.24.0 retry==0.9.2 rfc3986==1.4.0 s3transfer==0.3.3 sasl==0.2.1 simplejson==3.17.2 six==1.15.0 SQLAlchemy==1.3.20 SQLAlchemy-Utils==0.36.8 sqlparse==0.3.0 tableschema==1.20.0 tabulator==1.52.5 thrift==0.13.0 thrift-sasl==0.4.2 typing-extensions==3.7.4.3 unicodecsv==0.14.1 urllib3==1.25.11 vine==1.3.0 webencodings==0.5.1 Werkzeug==1.0.1 WTForms==2.3.3 WTForms-JSON==0.3.3 xlrd==1.2.0 yarl==1.6.2 zipp==3.4.0

Describe the expected results

AUTH_ROLES_MAPPING doesn't work in LDAP config

AUTH_TYPE = AUTH_LDAP AUTH_USER_REGISTRATION = True AUTH_LDAP_SERVER = "ldap://x.x.x.x:389" AUTH_LDAP_BIND_USER = "uid=test,cn=users,cn=accounts,dc=example,dc=com" AUTH_LDAP_BIND_PASSWORD = "pass" AUTH_LDAP_SEARCH = "dc=example,dc=com" AUTH_LDAP_UID_FIELD = "uid" AUTH_USER_REGISTRATION_ROLE = "Admin" AUTH_LDAP_USE_TLS = False AUTH_ROLES_MAPPING = { "cn=users,cn=accounts,dc=example,dc=com": ["Gamma"], "cn=testers,cn=groups,cn=accounts,dc=example,dc=com": ["Alpha"], } AUTH_LDAP_EMAIL_FIELD = "mail" AUTH_LDAP_GROUP_FIELD = "memberOf"

Also does not receive mail from LDAP

I tried to test the connection via lib python-ldap, and if I do search_s ("dc = example, dc = com", ldap.SCOPE_SUBTREE, 'uid = test', ['memberOf'])) without bind_s ("user "," pass "), then the LDAP server does not return the 'memberOf' and 'mail' fields. If I do a search after bind_s, then I get the required data.

Help, what could be the reason?

dpgaspar commented 3 years ago

Hi

This new feature was not released yet, use current master and retest