Introduce LDAP configuration parameter LDAP_IGNORE_MALFORMED_SCHEMA to ignore fetching schema from the LDAP server. #7062

2024-07-04 11:33:52 -05:00 · 2024-01-01 11:04:57 +05:30 · 2024-01-01 11:04:57 +05:30 · 3fa4e82af9
commit 3fa4e82af9
parent fd8af4034a
3 changed files with 15 additions and 1 deletions
--- a/docs/en_US/ldap.rst
+++ b/docs/en_US/ldap.rst
@ -87,6 +87,9 @@ There are 3 ways to configure LDAP:
   "LDAP_KEY_FILE","Specifies the path to the server private key file. This parameter
   is applicable only if you are using *ldaps* as connection protocol or you have
   set *LDAP_USE_STARTTLS* parameter to *True*."
+   "LDAP_IGNORE_MALFORMED_SCHEMA", "Some flaky LDAP servers returns malformed schema.
+   If this parameter set to *True*, no exception will be raised and schema is thrown away
+   but authentication will be done. This parameter should remain False, as recommended."
   "**Bind as pgAdmin user**"
   "LDAP_BASE_DN","Specifies the base DN from where a server will start the search
   for users. For example, an LDAP search for any user will be performed by the server
--- a/web/config.py
+++ b/web/config.py
@ -720,6 +720,13 @@ LDAP_CA_CERT_FILE = ''
 LDAP_CERT_FILE = ''
 LDAP_KEY_FILE = ''

+##########################################################################
+
+# Some flaky LDAP servers returns malformed schema. If True, no exception
+# will be raised and schema is thrown away but authentication will be done.
+# This parameter should remain False, as recommended.
+LDAP_IGNORE_MALFORMED_SCHEMA = False
+
 ##########################################################################
 # Kerberos Configuration
 ##########################################################################
--- a/web/pgadmin/authenticate/ldap.py
+++ b/web/pgadmin/authenticate/ldap.py
@ -12,7 +12,7 @@
 import ssl
 import config
 from ldap3 import Connection, Server, Tls, ALL, ALL_ATTRIBUTES, ANONYMOUS,\
-    SIMPLE, AUTO_BIND_TLS_BEFORE_BIND, AUTO_BIND_NO_TLS
+    SIMPLE, AUTO_BIND_TLS_BEFORE_BIND, AUTO_BIND_NO_TLS, set_config_parameter
 from ldap3.core.exceptions import LDAPSocketOpenError, LDAPBindError,\
    LDAPInvalidScopeError, LDAPAttributeError, LDAPInvalidFilterError,\
    LDAPStartTLSError, LDAPSSLConfigurationError
@ -33,6 +33,10 @@ ERROR_SEARCHING_LDAP_DIRECTORY = gettext(
 ERROR_CONNECTING_LDAP_SERVER = gettext(
    "Error connecting to the LDAP server: {}\n")

+if config.LDAP_IGNORE_MALFORMED_SCHEMA:
+    set_config_parameter('IGNORE_MALFORMED_SCHEMA',
+                         config.LDAP_IGNORE_MALFORMED_SCHEMA)
+

 class LDAPAuthentication(BaseAuthentication):
    """Ldap Authentication Class"""