From 3fa4e82af9ac92e21268daf137c4eb74d3b20283 Mon Sep 17 00:00:00 2001 From: Khushboo Vashi Date: Mon, 1 Jan 2024 11:04:57 +0530 Subject: [PATCH] Introduce LDAP configuration parameter LDAP_IGNORE_MALFORMED_SCHEMA to ignore fetching schema from the LDAP server. #7062 --- docs/en_US/ldap.rst | 3 +++ web/config.py | 7 +++++++ web/pgadmin/authenticate/ldap.py | 6 +++++- 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/docs/en_US/ldap.rst b/docs/en_US/ldap.rst index 371ba2394..59fb9d8b0 100644 --- a/docs/en_US/ldap.rst +++ b/docs/en_US/ldap.rst @@ -87,6 +87,9 @@ There are 3 ways to configure LDAP: "LDAP_KEY_FILE","Specifies the path to the server private key file. This parameter is applicable only if you are using *ldaps* as connection protocol or you have set *LDAP_USE_STARTTLS* parameter to *True*." + "LDAP_IGNORE_MALFORMED_SCHEMA", "Some flaky LDAP servers returns malformed schema. + If this parameter set to *True*, no exception will be raised and schema is thrown away + but authentication will be done. This parameter should remain False, as recommended." "**Bind as pgAdmin user**" "LDAP_BASE_DN","Specifies the base DN from where a server will start the search for users. For example, an LDAP search for any user will be performed by the server diff --git a/web/config.py b/web/config.py index 00d5f6f78..5ece3804c 100644 --- a/web/config.py +++ b/web/config.py @@ -720,6 +720,13 @@ LDAP_CA_CERT_FILE = '' LDAP_CERT_FILE = '' LDAP_KEY_FILE = '' +########################################################################## + +# Some flaky LDAP servers returns malformed schema. If True, no exception +# will be raised and schema is thrown away but authentication will be done. +# This parameter should remain False, as recommended. +LDAP_IGNORE_MALFORMED_SCHEMA = False + ########################################################################## # Kerberos Configuration ########################################################################## diff --git a/web/pgadmin/authenticate/ldap.py b/web/pgadmin/authenticate/ldap.py index b9953e926..1ce1a8a48 100644 --- a/web/pgadmin/authenticate/ldap.py +++ b/web/pgadmin/authenticate/ldap.py @@ -12,7 +12,7 @@ import ssl import config from ldap3 import Connection, Server, Tls, ALL, ALL_ATTRIBUTES, ANONYMOUS,\ - SIMPLE, AUTO_BIND_TLS_BEFORE_BIND, AUTO_BIND_NO_TLS + SIMPLE, AUTO_BIND_TLS_BEFORE_BIND, AUTO_BIND_NO_TLS, set_config_parameter from ldap3.core.exceptions import LDAPSocketOpenError, LDAPBindError,\ LDAPInvalidScopeError, LDAPAttributeError, LDAPInvalidFilterError,\ LDAPStartTLSError, LDAPSSLConfigurationError @@ -33,6 +33,10 @@ ERROR_SEARCHING_LDAP_DIRECTORY = gettext( ERROR_CONNECTING_LDAP_SERVER = gettext( "Error connecting to the LDAP server: {}\n") +if config.LDAP_IGNORE_MALFORMED_SCHEMA: + set_config_parameter('IGNORE_MALFORMED_SCHEMA', + config.LDAP_IGNORE_MALFORMED_SCHEMA) + class LDAPAuthentication(BaseAuthentication): """Ldap Authentication Class"""