IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2024-07-07 04:53:25 -05:00
Code Issues Packages Projects Releases Wiki Activity

Introduce LDAP configuration parameter LDAP_IGNORE_MALFORMED_SCHEMA to ignore fetching schema from the LDAP server. #7062

Browse Source
This commit is contained in:
Khushboo Vashi 2024-01-01 11:04:57 +05:30 committed by GitHub
parent fd8af4034a
commit 3fa4e82af9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/en_US/ldap.rst
View File

@ -87,6 +87,9 @@ There are 3 ways to configure LDAP:
"LDAP_KEY_FILE","Specifies the path to the server private key file. This parameter "LDAP_KEY_FILE","Specifies the path to the server private key file. This parameter
is applicable only if you are using *ldaps* as connection protocol or you have is applicable only if you are using *ldaps* as connection protocol or you have
set *LDAP_USE_STARTTLS* parameter to *True*." set *LDAP_USE_STARTTLS* parameter to *True*."
"LDAP_IGNORE_MALFORMED_SCHEMA", "Some flaky LDAP servers returns malformed schema.
If this parameter set to *True*, no exception will be raised and schema is thrown away
but authentication will be done. This parameter should remain False, as recommended."
"**Bind as pgAdmin user**" "**Bind as pgAdmin user**"
"LDAP_BASE_DN","Specifies the base DN from where a server will start the search "LDAP_BASE_DN","Specifies the base DN from where a server will start the search
for users. For example, an LDAP search for any user will be performed by the server for users. For example, an LDAP search for any user will be performed by the server

7
web/config.py
View File

@ -720,6 +720,13 @@ LDAP_CA_CERT_FILE = ''
LDAP_CERT_FILE = '' LDAP_CERT_FILE = ''
LDAP_KEY_FILE = '' LDAP_KEY_FILE = ''
##########################################################################
# Some flaky LDAP servers returns malformed schema. If True, no exception
# will be raised and schema is thrown away but authentication will be done.
# This parameter should remain False, as recommended.
LDAP_IGNORE_MALFORMED_SCHEMA = False
########################################################################## ##########################################################################
# Kerberos Configuration # Kerberos Configuration
########################################################################## ##########################################################################

6
web/pgadmin/authenticate/ldap.py
View File

@ -12,7 +12,7 @@
import ssl import ssl
import config import config
from ldap3 import Connection, Server, Tls, ALL, ALL_ATTRIBUTES, ANONYMOUS,\ from ldap3 import Connection, Server, Tls, ALL, ALL_ATTRIBUTES, ANONYMOUS,\
SIMPLE, AUTO_BIND_TLS_BEFORE_BIND, AUTO_BIND_NO_TLS SIMPLE, AUTO_BIND_TLS_BEFORE_BIND, AUTO_BIND_NO_TLS, set_config_parameter
from ldap3.core.exceptions import LDAPSocketOpenError, LDAPBindError,\ from ldap3.core.exceptions import LDAPSocketOpenError, LDAPBindError,\
LDAPInvalidScopeError, LDAPAttributeError, LDAPInvalidFilterError,\ LDAPInvalidScopeError, LDAPAttributeError, LDAPInvalidFilterError,\
LDAPStartTLSError, LDAPSSLConfigurationError LDAPStartTLSError, LDAPSSLConfigurationError
@ -33,6 +33,10 @@ ERROR_SEARCHING_LDAP_DIRECTORY = gettext(
ERROR_CONNECTING_LDAP_SERVER = gettext( ERROR_CONNECTING_LDAP_SERVER = gettext(
"Error connecting to the LDAP server: {}\n") "Error connecting to the LDAP server: {}\n")
if config.LDAP_IGNORE_MALFORMED_SCHEMA:
set_config_parameter('IGNORE_MALFORMED_SCHEMA',
config.LDAP_IGNORE_MALFORMED_SCHEMA)
class LDAPAuthentication(BaseAuthentication): class LDAPAuthentication(BaseAuthentication):
"""Ldap Authentication Class""" """Ldap Authentication Class"""