-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Group-related features do not work on Google Secure LDAP #201
Comments
…vironment variables are not defined. This is required in order to work with Google's Secure LDAP, due to some limitations on django-auth-ldap plugin (see: django-auth-ldap/django-auth-ldap#201)
Do you have a suggestion on how to handle this? |
The only place were I've seen 'compare_s' being used is within LDAPGroupType child classes' is_member method. I do not have the time right now, but I think there could be an an LDAPGroupType specific subclass for google's LDAP, which implementes an is_member using one of the following two alternates:
Regards |
…vironment variables are not defined. This is required in order to work with Google's Secure LDAP, due to some limitations on django-auth-ldap plugin (see: django-auth-ldap/django-auth-ldap#201)
It seems
Ldapwiki has a section with title “Beware of memberOf”, which does not encourage using it. https://ldapwiki.com/wiki/MemberOf#section-MemberOf-BewareOfMemberOf I’m concerned using |
We're running into the same problem. @francoisfreitag Do you have any pointers wrt that subclass? Did anyone write one yet? |
It turns out current code for handling/searching group membership information relies on LDAP Compare requests (ie. compare_s(...)), which are not supported by Goolge's Secure LDAP (https://support.google.com/a/answer/9048516?hl=en). As stated at https://support.google.com/a/answer/9167101?hl=en => "Unsupported actions are: Add, Compare, Del, Modify, and ModifyDn.".
As such, enabling features like AUTH_LDAP_REQUIRE_GROUP, AUTH_LDAP_USER_FLAGS_BY_GROUP, etc. breaks django-auth-ldap due to Google Secure LDAP throwing "Protocol error" on response to CompareRequests made during group membership gathering.
The text was updated successfully, but these errors were encountered: