New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Improve LDAP implementation to be standards compliant #13777
Conversation
Add new fields for the new group feature issue #13738
New method to search for user group membership. Replaces old logic of using an ldap users attribute memberof which is not supported by all LDAP implementations issue #13738
as part of the search the login/user name is required to find the user issue #13738
adjusted to posixgroup as openldap groups use objectclass 'posixgroup' for both a posix group and a samba group. issue #13738
All LDAP operations should be done by ldap base dn user. This allows an administrator to lock down their directory to the user the LDAP operations are being conducted by. issue #13738
Validate the LDAP search filter including enclosing in '()'. Note: if a user has a complex filter that misses the last ')' it will not be added. i.e. (&(objectclass=posixgroup)(uid={0}) is invalid but will pass validation. issue #13738
issue #13738
to confirm user credentials, use 'rebind' instead of re-connecting to ldap. This also enables unit testing of all functions except the connection to ldap. issue #13738
ldap search string is user input. validate to ensure is enclosed in '()', has the '{0}' placeholder and has the same number of brackets as used in complex ldap search strings. issue #13738
A blank password causes exception 'ldap3.core.exceptions.LDAPPasswordIsMandatoryError'. Validate the user input. Issue #13738
a user document is passed to the function. use this to derive user details issue #13738
frappe/integrations/doctype/ldap_settings/test_ldap_settings.py
Outdated
Show resolved
Hide resolved
frappe/integrations/doctype/ldap_settings/test_ldap_settings.py
Outdated
Show resolved
Hide resolved
frappe/integrations/doctype/ldap_settings/test_ldap_settings.py
Outdated
Show resolved
Hide resolved
frappe/integrations/doctype/ldap_settings/test_ldap_settings.py
Outdated
Show resolved
Hide resolved
frappe/integrations/doctype/ldap_settings/test_ldap_settings.py
Outdated
Show resolved
Hide resolved
frappe/integrations/doctype/ldap_settings/test_ldap_settings.py
Outdated
Show resolved
Hide resolved
frappe/integrations/doctype/ldap_settings/test_ldap_settings.py
Outdated
Show resolved
Hide resolved
frappe/integrations/doctype/ldap_settings/test_ldap_settings.py
Outdated
Show resolved
Hide resolved
sider #issue-5810499
A user object is passed to the function. Use this to derived the user details. PR #13777
Function requires attributes to be of type x, validate to ensure any changes will break function and to prevent further exceptions. Only output to console as it's only a developer who will generate this error. PR-#13777
Docs are currently being worked on and will have PR done as soon as complete. |
glad to hear. do I need to create an additional PR for this to be added to version-13? |
Bump, What is the process to have this PR added to version 12 and 13? |
https://discuss.erpnext.com/t/hotfix-version-xx-develop-issue-pr-and-frappe-policies/78952/2 @mergify backport version-13 should create a PR |
Command
Hey, I reacted but my real name is @Mergifyio |
@mergify backport version-13-hotfix |
Command
Hey, I reacted but my real name is @Mergifyio |
Full proposal can be found in issue #13738
PR: #13777
Frappe: PR frappe/frappe_docs#168
PR Tasks
docs: frappe/frappe_docs#168