saltstack · rallytime · Jan 31, 2018 · Jan 5, 2018 · Jan 5, 2018 · Jan 18, 2018
@@ -276,12 +276,17 @@ def auth(username, password):
     '''
     Simple LDAP auth
     '''
-    #If bind credentials are configured, use them instead of user's
+    if not HAS_LDAP:
+        log.error('LDAP authentication requires python-ldap module')
+        return False
+
+    # If bind credentials are configured, use them instead of user's
     if _config('binddn', mandatory=False) and _config('bindpw', mandatory=False):
         bind = _bind_for_search(anonymous=_config('anonymous', mandatory=False))
     else:
-        bind = _bind(username, password, anonymous=_config('auth_by_group_membership_only', mandatory=False) and
-                                        _config('anonymous', mandatory=False))
+        bind = _bind(username, password,
+                     anonymous=_config('auth_by_group_membership_only', mandatory=False)
+                     and _config('anonymous', mandatory=False))
 
     if bind:
         log.debug('LDAP authentication successful')
@@ -308,8 +313,13 @@ def groups(username, **kwargs):
     '''
     group_list = []
 
-    # Perform un-authenticated bind to determine group membership
-    bind = _bind_for_search(anonymous=_config('anonymous', mandatory=False))
+    # If bind credentials are configured, use them instead of user's
+    if _config('binddn', mandatory=False) and _config('bindpw', mandatory=False):
+        bind = _bind_for_search(anonymous=_config('anonymous', mandatory=False))
+    else:
+        bind = _bind(username, kwargs.get('password', ''),
+                     anonymous=_config('auth_by_group_membership_only', mandatory=False)
+                     and _config('anonymous', mandatory=False))
 
     if bind:
         log.debug('ldap bind to determine group membership succeeded!')