ldapauthenticator Groups are not allowed to have parenthesis in their name

Groups are not allowed to have parenthesis in their name

Open consideRatio opened this issue 5 years ago • 2 comments

I extracted this from @leetim's issue #148 where two issues were described in one github issue, making it hard to track them properly. Below is the issue as described by @leetim in #148.

Users cannot be authorized if the group name contains the characters ( and ).

c.LDAPAuthenticator.allowed_groups = [
 'CN=_ IT-группа Бизнес-анализа данных,OU=_ДолжностиИОтделы,OU=DNS Users,DC=partner,DC=ru',
 # Authorization with next line doesn't work
 'CN=_ Федеральный директор - Фед. адм. (Управление),OU=_ДолжностиИОтделы,OU=DNS Users,DC=partner,DC=ru',
]

Dec 20 '19 01:12 consideRatio

yes, we ran into the same problem...

Feb 19 '20 01:02 csayler

Strange, that worked for me. My group name is dn: cn=admin (2),ou=roles,dc=wimpi,dc=net. My settings have:

c.LDAPAuthenticator.allowed_groups = [
    "cn=admin (2),ou=roles,dc=wimpi,dc=net"
]

And when I debug the authenticator, it's possible to confirm that the LDAP search used that value in the filters (I had to remove memberUid and uniqueMember due to #133 as I'm using OpenLDAP).

Jul 09 '20 00:07 kinow

ldapauthenticator ldapauthenticator copied to clipboard

Groups are not allowed to have parenthesis in their name

ldapauthenticator
ldapauthenticator copied to clipboard