Add ldap_support_extended configuration

* Add ldap_support_extended configuration

For samba, extended command is not supported.
To solve, add configuration to call whoami or not.

```
DEBUG:ldap3:EXTENDED:ldap message received via <ldaps://samba:636 - ssl - user: CN=test2,CN=Users,DC=samba,DC=dom - not lazy - bound - open - <local: 172.18.0.0:33916 - remote: 172.18.0.0:636> - tls not started - listening - SyncStrategy - internal decoder>:
<<{'controls': None,
<< 'messageID': 9,
<< 'payload': [(0, False, 10, 2),
<<             (0, False, 4, b''),
<<             (0,
<<              False,
<<              4,
<<              b'Extended Operation(1.3.6.1.4.1.4203.1.11.3) not supported'),
<<             (2, False, 10, b'1.3.6.1.4.1.4203.1.11.3')],
<< 'protocolOp': 24}
DEBUG:ldap3:PROTOCOL:EXTENDED response <[{'result': 2, 'description': 'protocolError', 'dn': '', 'message': 'Extended Operation(1.3.6.1.4.1.4203.1.11.3) not supported', 'referrals': None, 'responseName': '1.3.6.1.4.1.4203.1.11.3', 'responseValue': b'', 'type': 'extendedResp'}]> received via <ldaps://samba:636 - ssl - user: CN=test2,CN=Users,DC=samba,DC=dom - not lazy - bound - open - <local: 172.18.0.0:33916 - remote: 172.18.0.0:636> - tls not started - listening - SyncStrategy - internal decoder>
DEBUG:ldap3:BASIC:done EXTENDED operation, result <False>
```

* Update README.md
This commit is contained in:
in dow 2019-05-23 21:35:06 +09:00 committed by GitHub
parent aab208e7fd
commit a01e3ada3f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 2 deletions

View File

@ -31,4 +31,8 @@ ldap_password = verysecurepassword
# LDAP scope of the search # LDAP scope of the search
ldap_scope = LEVEL ldap_scope = LEVEL
# LDAP extended option
# If the server is samba, ldap_support_extended is should be no
ldap_support_extended = yes
``` ```

View File

@ -44,6 +44,7 @@ class Auth(BaseAuth):
BINDDN = self.configuration.get("auth", "ldap_binddn") BINDDN = self.configuration.get("auth", "ldap_binddn")
PASSWORD = self.configuration.get("auth", "ldap_password") PASSWORD = self.configuration.get("auth", "ldap_password")
SCOPE = self.configuration.get("auth", "ldap_scope") SCOPE = self.configuration.get("auth", "ldap_scope")
SUPPORT_EXTENDED = self.configuration.getboolean("auth", "ldap_support_extended", fallback=True)
if BINDDN and PASSWORD: if BINDDN and PASSWORD:
conn = ldap3.Connection(SERVER, BINDDN, PASSWORD) conn = ldap3.Connection(SERVER, BINDDN, PASSWORD)
@ -80,8 +81,12 @@ class Auth(BaseAuth):
conn = ldap3.Connection(SERVER, user_dn, password) conn = ldap3.Connection(SERVER, user_dn, password)
conn.bind() conn.bind()
self.logger.debug(conn.result) self.logger.debug(conn.result)
whoami = conn.extend.standard.who_am_i() if SUPPORT_EXTENDED:
self.logger.debug("LDAP whoami: %s" % whoami) whoami = conn.extend.standard.who_am_i()
self.logger.debug("LDAP whoami: %s" % whoami)
else:
self.logger.debug("LDAP skip extended: call whoami")
whoami = conn.result['result'] == 0
if whoami: if whoami:
self.logger.debug("LDAP bind OK") self.logger.debug("LDAP bind OK")
return True return True