[jira] [Commented] (AIRFLOW-623) Ldap Attributes not always a "list"

["Steve Jacobs (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/AIRFLOW-623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16163390#comment-16163390 ] 

Steve Jacobs commented on AIRFLOW-623:
--------------------------------------

This PR does not resolve this issue. Although the idea is correct, when using this against freeipa (389ds), this code just tries to dereference an array that does not exist:
airflow[31154]: File "/opt/airflow/venv/lib/python2.7/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 82, in group_contains_user
airflow[31154]: resp['attributes'].get(user_name_attr)[0] == username or
airflow[31154]: IndexError: list index out of range

If I comment out the line:
resp['attributes'].get(user_name_attr)[0] == username or

The code works. I'm not sure what the most 'pythonic' way to check if the returned value is a list or not, but it seems that is necessary to check if a list index is necessary or not for the return code. Not an or check.

I tried reversing the order of the or, but it seems that python actually executes both conditionals. At least python 2.7, which is what I am using. 

> Ldap Attributes not always a "list"
> -----------------------------------
>
>                 Key: AIRFLOW-623
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-623
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: contrib
>    Affects Versions: Airflow 1.7.1
>         Environment: Linux + Active Directory
>            Reporter: Bo Blanton
>
> in the LDAP auth module
> `group_contains_user` checks for `resp['attributes'].get(user_name_attr)[0] == username`
> Some Ldaps apparently have this as a simple string
> `resp['attributes'].get(user_name_attr) == username` 
> also should be checked



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)