You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by bo...@apache.org on 2017/10/30 18:35:15 UTC

incubator-airflow git commit: [AIRFLOW-1711] Use ldap3 dict for group membership

Repository: incubator-airflow
Updated Branches:
  refs/heads/master 574e1c63d -> abcf1d584


[AIRFLOW-1711] Use ldap3 dict for group membership

Certain schemas for group membership return a
string
instead of a list. Instead of using a check we now
use the entries API from ldap3.

Closes #2731 from bolkedebruin/AIRFLOW-1711


Project: http://git-wip-us.apache.org/repos/asf/incubator-airflow/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-airflow/commit/abcf1d58
Tree: http://git-wip-us.apache.org/repos/asf/incubator-airflow/tree/abcf1d58
Diff: http://git-wip-us.apache.org/repos/asf/incubator-airflow/diff/abcf1d58

Branch: refs/heads/master
Commit: abcf1d584c66ab4f0a4c8c2c56c74104d9a50903
Parents: 574e1c6
Author: Bolke de Bruin <bo...@xs4all.nl>
Authored: Mon Oct 30 19:35:10 2017 +0100
Committer: Bolke de Bruin <bo...@xs4all.nl>
Committed: Mon Oct 30 19:35:10 2017 +0100

----------------------------------------------------------------------
 airflow/contrib/auth/backends/ldap_auth.py | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/abcf1d58/airflow/contrib/auth/backends/ldap_auth.py
----------------------------------------------------------------------
diff --git a/airflow/contrib/auth/backends/ldap_auth.py b/airflow/contrib/auth/backends/ldap_auth.py
index df29de3..2dcacda 100644
--- a/airflow/contrib/auth/backends/ldap_auth.py
+++ b/airflow/contrib/auth/backends/ldap_auth.py
@@ -76,14 +76,10 @@ def group_contains_user(conn, search_base, group_filter, user_name_attr, usernam
                        attributes=[native(user_name_attr)]):
         log.warning("Unable to find group for %s %s", search_base, search_filter)
     else:
-        for resp in conn.response:
-            if (
-                        'attributes' in resp and (
-                            resp['attributes'].get(user_name_attr)[0] == username or
-                            resp['attributes'].get(user_name_attr) == username
-                )
-            ):
+        for entry in conn.entries:
+            if username in getattr(entry, user_name_attr).values:
                 return True
+
     return False