Modify ldap validator to just check user existence

Remove auth user check from updating config app config remove duplicate certs install script
2018-07-11 16:03:36 -04:00 · 2018-07-11 16:03:36 -04:00 · 9024419896
commit 9024419896
parent bd54eacbad
7 changed files with 52 additions and 92 deletions
--- a/data/users/externalldap.py
+++ b/data/users/externalldap.py
@ -205,6 +205,32 @@ class LDAPUsers(FederatedUsers):

    return (True, None)

+  def at_least_one_user_exists(self):
+      logger.debug('Checking if any users exist in LDAP')
+      try:
+          with self._ldap.get_connection():
+              pass
+      except ldap.INVALID_CREDENTIALS:
+          return (None, 'LDAP Admin dn or password is invalid')
+
+      with self._ldap.get_connection() as conn:
+          for user_search_dn in self._user_dns:
+              try:
+                  (pairs, err_msg) = conn.search_ext_s(user_search_dn, ldap.SCOPE_SUBTREE)
+              except Exception as e:
+                  # Catch ldap exceptions to give the user our custom error message
+                  return (False, e.message)
+
+              # if we find any users at all the ldap is valid
+              if pairs is not None and len(pairs) > 0:
+                  return (True, None)
+
+              if err_msg is not None:
+                  return (None, err_msg)
+
+      return (False, None)
+
+
  def get_user(self, username_or_email):
    """ Looks up a username or email in LDAP. """
    logger.debug('Looking up LDAP username or email %s', username_or_email)