Module: check_mk
Branch: master
Commit: ce645d08724a1751c4f44593092021e8568a173e
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=ce645d08724a17…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jan 14 15:56:18 2013 +0100
ldap: improved filtering of unwanted ldap_search() responses
---
ChangeLog | 1 +
web/plugins/userdb/ldap.py | 3 ++-
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 2ebd6a7..06a6832 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,7 @@
* Add: New user_options to limit seen nagios objects even the role is set to see all
* FIX: LDAP: Fixed problem with special chars in LDAP queries when having
contactgroup sync plugin enabled
+ * LDAP: Role sync plugin validates the given group DNs with the group base dn now
1.2.1i4:
Core:
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index dffc276..cecafc7 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -194,6 +194,8 @@ def ldap_search(base, filt = '(objectclass=*)', columns = [],
scope = None):
result = []
try:
for dn, obj in ldap_connection.search_s(base, scope, filt, columns):
+ if dn is None:
+ continue # skip unwanted answers
new_obj = {}
for key, val in obj.iteritems():
new_obj[key.lower().decode('utf-8')] = [
i.decode('utf-8') for i in val ]
@@ -282,7 +284,6 @@ def ldap_user_groups(username, attr = 'cn'):
# Apply configured group ldap filter and only reply with groups
# having the current user as member
filt = '(&%s(member=%s))' % (ldap_filter('groups'),
ldap.filter.escape_filter_chars(user_dn))
-
# First get all groups
groups = []
for dn, group in
ldap_search(ldap_replace_macros(config.ldap_groupspec['dn']),