saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Make sure ldap passwords are honored

Browse source
This commit is contained in:
Daniel A. Wozniak 2018-12-05 12:46:10 -07:00
parent c02387ed1f
commit 055a8d5d74
No known key found for this signature in database
GPG key ID: 166B9D2C06C82D61
2 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
salt/auth/ldap.py
View file

@ -283,12 +283,14 @@ def auth(username, password):
log.error('LDAP authentication requires python-ldap module')
return False
bind = None
# If bind credentials are configured, verify that we receive a valid bind
if _config('binddn', mandatory=False) and _config('bindpw', mandatory=False):
bind = _bind_for_search(anonymous=_config('anonymous', mandatory=False))
search_bind = _bind_for_search(anonymous=_config('anonymous', mandatory=False))
# If username & password are not None, attempt to verify they are valid
if bind and username and password:
if search_bind and username and password:
bind = _bind(username, password,
anonymous=_config('auth_by_group_membership_only', mandatory=False)
and _config('anonymous', mandatory=False))

7
tests/unit/auth/test_ldap.py
View file

@ -10,6 +10,8 @@ import salt.auth.ldap
from tests.support.mock import patch, NO_MOCK, NO_MOCK_REASON
from tests.support.unit import skipIf, TestCase
from unittest import TestCase
salt.auth.ldap.__opts__ = {}
@ -86,3 +88,8 @@ class LDAPAuthTestCase(TestCase):
with patch.dict(salt.auth.ldap.__opts__, self.opts):
with patch('salt.auth.ldap.auth', return_value=Bind):
self.assertIn('saltusers', salt.auth.ldap.groups('saltuser', password='password'))
def test_auth_nopass(self):
with patch.dict(salt.auth.ldap.__opts__, self.opts):
with patch('salt.auth.ldap._bind_for_search', return_value=Bind):
assert salt.auth.ldap.auth('foo', None) == False