saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Allow unauthenticated bind for listing LDAP groups

Browse source 
This fix was originally made in PR #45347, then pulled into another
branch under PR #45811, but was clobbered by c3f1587fdb. This commit
just restores the fix.
This commit is contained in:
Adam Mendlik 2018-12-28 16:14:29 -07:00
parent b8615e1564
commit 08e36d0c48
No known key found for this signature in database
GPG key ID: BD2747BB4A930106
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
salt/auth/ldap.py
View file

@ -323,7 +323,14 @@ def groups(username, **kwargs):
'''
group_list = []
bind = auth(username, kwargs.get('password', None))
# If bind credentials are configured, use them instead of user's
if _config('binddn', mandatory=False) and _config('bindpw', mandatory=False):
bind = _bind_for_search(anonymous=_config('anonymous', mandatory=False))
else:
bind = _bind(username, kwargs.get('password', ''),
anonymous=_config('auth_by_group_membership_only', mandatory=False)
and _config('anonymous', mandatory=False))
if bind:
log.debug('ldap bind to determine group membership succeeded!')