[
https://issues.apache.org/jira/browse/AIRFLOW-1711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16202560#comment-16202560
]
Steve Jacobs commented on AIRFLOW-1711:
---------------------------------------
This PR does not resolve this issue. Although the idea is correct, when using
this against freeipa (389ds), this code just tries to dereference an array that
does not exist:
airflow[31154]: File
"/opt/airflow/venv/lib/python2.7/site-packages/airflow/contrib/auth/backends/ldap_auth.py",
line 82, in group_contains_user
airflow[31154]: resp['attributes'].get(user_name_attr)[0] == username or
airflow[31154]: IndexError: list index out of range
If I comment out the line:
resp['attributes'].get(user_name_attr)[0] == username or
The code works. I'm not sure what the most 'pythonic' way to check if the
returned value is a list or not, but it seems that is necessary to check if a
list index is necessary or not for the return code. Not an or check.
I tried reversing the order of the or, but it seems that python actually
executes both conditionals. At least python 2.7, which is what I am using.
> Ldap Attributes not always a "list" part 2
> ------------------------------------------
>
> Key: AIRFLOW-1711
> URL: https://issues.apache.org/jira/browse/AIRFLOW-1711
> Project: Apache Airflow
> Issue Type: Bug
> Components: contrib
> Affects Versions: Airflow 1.7.1
> Environment: Linux + Active Directory
> Reporter: Steve Jacobs
>
> in the LDAP auth module
> `group_contains_user` checks for `resp['attributes'].get(user_name_attr)[0]
> == username`
> Some Ldaps apparently have this as a simple string
> `resp['attributes'].get(user_name_attr) == username`
> also should be checked
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
