incubator-airflow git commit: [AIRFLOW-1711] Use ldap3 dict for group membership

Mon, 30 Oct 2017 11:35:49 -0700 

Repository: incubator-airflow
Updated Branches:
  refs/heads/v1-9-test 4e06ee554 -> 40a936b67


[AIRFLOW-1711] Use ldap3 dict for group membership

Certain schemas for group membership return a
string
instead of a list. Instead of using a check we now
use the entries API from ldap3.

Closes #2731 from bolkedebruin/AIRFLOW-1711

(cherry picked from commit abcf1d584c66ab4f0a4c8c2c56c74104d9a50903)
Signed-off-by: Bolke de Bruin <[email protected]>


Project: http://git-wip-us.apache.org/repos/asf/incubator-airflow/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-airflow/commit/40a936b6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-airflow/tree/40a936b6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-airflow/diff/40a936b6

Branch: refs/heads/v1-9-test
Commit: 40a936b67e8449bfb5ba67507cc4a774d8991b51
Parents: 4e06ee5
Author: Bolke de Bruin <[email protected]>
Authored: Mon Oct 30 19:35:10 2017 +0100
Committer: Bolke de Bruin <[email protected]>
Committed: Mon Oct 30 19:35:26 2017 +0100

----------------------------------------------------------------------
 airflow/contrib/auth/backends/ldap_auth.py | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/40a936b6/airflow/contrib/auth/backends/ldap_auth.py
----------------------------------------------------------------------
diff --git a/airflow/contrib/auth/backends/ldap_auth.py 
b/airflow/contrib/auth/backends/ldap_auth.py
index df29de3..2dcacda 100644
--- a/airflow/contrib/auth/backends/ldap_auth.py
+++ b/airflow/contrib/auth/backends/ldap_auth.py
@@ -76,14 +76,10 @@ def group_contains_user(conn, search_base, group_filter, 
user_name_attr, usernam
                        attributes=[native(user_name_attr)]):
         log.warning("Unable to find group for %s %s", search_base, 
search_filter)
     else:
-        for resp in conn.response:
-            if (
-                        'attributes' in resp and (
-                            resp['attributes'].get(user_name_attr)[0] == 
username or
-                            resp['attributes'].get(user_name_attr) == username
-                )
-            ):
+        for entry in conn.entries:
+            if username in getattr(entry, user_name_attr).values:
                 return True
+
     return False

Reply via email to