Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Group restriction not working with One-Time Password #167

Open
fcollonval opened this issue Jun 13, 2020 · 2 comments
Open

Group restriction not working with One-Time Password #167

fcollonval opened this issue Jun 13, 2020 · 2 comments

Comments

@fcollonval
Copy link

When using OTP, it is not possible to activate the group filter. The reason is the reuse of the authenticated connection to search for the groups:

ldapauthenticator/ldapauthenticator/ldapauthenticator.py

Line 443 in 65b234a

found = conn.search(

Reuse of:

ldapauthenticator/ldapauthenticator/ldapauthenticator.py

Line 382 in 65b234a

conn = self.get_connection(userdn, password)

We solved the problem by creating anonymous connection for querying groups. I don't know if this is a general solution. But if so, I'll be happy to push a PR from our fork.
@consideRatio
Copy link
Member

This sounds related to the situation in #183, where sometimes maybe the user connection isn't allowed to see group membership.

@consideRatio
Copy link
Member

I understand that the bind operation triggers a OTP request to the user, which will only happen once following #270.

  • Is search() on that connection object triggering another OTP request?
  • Why can't it be used to do search()?

Note that #183 sounds related, because then the user bound connection didn't have sufficient details to get information about the groups.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@consideRatio @fcollonval