Hello,
I need to find several LDAP groups and then work with the search results. I want to set the list of groups using a settings variable. If this variable is not set, it seems reasonable to pass an empty list (containing no groups).
group_entries = GroupEntry.objects.filter(
cn__in=getattr(settings, 'LDAP_ACCOUNT_INITIAL_GROUPS', [])).all()
for group_entry in group_entries:
...Unfortunately, when an empty list is passed to the __in filter, this creates an invalid LDAP search filter. So I get ldap.PROTOCOL_ERROR exception.
On the Django debug page I see the following:
| Variable |
Value |
| attrlist |
['cn', 'member', 'objectclass'] |
| attrsonly |
0 |
| base |
'cn=groups,cn=accounts,dc=demo1,dc=freeipa,dc=org' |
| clientctrls |
None |
| filterstr |
'(&(objectclass=groupOfNames)(|))' |
| msgid |
3 |
| scope |
2 |
| self |
<ldap.ldapobject.SimpleLDAPObject object at 0x7f8970189220> |
| serverctrls |
None |
| sizelimit |
0 |
| timeout |
-1 |
As we can see, only the pipe is added to the filter.
I think it makes more sense to return a ValueError instead.
Hello,
I need to find several LDAP groups and then work with the search results. I want to set the list of groups using a settings variable. If this variable is not set, it seems reasonable to pass an empty list (containing no groups).
Unfortunately, when an empty list is passed to the __in filter, this creates an invalid LDAP search filter. So I get
ldap.PROTOCOL_ERRORexception.On the Django debug page I see the following:
As we can see, only the pipe is added to the filter.
I think it makes more sense to return a
ValueErrorinstead.