[PATCH 2 of 5 3.27] [ldapfeed] use LDAP_SCOPES to find user-scope

Philippe Pepiot philippe.pepiot at logilab.fr
Wed Feb 26 16:14:25 CET 2020


# HG changeset patch
# User Philippe Pepiot <philippe.pepiot at logilab.fr>
# Date 1582667142 -3600
#      Tue Feb 25 22:45:42 2020 +0100
# Branch 3.27
# Node ID ba528f08ddfa57e09328a4c96da19e0c82a8ff85
# Parent  4942a6ebf21b3bf90785cfabab134418e3bfe3b4
# Available At https://hg.logilab.org/review/cubicweb
#              hg pull https://hg.logilab.org/review/cubicweb -r ba528f08ddfa
[ldapfeed] use LDAP_SCOPES to find user-scope

We already have LDAP_SCOPES dict defining possible scopes, this avoid possible code injection from config...
Thus we can drop global variables already defined in LDAP_SCOPES since they are not used directly anymore.

diff --git a/cubicweb/server/sources/ldapfeed.py b/cubicweb/server/sources/ldapfeed.py
--- a/cubicweb/server/sources/ldapfeed.py
+++ b/cubicweb/server/sources/ldapfeed.py
@@ -30,12 +30,10 @@ from cubicweb.server.sources import data
 from cubicweb import _
 
 # search scopes
-BASE = ldap3.SEARCH_SCOPE_BASE_OBJECT
-ONELEVEL = ldap3.SEARCH_SCOPE_SINGLE_LEVEL
-SUBTREE = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE
-LDAP_SCOPES = {'BASE': BASE,
-               'ONELEVEL': ONELEVEL,
-               'SUBTREE': SUBTREE}
+LDAP_SCOPES = {'BASE': ldap3.SEARCH_SCOPE_BASE_OBJECT,
+               'ONELEVEL': ldap3.SEARCH_SCOPE_SINGLE_LEVEL,
+               'SUBTREE': ldap3.SEARCH_SCOPE_WHOLE_SUBTREE}
+
 
 # map ldap protocol to their standard port
 PROTO_PORT = {'ldap': 389,
@@ -195,7 +193,7 @@ You can set multiple groups by separatin
         self.cnx_dn = typedconfig['data-cnx-dn']
         self.cnx_pwd = typedconfig['data-cnx-password']
         self.user_base_dn = str(typedconfig['user-base-dn'])
-        self.user_base_scope = globals()[typedconfig['user-scope']]
+        self.user_base_scope = LDAP_SCOPES[typedconfig['user-scope']]
         self.user_login_attr = typedconfig['user-login-attr']
         self.user_default_groups = typedconfig['user-default-group']
         self.user_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'}




More information about the cubicweb-devel mailing list