Skip to content

Catch DBusException to not throw error on LDAP group lookup #2673 #2674

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 15, 2023
Merged

Catch DBusException to not throw error on LDAP group lookup #2673 #2674

merged 1 commit into from
Sep 15, 2023

Conversation

@FroggyFlox
Copy link
Member

@FroggyFlox FroggyFlox commented Sep 13, 2023

Fixes #2673
@phillxnet, @Hooverdan96: ready for review.

We currently use InfoPipe to fetch the groupname of domain users. While this works for Active Directory users, this can fail for LDAP users if these do not belong to a posixAccount group. See #2673 and the forum thread linked therein for all details.

This pull request simply catches the DBusException thrown in such cases and logs the event (DEBUG level). The result is a groupname of "null".

Also includes:

  • minor Black formatting
  • type hints
  • import optimization
  • minor copyright updates

Functional testing

Join Rockstor to a LDAP server set with 2 user accounts:

  • one with a gidNumber of 100: this gid exists in Rockstor so the groupname should be picked up.
  • one with a gidNumber of 10000: this gid does NOT exist in Rockstor and does not correspond to a posixAccount group in the LDAP server so Rockstor cannot look up that group's name.

Going to the "Users" page, we do not have an error and we now see both users:
image

Unit testing

buildvm155:/opt/rockstor # cd src/rockstor/ && poetry run django-admin test ; cd /opt/rockstor/
Creating test database for alias 'default'...
Creating test database for alias 'smart_manager'...
System check identified no issues (0 silenced).
......................................................................................................................................................................................................................................................................
----------------------------------------------------------------------
Ran 262 tests in 15.907s

OK
Destroying test database for alias 'default'...
Destroying test database for alias 'smart_manager'...

@FroggyFlox
Catch DBusException to not throw error on LDAP group lookup rockstor#…
c997dcd 
…2673

We currently use InfoPipe to fetch the groupname of domain users. While
this works for Active Directory users, this can fail for LDAP users if
these do not belong to a posixAccount group.

This commit simply catches the DBusException thrown in such cases and
logs the event (DEBUG level). The result is a groupname of "null".

Also includes:
- minor Black formatting
- type hints
- import optimization
- minor copyright updates
@Hooverdan96
Copy link
Member

Hooverdan96 commented Sep 14, 2023

@FroggyFlox this looks good to me. It was certainly a non-trivial problem that was posted in the forum...

@phillxnet
Copy link
Member

phillxnet commented Sep 14, 2023

@FroggyFlox @Hooverdan96 My apologies for the delay in merging of late, I'll find time shortly to address the backlog and do a fresh testing release. We are still relatively early in testing so we can field test these more recent additions within the testing channel: especially given their nature of required infrastructure.

@FroggyFlox Thanks for seeing to this one so rapidly.
@Hooverdan96 Thanks for the review/double-check here.

phillxnet
phillxnet approved these changes Sep 15, 2023
View reviewed changes
Copy link
Member

@phillxnet phillxnet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@FroggyFlox This was a great find: thanks for your continued improvements in this area (and others) :).

Again only a cursory review given no infrastructure to test this against. But given my last comments I think this should be OK.

We again have a successful TW rpm build here.

@phillxnet phillxnet merged commit 410ab55 into rockstor:testing Sep 15, 2023
@phillxnet phillxnet mentioned this pull request Sep 15, 2023
Closed
@FroggyFlox FroggyFlox deleted the 2673_LDAP-failure-to-account-for-non-posix-groups branch October 20, 2023 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@phillxnet phillxnet phillxnet approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@FroggyFlox @Hooverdan96 @phillxnet