Introduce LDAP configuration parameter LDAP_IGNORE_MALFORMED_SCHEMA t…

…o ignore fetching schema from the LDAP server. pgadmin-org#7062
akshay-joshi · Jan 1, 2024 · 3fa4e82 · 3fa4e82
1 parent fd8af40
commit 3fa4e82
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/docs/en_US/ldap.rst b/docs/en_US/ldap.rst
@@ -87,6 +87,9 @@ There are 3 ways to configure LDAP:
    "LDAP_KEY_FILE","Specifies the path to the server private key file. This parameter
    is applicable only if you are using *ldaps* as connection protocol or you have
    set *LDAP_USE_STARTTLS* parameter to *True*."
+   "LDAP_IGNORE_MALFORMED_SCHEMA", "Some flaky LDAP servers returns malformed schema.
+   If this parameter set to *True*, no exception will be raised and schema is thrown away
+   but authentication will be done. This parameter should remain False, as recommended."
    "**Bind as pgAdmin user**"
    "LDAP_BASE_DN","Specifies the base DN from where a server will start the search
    for users. For example, an LDAP search for any user will be performed by the server

diff --git a/web/config.py b/web/config.py
@@ -720,6 +720,13 @@
 LDAP_CERT_FILE = ''
 LDAP_KEY_FILE = ''
 
+##########################################################################
+
+# Some flaky LDAP servers returns malformed schema. If True, no exception
+# will be raised and schema is thrown away but authentication will be done.
+# This parameter should remain False, as recommended.
+LDAP_IGNORE_MALFORMED_SCHEMA = False
+
 ##########################################################################
 # Kerberos Configuration
 ##########################################################################

diff --git a/web/pgadmin/authenticate/ldap.py b/web/pgadmin/authenticate/ldap.py
@@ -12,7 +12,7 @@
 import ssl
 import config
 from ldap3 import Connection, Server, Tls, ALL, ALL_ATTRIBUTES, ANONYMOUS,\
-    SIMPLE, AUTO_BIND_TLS_BEFORE_BIND, AUTO_BIND_NO_TLS
+    SIMPLE, AUTO_BIND_TLS_BEFORE_BIND, AUTO_BIND_NO_TLS, set_config_parameter
 from ldap3.core.exceptions import LDAPSocketOpenError, LDAPBindError,\
     LDAPInvalidScopeError, LDAPAttributeError, LDAPInvalidFilterError,\
     LDAPStartTLSError, LDAPSSLConfigurationError
@@ -33,6 +33,10 @@
 ERROR_CONNECTING_LDAP_SERVER = gettext(
     "Error connecting to the LDAP server: {}\n")
 
+if config.LDAP_IGNORE_MALFORMED_SCHEMA:
+    set_config_parameter('IGNORE_MALFORMED_SCHEMA',
+                         config.LDAP_IGNORE_MALFORMED_SCHEMA)
+
 
 class LDAPAuthentication(BaseAuthentication):
     """Ldap Authentication Class"""