Backward compatibility for LDAP require group (#351)

netbox-community · Oct 21, 2024 · a13b904 · a13b904
1 parent 7050dd1
commit a13b904
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 15 deletions.
diff --git a/charts/netbox/Chart.yaml b/charts/netbox/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: netbox
-version: 5.0.0-beta.131
+version: 5.0.0-beta.132
 appVersion: "v4.1.4"
 type: application
 kubeVersion: ^1.25.0-0

diff --git a/charts/netbox/files/ldap_config.py b/charts/netbox/files/ldap_config.py
@@ -1,6 +1,7 @@
 """
 This file serves as a LDAP configuration for Netbox
-https://netboxlabs.com/docs/netbox/en/stable/configuration/
+https://netboxlabs.com/docs/netbox/en/stable/installation/6-ldap/#configuration
+https://django-auth-ldap.readthedocs.io/en/latest/reference.html
 """
 
 from functools import reduce
@@ -56,7 +57,7 @@ def _import_group_type(group_type_name: str) -> Any | None:
 AUTH_LDAP_USER_SEARCH = LDAPSearch(
     AUTH_LDAP_USER_SEARCH_BASEDN,
     ldap.SCOPE_SUBTREE,
-    "(" + AUTH_LDAP_USER_SEARCH_ATTR + "=%(user)s)",
+    f"({AUTH_LDAP_USER_SEARCH_ATTR}=%(user)s)",
 )
 AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
     AUTH_LDAP_GROUP_SEARCH_BASEDN,
@@ -66,19 +67,16 @@ def _import_group_type(group_type_name: str) -> Any | None:
 AUTH_LDAP_GROUP_TYPE = _import_group_type(AUTH_LDAP_GROUP_TYPE)
 
 # Define a group required to login.
-AUTH_LDAP_REQUIRE_GROUP = reduce(
-    lambda query, group: query | LDAPGroupQuery(group),
-    AUTH_LDAP_REQUIRE_GROUP_LIST,
-    LDAPGroupQuery(""),
-)
-
-# Define special user types using groups. Exercise great caution when assigning superuser status.
-AUTH_LDAP_USER_FLAGS_BY_GROUP = {
-    "is_active": reduce(
+if AUTH_LDAP_REQUIRE_GROUP_LIST:
+    AUTH_LDAP_REQUIRE_GROUP = reduce(
         lambda query, group: query | LDAPGroupQuery(group),
         AUTH_LDAP_REQUIRE_GROUP_LIST,
         LDAPGroupQuery(""),
-    ),
+    )
+
+# Define special user types using groups. Exercise great caution when assigning superuser status.
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+    "is_active": AUTH_LDAP_REQUIRE_GROUP,
     "is_staff": reduce(
         lambda query, group: query | LDAPGroupQuery(group),
         AUTH_LDAP_IS_ADMIN_LIST,

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.black]
 line_length = 100
-target-version = ['py38']
+target-version = ["py38"]
 include = '\.pyi?$'
 exclude = '''
 (
@@ -20,7 +20,13 @@ multi_line_output = 3
 line_length = 100
 
 [tool.pylint.main]
-disable = ["duplicate-code", "import-error", "used-before-assignment", "undefined-variable"]
+disable = [
+  "duplicate-code",
+  "import-error",
+  "possibly-used-before-assignment",
+  "used-before-assignment",
+  "undefined-variable",
+]
 
 [tool.pylint.format]
 max-line-length = "100"