Fix parsing of search response

We were using conn.response but should have used conn.entries as we only cared for search results and not other kinds of messages that could be part of conn.response.
jupyterhub · Nov 1, 2024 · 3ffc6ba · 3ffc6ba
1 parent 0af43b8
commit 3ffc6ba
Showing 1 changed file with 12 additions and 9 deletions.
diff --git a/ldapauthenticator/ldapauthenticator.py b/ldapauthenticator/ldapauthenticator.py
@@ -455,25 +455,25 @@ def resolve_username(self, username_supplied_by_user):
             search_filter=search_filter,
             attributes=[self.lookup_dn_user_dn_attribute],
         )
-        response = conn.response
-        if len(response) == 0:
+        n_entries = len(conn.entries)
+        if n_entries == 0:
             self.log.warning(
                 f"Failed to lookup a DN for username '{username_supplied_by_user}'"
             )
             return (None, None)
-        if len(response) > 1:
+        if n_entries > 1:
             self.log.warning(
                 f"Failed to lookup a unique DN for username '{username_supplied_by_user}'"
             )
             return (None, None)
-        if "attributes" not in response[0].keys():
+        if "attributes" not in conn.entries[0].keys():
             self.log.warning(
                 f"Failed to lookup attribute '{self.lookup_dn_user_dn_attribute}' for username '{username_supplied_by_user}'"
             )
             return (None, None)
 
-        userdn = response[0]["dn"]
-        username = response[0]["attributes"][self.lookup_dn_user_dn_attribute]
+        userdn = conn.entries[0]["dn"]
+        username = conn.entries[0]["attributes"][self.lookup_dn_user_dn_attribute]
         if isinstance(username, list):
             if len(username) == 0:
                 return (None, None)
@@ -547,6 +547,9 @@ def get_user_attributes(self, conn, userdn):
                 search_filter="(objectClass=*)",
                 attributes=self.auth_state_attributes,
             )
+            # FIXME: Handle situations with multiple entries below or comment
+            #        why its not important to do.
+            #
             if found:
                 attrs = conn.entries[0].entry_attributes_as_dict
         return attrs
@@ -632,14 +635,14 @@ async def authenticate(self, handler, data):
                 ),
                 attributes=self.attributes,
             )
-            n_users = len(conn.response)
-            if n_users == 0:
+            n_entries = len(conn.entries)
+            if n_entries == 0:
                 self.log.warning(
                     "Configured search_filter found no user associated with "
                     f"userattr='{self.user_attribute}' and username='{resolved_username}'"
                 )
                 return None
-            if n_users > 1:
+            if n_entries > 1:
                 self.log.warning(
                     "Configured search_filter found multiple users associated with "
                     f"userattr='{self.user_attribute}' and username='{resolved_username}', "