From 2c69d433e91e0377d5de41ca36d861763b1e6581 Mon Sep 17 00:00:00 2001
From: Aaron Tan <jangsutsr@gmail.com>
Date: Fri, 30 Jun 2017 15:30:59 -0400
Subject: [PATCH] LDAP setting fields validation updates.

---
 awx/sso/conf.py       |  2 +-
 awx/sso/fields.py     | 13 ++++++++++++-
 awx/sso/validators.py |  3 ++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/awx/sso/conf.py b/awx/sso/conf.py
index f682f429b3..e61dd74ce2 100644
--- a/awx/sso/conf.py
+++ b/awx/sso/conf.py
@@ -216,7 +216,7 @@ register(
                 'mapped into an Tower organization (as defined in the '
                 'AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries '
                 'need to be supported use of "LDAPUnion" is possible. See '
-                'python-ldap documentation as linked at the top of this section.'),
+                'Tower documentation for details.'),
     category=_('LDAP'),
     category_slug='ldap',
     placeholder=(
diff --git a/awx/sso/fields.py b/awx/sso/fields.py
index 338178b288..0ff4b902a5 100644
--- a/awx/sso/fields.py
+++ b/awx/sso/fields.py
@@ -269,7 +269,18 @@ class LDAPSearchUnionField(fields.ListField):
         if len(data) == 3 and isinstance(data[0], basestring):
             return self.ldap_search_field_class().run_validation(data)
         else:
-            return LDAPSearchUnion(*[self.ldap_search_field_class().run_validation(x) for x in data])
+            search_args = []
+            for i in range(len(data)):
+                if not isinstance(data[i], list):
+                    raise ValidationError('In order to ultilize LDAP Union, input element No. %d'
+                                          ' should be a search query array.' % (i + 1))
+                try:
+                    search_args.append(self.ldap_search_field_class().run_validation(data[i]))
+                except Exception as e:
+                    if hasattr(e, 'detail') and isinstance(e.detail, list):
+                        e.detail.insert(0, "Error parsing LDAP Union element No. %d:" % (i + 1))
+                    raise e
+            return LDAPSearchUnion(*search_args)
 
 
 class LDAPUserAttrMapField(fields.DictField):
diff --git a/awx/sso/validators.py b/awx/sso/validators.py
index 6a34a2c731..172c21593c 100644
--- a/awx/sso/validators.py
+++ b/awx/sso/validators.py
@@ -32,7 +32,8 @@ def validate_ldap_dn_with_user(value):
 
 
 def validate_ldap_bind_dn(value):
-    if not re.match(r'^[A-Za-z][A-Za-z0-9._-]*?\\[A-Za-z0-9 ._-]+?$', value.strip()):
+    if not re.match(r'^[A-Za-z][A-Za-z0-9._-]*?\\[A-Za-z0-9 ._-]+?$', value.strip()) and \
+            not re.match(r'^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$', value.strip()):
         validate_ldap_dn(value)