Merge pull request #4884 from ryanpetrello/release_3.1.0

fix an LDAP settings bug which can cause LDAP auth to fail
2026-01-22 15:08:03 -03:30 · 2017-01-23 15:56:00 -05:00 · 2017-01-23 15:56:00 -05:00 · 5253634c72
commit 5253634c72
parent 5930fb1a10 40a5c6cc0b
2 changed files with 27 additions and 0 deletions
--- a/awx/main/tests/functional/api/test_settings.py
+++ b/awx/main/tests/functional/api/test_settings.py
@ -86,6 +86,21 @@ def test_ldap_settings(get, put, patch, delete, admin, enterprise_license):
    patch(url, user=admin, data={'AUTH_LDAP_SERVER_URI': 'ldap://ldap.example.com, ldap://ldap2.example.com'}, expect=200)


+@pytest.mark.parametrize('setting', [
+    'AUTH_LDAP_USER_DN_TEMPLATE',
+    'AUTH_LDAP_REQUIRE_GROUP',
+    'AUTH_LDAP_DENY_GROUP',
+])
+@pytest.mark.django_db
+def test_empty_ldap_dn(get, put, patch, delete, admin, enterprise_license,
+                       setting):
+    url = reverse('api:setting_singleton_detail', args=('ldap',))
+    Setting.objects.create(key='LICENSE', value=enterprise_license)
+    patch(url, user=admin, data={setting: ''}, expect=200)
+    resp = get(url, user=admin, expect=200)
+    assert resp.data[setting] is None
+
+
@pytest.mark.django_db
 def test_radius_settings(get, put, patch, delete, admin, enterprise_license, settings):
    url = reverse('api:setting_singleton_detail', args=('radius',))
--- a/awx/sso/fields.py
+++ b/awx/sso/fields.py
@ -153,6 +153,12 @@ class LDAPDNField(fields.CharField):
        super(LDAPDNField, self).__init__(**kwargs)
        self.validators.append(validate_ldap_dn)

+    def run_validation(self, data=empty):
+        value = super(LDAPDNField, self).run_validation(data)
+        # django-auth-ldap expects DN fields (like AUTH_LDAP_REQUIRE_GROUP)
+        # to be either a valid string or ``None`` (not an empty string)
+        return None if value == '' else value
+

 class LDAPDNWithUserField(fields.CharField):

@ -160,6 +166,12 @@ class LDAPDNWithUserField(fields.CharField):
        super(LDAPDNWithUserField, self).__init__(**kwargs)
        self.validators.append(validate_ldap_dn_with_user)

+    def run_validation(self, data=empty):
+        value = super(LDAPDNWithUserField, self).run_validation(data)
+        # django-auth-ldap expects DN fields (like AUTH_LDAP_USER_DN_TEMPLATE)
+        # to be either a valid string or ``None`` (not an empty string)
+        return None if value == '' else value
+

 class LDAPFilterField(fields.CharField):