beaker-refresh-ldap fails - user lacks email addr

Some Beaker installations learns user via ldap groups. One user did not have an email address resulting in beaker-refresh-ldap raising an exception: KeyError: 'mail'. Offending line is here: File "/usr/lib/python2.7/site-packages/bkr/server/model/identity.py", line 301, in by_user_name user.email_address = attrs['mail'][0].decode('utf8') KeyError: 'mail' When this exception is encountered, beaker-refresh-ldap stops learning other users. Fix: When missing any required key attributes (Mail, uid, cn), the user will not be returned and as a result will not be learned without raising an exception. This allows beaker-refresh-ldap to continue learning other users.
beaker-project · Dec 4, 2024 · 158d2b7 · 158d2b7
1 parent 97c7855
commit 158d2b7
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/IntegrationTests/src/bkr/inttest/ldap-data.ldif b/IntegrationTests/src/bkr/inttest/ldap-data.ldif
@@ -104,6 +104,20 @@ gidNumber: 15554
 homeDirectory: /home/lol
 mail: [email protected]
 
+dn: uid=nomailattr,ou=users,dc=example,dc=invalid
+objectClass: top
+objectClass: person
+objectClass: organizationalperson
+objectClass: inetorgperson
+objectClass: posixAccount
+cn: NoMail Attribute
+givenName: NoMail
+sn: nomailattr
+uid: nomailattr
+uidNumber: 15555
+gidNumber: 15555
+homeDirectory: /home/nomailattr
+
 dn: cn=my_ldap_group,ou=groups,dc=example,dc=invalid
 objectClass: top
 objectClass: posixGroup
@@ -124,6 +138,7 @@ objectClass: posixGroup
 gidNumber: 5519
 cn: alp
 memberUid: jgillard
+memberUid: nomailattr
 
 dn: cn=wyfp,ou=groups,dc=example,dc=invalid
 objectClass: top

diff --git a/IntegrationTests/src/bkr/inttest/server/tools/test_refresh_ldap.py b/IntegrationTests/src/bkr/inttest/server/tools/test_refresh_ldap.py
@@ -25,6 +25,9 @@ def test_version(self):
         self.assertEquals(out.strip(), __version__)
 
     def test_refresh_ldap_group_membership(self):
+        # Testing two things with this test.  That jgillard is
+        # learned AND user 'nomailattr' is NOT learned since it is
+        # missing the 'mail' attribute.
         with session.begin():
             group = Group(group_name=u'alp',
                     display_name=u'Australian Labor Party',

diff --git a/Server/bkr/server/model/identity.py b/Server/bkr/server/model/identity.py
@@ -291,9 +291,15 @@ def by_user_name(cls, user_name):
             elif(len(objects) > 1):
                 return None
             attrs = objects[0][1]
+            if ('uid' not in attrs.keys() or 'cn' not in attrs.keys() or
+                'mail' not in attrs.keys()):
+                log.debug('Missing attribute for this LDAP user %s ', user_name)
+                return None
             # LDAP normalization rules means that we might have found a user
             # who doesn't actually match the username we were given.
             if attrs['uid'][0].decode('utf8') != user_name:
+                log.debug('UserID attribute does not match this LDAP user %s ',
+                          user_name)
                 return None
             user = User()
             user.user_name = attrs['uid'][0].decode('utf8')