# HG changeset patch # User Philippe Pepiot # Date 1582667142 -3600 # Node ID ba528f08ddfa57e09328a4c96da19e0c82a8ff85 # Parent 4942a6ebf21b3bf90785cfabab134418e3bfe3b4 [ldapfeed] use LDAP_SCOPES to find user-scope We already have LDAP_SCOPES dict defining possible scopes, this avoid possible code injection from config... Thus we can drop global variables already defined in LDAP_SCOPES since they are not used directly anymore. diff -r 4942a6ebf21b -r ba528f08ddfa cubicweb/server/sources/ldapfeed.py --- a/cubicweb/server/sources/ldapfeed.py Tue Feb 25 22:18:15 2020 +0100 +++ b/cubicweb/server/sources/ldapfeed.py Tue Feb 25 22:45:42 2020 +0100 @@ -30,12 +30,10 @@ from cubicweb import _ # search scopes -BASE = ldap3.SEARCH_SCOPE_BASE_OBJECT -ONELEVEL = ldap3.SEARCH_SCOPE_SINGLE_LEVEL -SUBTREE = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE -LDAP_SCOPES = {'BASE': BASE, - 'ONELEVEL': ONELEVEL, - 'SUBTREE': SUBTREE} +LDAP_SCOPES = {'BASE': ldap3.SEARCH_SCOPE_BASE_OBJECT, + 'ONELEVEL': ldap3.SEARCH_SCOPE_SINGLE_LEVEL, + 'SUBTREE': ldap3.SEARCH_SCOPE_WHOLE_SUBTREE} + # map ldap protocol to their standard port PROTO_PORT = {'ldap': 389, @@ -195,7 +193,7 @@ self.cnx_dn = typedconfig['data-cnx-dn'] self.cnx_pwd = typedconfig['data-cnx-password'] self.user_base_dn = str(typedconfig['user-base-dn']) - self.user_base_scope = globals()[typedconfig['user-scope']] + self.user_base_scope = LDAP_SCOPES[typedconfig['user-scope']] self.user_login_attr = typedconfig['user-login-attr'] self.user_default_groups = typedconfig['user-default-group'] self.user_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'}