[ldapfeed] use LDAP_SCOPES to find user-scope
We already have LDAP_SCOPES dict defining possible scopes, this avoid possible code injection from config...
Thus we can drop global variables already defined in LDAP_SCOPES since they are not used directly anymore.
--- a/cubicweb/server/sources/ldapfeed.py Tue Feb 25 22:18:15 2020 +0100
+++ b/cubicweb/server/sources/ldapfeed.py Tue Feb 25 22:45:42 2020 +0100
@@ -30,12 +30,10 @@
from cubicweb import _
# search scopes
-BASE = ldap3.SEARCH_SCOPE_BASE_OBJECT
-ONELEVEL = ldap3.SEARCH_SCOPE_SINGLE_LEVEL
-SUBTREE = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE
-LDAP_SCOPES = {'BASE': BASE,
- 'ONELEVEL': ONELEVEL,
- 'SUBTREE': SUBTREE}
+LDAP_SCOPES = {'BASE': ldap3.SEARCH_SCOPE_BASE_OBJECT,
+ 'ONELEVEL': ldap3.SEARCH_SCOPE_SINGLE_LEVEL,
+ 'SUBTREE': ldap3.SEARCH_SCOPE_WHOLE_SUBTREE}
+
# map ldap protocol to their standard port
PROTO_PORT = {'ldap': 389,
@@ -195,7 +193,7 @@
self.cnx_dn = typedconfig['data-cnx-dn']
self.cnx_pwd = typedconfig['data-cnx-password']
self.user_base_dn = str(typedconfig['user-base-dn'])
- self.user_base_scope = globals()[typedconfig['user-scope']]
+ self.user_base_scope = LDAP_SCOPES[typedconfig['user-scope']]
self.user_login_attr = typedconfig['user-login-attr']
self.user_default_groups = typedconfig['user-default-group']
self.user_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'}