FAQ | This is a LIVE service | Changelog

Support Lookup LDAP server login credentials for testing outside of CUDN

When testing outside of the CUDN (and not on the VPN), the Lookup LDAP server must be accessed with an SSL protected connection and appropriate login credentials. To facilitate testing, the synchronisation tool should support access via such a secured connection.

A suitable test user is uis-devops-bot (credentials in 1password and general documentation repo), and the credentials could be specified in the configuration file passed to the gsuitesync tool (in the ldap section).

Proposed code changes are:

diff --git a/gsuitesync/ldap.py b/gsuitesync/ldap.py
index 6937bdd..f6426a0 100644
--- a/gsuitesync/ldap.py
+++ b/gsuitesync/ldap.py
@@ -36,6 +36,10 @@ class Configuration(ConfigurationDataclassMixin):
 
     eligible_inst_filter: str
 
+    username: str = None
+
+    password: str = None
+
     managed_user_filter: typing.Union[str, None] = None
 
     managed_group_filter: typing.Union[str, None] = None
@@ -166,10 +170,21 @@ class Configuration(ConfigurationDataclassMixin):
         return managed_insts
 
     def _search(self, *, search_base, search_filter, attributes):
-        ldap_server = ldap3.Server(self.host)
-        with ldap3.Connection(ldap_server, auto_bind=True) as conn:
-            return conn.extend.standard.paged_search(
-                search_base, search_filter, paged_size=1000, attributes=attributes)
+        if self.username is None or self.password is None:
+            # No username and/or password specified, so assume the LDAP server can be connected to
+            # without credentials
+            ldap_server = ldap3.Server(self.host)
+            with ldap3.Connection(ldap_server, auto_bind=True) as conn:
+                return conn.extend.standard.paged_search(
+                    search_base, search_filter, paged_size=1000, attributes=attributes)
+        else:
+            # Username and password specified, so use SSL and login credentials to access the
+            # LDAP server
+            ldap_server = ldap3.Server(self.host, use_ssl=True)
+            with ldap3.Connection(ldap_server, auto_bind=True,
+                                  user=self.username, password=self.password) as conn:
+                return conn.extend.standard.paged_search(
+                    search_base, search_filter, paged_size=1000, attributes=attributes)
 
 
 def _extract(entry, attr, *, default=''):
Edited by Dave Hart