LDAP requires a filter string, (objectClass=*) if not available

Marco Martinez · Marco Martinez · commit 89f867731f2a · 2015-01-14T14:09:50.000-08:00
diff --git a/src/who_ldap/__init__.py b/src/who_ldap/__init__.py
@@ -263,7 +263,7 @@ def __init__(self,
 
         self.name = name
         self.attributes = \
-            list(attributes_map.keys()) if attributes_map else None
+            list(attributes_map.keys()) if attributes_map else ALL_ATTRIBUTES
         self._attributes_map = attributes_map
         self.filterstr = filterstr
         self.flatten = str(flatten)[0].lower() == 't'
@@ -279,26 +279,25 @@ def add_metadata(self, environ, identity):
                 logger.error('Cannot establish connection')
                 return
 
-            dn = extract_userdata(identity)
-
-            if not dn:
-                logger.error('Malformed userdata')
-                return
-
+            # Behave like search if filterstr is specified, otherwise use base
             if self.filterstr:
-                status = conn.search('',
-                                     self.filterstr.format(identity=identity),
-                                     SEARCH_SCOPE_WHOLE_SUBTREE,
-                                     attributes=(ALL_ATTRIBUTES
-                                                 if self.attributes is None
-                                                 else self.attributes))
+                search_scope = SEARCH_SCOPE_WHOLE_SUBTREE
+                filterstr = self.filterstr.format(identity=identity)
+                # XXX This might need to be a setting?
+                base_dn = ''
             else:
-                status = conn.search(dn,
-                                     self.filterstr,
-                                     SEARCH_SCOPE_BASE_OBJECT,
-                                     attributes=(ALL_ATTRIBUTES
-                                                 if self.attributes is None
-                                                 else self.attributes))
+                search_scope = SEARCH_SCOPE_BASE_OBJECT
+                filterstr = '(objectClass=*)'   # ldap requires a filter string
+                base_dn = extract_userdata(identity)
+                if not base_dn:
+                    logger.error('Malformed userdata')
+                    return
+
+            status = conn.search(
+                base_dn,
+                filterstr,
+                search_scope,
+                attributes=self.attributes)
 
             if not status:
                 logger.error(
