Fix #11832: Prevent TypeError by making LDAP group search conditional in settings (#11898)

2026-05-28 03:49:20 +00:00 · 2026-05-14 17:02:20 +05:30
parent a60e85b668
commit 45d95142cc
1 changed files with 21 additions and 12 deletions
@@ -517,20 +517,12 @@ if LDAP_AUTH:  # pragma: no cover
        'INVENTREE_LDAP_CACHE_TIMEOUT', 'ldap.cache_timeout', 3600, int
    )

-    AUTH_LDAP_MIRROR_GROUPS = get_boolean_setting(
-        'INVENTREE_LDAP_MIRROR_GROUPS', 'ldap.mirror_groups', False
-    )
    AUTH_LDAP_GROUP_OBJECT_CLASS = get_setting(
        'INVENTREE_LDAP_GROUP_OBJECT_CLASS',
        'ldap.group_object_class',
        'groupOfUniqueNames',
        str,
    )
-    AUTH_LDAP_GROUP_SEARCH = django_auth_ldap.config.LDAPSearch(
-        get_setting('INVENTREE_LDAP_GROUP_SEARCH', 'ldap.group_search'),
-        ldap.SCOPE_SUBTREE,
-        f'(objectClass={AUTH_LDAP_GROUP_OBJECT_CLASS})',
-    )
    AUTH_LDAP_GROUP_TYPE_CLASS = get_setting(
        'INVENTREE_LDAP_GROUP_TYPE_CLASS',
        'ldap.group_type_class',
@@ -546,9 +538,6 @@ if LDAP_AUTH:  # pragma: no cover
        {'name_attr': 'cn'},
        dict,
    )
-    AUTH_LDAP_GROUP_TYPE = getattr(django_auth_ldap.config, AUTH_LDAP_GROUP_TYPE_CLASS)(
-        *AUTH_LDAP_GROUP_TYPE_CLASS_ARGS, **AUTH_LDAP_GROUP_TYPE_CLASS_KWARGS
-    )
    AUTH_LDAP_REQUIRE_GROUP = get_setting(
        'INVENTREE_LDAP_REQUIRE_GROUP', 'ldap.require_group'
    )
@@ -559,7 +548,27 @@ if LDAP_AUTH:  # pragma: no cover
        default_value=None,
        typecast=dict,
    )
-    AUTH_LDAP_FIND_GROUP_PERMS = True
+
+    # Only configure group search and group permissions if a valid base DN is provided.
+    # Without this guard, passing None to LDAPSearch causes django-auth-ldap to crash
+    # with: TypeError: search_ext() argument 1 must be str, not None
+    # See: https://github.com/inventree/InvenTree/issues/11832
+    _ldap_group_search = get_setting('INVENTREE_LDAP_GROUP_SEARCH', 'ldap.group_search')
+    if _ldap_group_search:
+        AUTH_LDAP_GROUP_SEARCH = django_auth_ldap.config.LDAPSearch(
+            _ldap_group_search,
+            ldap.SCOPE_SUBTREE,
+            f'(objectClass={AUTH_LDAP_GROUP_OBJECT_CLASS})',
+        )
+        AUTH_LDAP_GROUP_TYPE = getattr(
+            django_auth_ldap.config, AUTH_LDAP_GROUP_TYPE_CLASS
+        )(*AUTH_LDAP_GROUP_TYPE_CLASS_ARGS, **AUTH_LDAP_GROUP_TYPE_CLASS_KWARGS)
+        AUTH_LDAP_MIRROR_GROUPS = get_boolean_setting(
+            'INVENTREE_LDAP_MIRROR_GROUPS', 'ldap.mirror_groups', False
+        )
+        AUTH_LDAP_FIND_GROUP_PERMS = True
+    else:
+        AUTH_LDAP_FIND_GROUP_PERMS = False

 # Allow secure http developer server in debug mode
 if DEBUG: