Ensure unique user in search result for get_user_attributes

jupyterhub · Nov 1, 2024 · ccd244f · ccd244f
1 parent 148eeb8
commit ccd244f
Showing 1 changed file with 15 additions and 5 deletions.
diff --git a/ldapauthenticator/ldapauthenticator.py b/ldapauthenticator/ldapauthenticator.py
@@ -544,16 +544,26 @@ def get_connection(self, userdn, password):
     def get_user_attributes(self, conn, userdn):
         attrs = {}
         if self.auth_state_attributes:
-            found = conn.search(
+            conn.search(
                 search_base=userdn,
                 search_scope=ldap3.SUBTREE,
                 search_filter="(objectClass=*)",
                 attributes=self.auth_state_attributes,
             )
-            # FIXME: Handle situations with multiple entries below or comment
-            #        why its not important to do.
-            #
-            if found:
+
+            # identify unique search response entry
+            n_entries = len(conn.entries)
+            if n_entries == 0:
+                self.log.warning(
+                    "Failed to get a search response entry when looking up auth_state_attributes "
+                    f"'{', '.join(self.auth_state_attributes)}' for DN '{userdn}'"
+                )
+            elif n_entries > 1:
+                self.log.warning(
+                    "Failed to get a unique search response entry when looking up auth_state_attributes "
+                    f"'{', '.join(self.auth_state_attributes)}' for DN '{userdn}'"
+                )
+            else:
                 attrs = conn.entries[0].entry_attributes_as_dict
         return attrs