LDAP bug with no search bind auth

[Matt Chapman]

Hello,

I'm new here, so please for if I'm the wrong place, and let me know where I should report bugs.

I might be missing something, but looking at 'apps/useradmin/src/useradmin/ldap_access.py' in get_connection(ldap_config), there is a conditional for whether or not search_bind_authentication is enabled. But in case it is not, it still tries to use a configured username, which would be absent from the config in case of using direct bind, leading to an attempt to authenticate as "No...@domain.tld" and a fatal error.

However, I only hit this code path after enabling 'sync_groups_on_login' in hue.ini. I'm new enough to LDAP concepts that I'm not sure if there is some fundamental incompatibility between using Direct Bind Auth and Sync'ing groups, but even if so, it seems this could be handled more gracefully than the current fatal error.

Let me know if I can provide any further details to help track down this bug, if it is actually a bug.

All the Best,

Matt