New Component: Streamlit-Ldap-Authenticator

Hi @Kaizen63,

I can’t remove Connection from callback as it is required when additional check like whether user is in the organization and so on which require the alive connection to get additional information like user’s manager information. I need that for my application.

As a quick workaround, I clear the password from Connection Object after the connection bind like below and I have uploaded ver 0.2.3 in pypi.

conn = Connection(server, username, password, auto_bind=False, auto_referrals=False, raise_exceptions=False)
conn.bind()
conn.password = None

Thanks for highlighting this security issue.

With Regards,
Nathan

1 Like

Thank you again Nathan for the fast resonse!
That works for now. I am still concerned that this vulnerability is in a widely used library and nobody is concerned.

Here is the link to the issue: Please remove password from the Connection class · Issue #1136 · cannatag/ldap3 · GitHub
Please support.

Kind Regards
Kai Poitschke

1 Like

Hello Nathan, just saw v 0.2.4 is out. What did change?

Hi Kaizen, ver 0.2.4 is fix for Cookie handler issue 'SigninEvent' object has no attribute 'remember' error when don’t want to use cookie.