Replace simplistic check in has_dn_format

Use python-ldap's explode_dn, which (hopefully) rejects invalid DNs.
2016-03-02 17:59:07 +01:00
parent 13c6566c7f
commit b8a7e6d275
1 changed files with 6 additions and 4 deletions
--- a/ldapuserdir/ldapuserdir.py
+++ b/ldapuserdir/ldapuserdir.py
@@ -110,12 +110,14 @@ class LdapUserDir(object):

    @staticmethod
    def has_dn_format(name):
-        """returns true if name has the format of a distinguished name
+        """Returns true iff name has the format of a distinguished name
        """
-        # currently we are satisfied with a very primitive check
-        if ',' in name:
+        try:
+            ldap.explode_dn(name)
+        except Exception:
+            return False
+        else:
            return True
-        return False

    @staticmethod
    def dn_to_cn(dn):