From 482f949c097ed4faadea629082c5067cf169062e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89loi=20Rivard?= <eloi.rivard@nubla.fr>
Date: Thu, 15 Dec 2022 12:41:31 +0100
Subject: [PATCH] Fixed LDAP operational attributes handling

---
 CHANGES.rst                         |  5 +++++
 canaille/ldap_backend/ldapobject.py | 10 ++++++++--
 tests/ldap/test_utils.py            | 26 ++++++++++++++++++++++++++
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index a4075a4b..19f2b517 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -3,6 +3,11 @@ All notable changes to this project will be documented in this file.
 The format is based on `Keep a Changelog <https://keepachangelog.com/en/1.0.0/>`_,
 and this project adheres to `Semantic Versioning <https://semver.org/spec/v2.0.0.html>`_.
 
+Fixed
+*****
+
+- Fixed LDAP operational attributes handling.
+
 [0.0.15] - 2022-12-15
 =====================
 
diff --git a/canaille/ldap_backend/ldapobject.py b/canaille/ldap_backend/ldapobject.py
index 619c69d8..5beee02c 100644
--- a/canaille/ldap_backend/ldapobject.py
+++ b/canaille/ldap_backend/ldapobject.py
@@ -161,9 +161,12 @@ class LDAPObject:
 
     @staticmethod
     def ldap_attrs_to_python(attrs):
+        ldap_attrs = LDAPObject.ldap_object_attributes()
         return {
             name: [
-                ldap_to_python(value, LDAPObject.ldap_object_attributes()[name].syntax)
+                ldap_to_python(
+                    value, ldap_attrs[name].syntax if name in ldap_attrs else None
+                )
                 for value in values
             ]
             for name, values in attrs.items()
@@ -171,9 +174,12 @@ class LDAPObject:
 
     @staticmethod
     def python_attrs_to_ldap(attrs):
+        ldap_attrs = LDAPObject.ldap_object_attributes()
         return {
             name: [
-                python_to_ldap(value, LDAPObject.ldap_object_attributes()[name].syntax)
+                python_to_ldap(
+                    value, ldap_attrs[name].syntax if name in ldap_attrs else None
+                )
                 for value in values
             ]
             for name, values in attrs.items()
diff --git a/tests/ldap/test_utils.py b/tests/ldap/test_utils.py
index 99dd0907..1172597a 100644
--- a/tests/ldap/test_utils.py
+++ b/tests/ldap/test_utils.py
@@ -1,6 +1,7 @@
 import datetime
 
 import ldap.dn
+from canaille.ldap_backend.ldapobject import LDAPObject
 from canaille.ldap_backend.utils import ldap_to_python
 from canaille.ldap_backend.utils import python_to_ldap
 from canaille.ldap_backend.utils import Syntax
@@ -103,3 +104,28 @@ def test_python_to_ldap():
     assert ldap_to_python(b"foobar", Syntax.DIRECTORY_STRING) == "foobar"
 
     assert ldap_to_python(b"foobar", Syntax.JPEG) == b"foobar"
+
+
+def test_operational_attribute_conversion(slapd_connection):
+    assert "oauthClientName" in LDAPObject.ldap_object_attributes(slapd_connection)
+    assert "invalidAttribute" not in LDAPObject.ldap_object_attributes(slapd_connection)
+
+    assert LDAPObject.ldap_attrs_to_python(
+        {
+            "oauthClientName": [b"foobar_name"],
+            "invalidAttribute": [b"foobar"],
+        }
+    ) == {
+        "oauthClientName": ["foobar_name"],
+        "invalidAttribute": ["foobar"],
+    }
+
+    assert LDAPObject.python_attrs_to_ldap(
+        {
+            "oauthClientName": ["foobar_name"],
+            "invalidAttribute": ["foobar"],
+        }
+    ) == {
+        "oauthClientName": [b"foobar_name"],
+        "invalidAttribute": [b"foobar"],
+    }