From a54cb6aeb8e25dc4d7ea50decfdf12e6146831d9 Mon Sep 17 00:00:00 2001
From: Esa Jokinen <esa@esajokinen.net>
Date: Mon, 25 Dec 2023 21:43:27 +0200
Subject: [PATCH] [FIX] users_ldap_groups: safe LDAP decode

The group mapping in query mode fails if LDAP returns binary data in any
of the fields. This adds a function that handles such situation by
base64 encoding it.
---
 .../models/res_company_ldap_operator.py             | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/users_ldap_groups/models/res_company_ldap_operator.py b/users_ldap_groups/models/res_company_ldap_operator.py
index 2436754a0c..44e7b8fd85 100644
--- a/users_ldap_groups/models/res_company_ldap_operator.py
+++ b/users_ldap_groups/models/res_company_ldap_operator.py
@@ -32,10 +32,21 @@ def equals(self, ldap_entry, mapping):
 
     def query(self, ldap_entry, mapping):
         query_string = Template(mapping.value).safe_substitute(
-            {attr: ldap_entry[1][attr][0].decode() for attr in ldap_entry[1]}
+            {
+                attr: self.safe_ldap_decode(ldap_entry[1][attr][0])
+                for attr in ldap_entry[1]
+            }
         )
 
         results = mapping.ldap_id._query(mapping.ldap_id.read()[0], query_string)
         _logger.debug('Performed LDAP query "%s" results: %s', query_string, results)
 
         return bool(results)
+
+    def safe_ldap_decode(self, attr):
+        import base64
+
+        try:
+            return attr.decode()
+        except UnicodeDecodeError:
+            return base64.b64encode(attr)