Accueil Explorer Aide
Connexion
FFDN
/
coin
12
3
Fork 17
Fichiers Tickets 55 Pull Requests 6 Wiki
Parcourir la source

Don't delete users from LDAP before regenerating them (to avoid UID change)

Baptiste Jonglez il y a 10 ans
Parent
c187697b90
commit
4901ca3cdd
1 fichiers modifiés avec 14 ajouts et 12 suppressions
Vue séparée Afficher les stats Diff
  1. 14 12
      coin/members/management/commands/regenerate_ldap_members.py

+ 14 - 12
coin/members/management/commands/regenerate_ldap_members.py
Voir le fichier 

@@ -9,11 +9,6 @@ from django.conf import settings
 
 from coin.members.models import Member, LdapUser
 
 
 
-# TODO: currently, we may completely mess up UIDs (attribute "uidNumber"
 
-# in LDAP), because we delete then recreate users, thus potentially
 
-# re-attributing a new uid.  If the users are used as Unix users on a
 
-# system, then it's probably not a good idea to change the uid.
 
-
 
 class Command(BaseCommand):
 
     args = '[login1 login2 ...]'
 
     help = """Regenerate user objects in the LDAP backend.  This is useful if you
 
@@ -24,8 +19,12 @@ class Command(BaseCommand):
 
 
     If --erase-all is passed, then the LDAP database is cleared of all its
 
     users before regenerating users from the local database.  Use this
 
-    option with caution, as you will lose any user that was present in the
 
-    LDAP database but not in the local database."""
 
+    option with a lot of caution, as you will lose any user that was
 
+    present in the LDAP database but not in the local database.
 
+    Additionally, Unix UIDs (attribute "uidNumber" in LDAP) are currently
 
+    generated when saving a new user, so --erase-all might lead to
 
+    different UIDs after the regeneration.  This is certainly a bad idea
 
+    if your Unix users are based on LDAP."""
 
 
     option_list = BaseCommand.option_list + (
 
         make_option('--erase-all',
 
@@ -54,11 +53,14 @@ class Command(BaseCommand):
 
             login = m.username
 
             if options['verbosity'] >= 2:
 
                 self.stdout.write("Regenerating user {login}...".format(login=login))
 
-            # Try deleting the LDAP user first, so that we can recreate it
 
+            # The user might not exist in LDAP (maybe it was deleted or something)
 
             try:
 
-                LdapUser.objects.get(pk=login).delete()
 
+                LdapUser.objects.get(pk=login)
 
+                m.sync_to_ldap(creation=False, update_fields=None)
 
             except LdapUser.DoesNotExist:
 
-                pass
 
-            # Create the LDAP user
 
-            m.sync_to_ldap(creation=True, update_fields=None)
 
+                # Create the LDAP user
 
+                self.stderr.write("WARNING: user {login} not found in LDAP, "
 
+                                  "creating it (look at the resulting Unix "
 
+                                  "uidNumber to see if it's ok).".format(login=login))
 
+                m.sync_to_ldap(creation=True, update_fields=None)
 
         self.stdout.write("Done")