|
@@ -9,11 +9,6 @@ from django.conf import settings
|
|
|
from coin.members.models import Member, LdapUser
|
|
from coin.members.models import Member, LdapUser
|
|
|
|
|
|
|
|
|
|
|
|
|
-# TODO: currently, we may completely mess up UIDs (attribute "uidNumber"
|
|
|
|
|
-# in LDAP), because we delete then recreate users, thus potentially
|
|
|
|
|
-# re-attributing a new uid. If the users are used as Unix users on a
|
|
|
|
|
-# system, then it's probably not a good idea to change the uid.
|
|
|
|
|
-
|
|
|
|
|
class Command(BaseCommand):
|
|
class Command(BaseCommand):
|
|
|
args = '[login1 login2 ...]'
|
|
args = '[login1 login2 ...]'
|
|
|
help = """Regenerate user objects in the LDAP backend. This is useful if you
|
|
help = """Regenerate user objects in the LDAP backend. This is useful if you
|
|
@@ -24,8 +19,12 @@ class Command(BaseCommand):
|
|
|
|
|
|
|
|
If --erase-all is passed, then the LDAP database is cleared of all its
|
|
If --erase-all is passed, then the LDAP database is cleared of all its
|
|
|
users before regenerating users from the local database. Use this
|
|
users before regenerating users from the local database. Use this
|
|
|
- option with caution, as you will lose any user that was present in the
|
|
|
|
|
- LDAP database but not in the local database."""
|
|
|
|
|
|
|
+ option with a lot of caution, as you will lose any user that was
|
|
|
|
|
+ present in the LDAP database but not in the local database.
|
|
|
|
|
+ Additionally, Unix UIDs (attribute "uidNumber" in LDAP) are currently
|
|
|
|
|
+ generated when saving a new user, so --erase-all might lead to
|
|
|
|
|
+ different UIDs after the regeneration. This is certainly a bad idea
|
|
|
|
|
+ if your Unix users are based on LDAP."""
|
|
|
|
|
|
|
|
option_list = BaseCommand.option_list + (
|
|
option_list = BaseCommand.option_list + (
|
|
|
make_option('--erase-all',
|
|
make_option('--erase-all',
|
|
@@ -54,11 +53,14 @@ class Command(BaseCommand):
|
|
|
login = m.username
|
|
login = m.username
|
|
|
if options['verbosity'] >= 2:
|
|
if options['verbosity'] >= 2:
|
|
|
self.stdout.write("Regenerating user {login}...".format(login=login))
|
|
self.stdout.write("Regenerating user {login}...".format(login=login))
|
|
|
- # Try deleting the LDAP user first, so that we can recreate it
|
|
|
|
|
|
|
+ # The user might not exist in LDAP (maybe it was deleted or something)
|
|
|
try:
|
|
try:
|
|
|
- LdapUser.objects.get(pk=login).delete()
|
|
|
|
|
|
|
+ LdapUser.objects.get(pk=login)
|
|
|
|
|
+ m.sync_to_ldap(creation=False, update_fields=None)
|
|
|
except LdapUser.DoesNotExist:
|
|
except LdapUser.DoesNotExist:
|
|
|
- pass
|
|
|
|
|
- # Create the LDAP user
|
|
|
|
|
- m.sync_to_ldap(creation=True, update_fields=None)
|
|
|
|
|
|
|
+ # Create the LDAP user
|
|
|
|
|
+ self.stderr.write("WARNING: user {login} not found in LDAP, "
|
|
|
|
|
+ "creating it (look at the resulting Unix "
|
|
|
|
|
+ "uidNumber to see if it's ok).".format(login=login))
|
|
|
|
|
+ m.sync_to_ldap(creation=True, update_fields=None)
|
|
|
self.stdout.write("Done")
|
|
self.stdout.write("Done")
|
Baptiste Jonglez