Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
ARN
coin
Commits
4901ca3c
Commit
4901ca3c
authored
Feb 23, 2015
by
Baptiste Jonglez
Browse files
Don't delete users from LDAP before regenerating them (to avoid UID change)
parent
c187697b
Changes
1
Hide whitespace changes
Inline
Side-by-side
coin/members/management/commands/regenerate_ldap_members.py
View file @
4901ca3c
...
...
@@ -9,11 +9,6 @@ from django.conf import settings
from
coin.members.models
import
Member
,
LdapUser
# TODO: currently, we may completely mess up UIDs (attribute "uidNumber"
# in LDAP), because we delete then recreate users, thus potentially
# re-attributing a new uid. If the users are used as Unix users on a
# system, then it's probably not a good idea to change the uid.
class
Command
(
BaseCommand
):
args
=
'[login1 login2 ...]'
help
=
"""Regenerate user objects in the LDAP backend. This is useful if you
...
...
@@ -24,8 +19,12 @@ class Command(BaseCommand):
If --erase-all is passed, then the LDAP database is cleared of all its
users before regenerating users from the local database. Use this
option with caution, as you will lose any user that was present in the
LDAP database but not in the local database."""
option with a lot of caution, as you will lose any user that was
present in the LDAP database but not in the local database.
Additionally, Unix UIDs (attribute "uidNumber" in LDAP) are currently
generated when saving a new user, so --erase-all might lead to
different UIDs after the regeneration. This is certainly a bad idea
if your Unix users are based on LDAP."""
option_list
=
BaseCommand
.
option_list
+
(
make_option
(
'--erase-all'
,
...
...
@@ -54,11 +53,14 @@ class Command(BaseCommand):
login
=
m
.
username
if
options
[
'verbosity'
]
>=
2
:
self
.
stdout
.
write
(
"Regenerating user {login}..."
.
format
(
login
=
login
))
# T
ry deleting the LDAP user first, so that we can recreate it
# T
he user might not exist in LDAP (maybe it was deleted or something)
try
:
LdapUser
.
objects
.
get
(
pk
=
login
).
delete
()
LdapUser
.
objects
.
get
(
pk
=
login
)
m
.
sync_to_ldap
(
creation
=
False
,
update_fields
=
None
)
except
LdapUser
.
DoesNotExist
:
pass
# Create the LDAP user
m
.
sync_to_ldap
(
creation
=
True
,
update_fields
=
None
)
# Create the LDAP user
self
.
stderr
.
write
(
"WARNING: user {login} not found in LDAP, "
"creating it (look at the resulting Unix "
"uidNumber to see if it's ok)."
.
format
(
login
=
login
))
m
.
sync_to_ldap
(
creation
=
True
,
update_fields
=
None
)
self
.
stdout
.
write
(
"Done"
)
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment