Commit 4901ca3c authored by Baptiste Jonglez's avatar Baptiste Jonglez
Browse files

Don't delete users from LDAP before regenerating them (to avoid UID change)

parent c187697b
......@@ -9,11 +9,6 @@ from django.conf import settings
from coin.members.models import Member, LdapUser
# TODO: currently, we may completely mess up UIDs (attribute "uidNumber"
# in LDAP), because we delete then recreate users, thus potentially
# re-attributing a new uid. If the users are used as Unix users on a
# system, then it's probably not a good idea to change the uid.
class Command(BaseCommand):
args = '[login1 login2 ...]'
help = """Regenerate user objects in the LDAP backend. This is useful if you
......@@ -24,8 +19,12 @@ class Command(BaseCommand):
If --erase-all is passed, then the LDAP database is cleared of all its
users before regenerating users from the local database. Use this
option with caution, as you will lose any user that was present in the
LDAP database but not in the local database."""
option with a lot of caution, as you will lose any user that was
present in the LDAP database but not in the local database.
Additionally, Unix UIDs (attribute "uidNumber" in LDAP) are currently
generated when saving a new user, so --erase-all might lead to
different UIDs after the regeneration. This is certainly a bad idea
if your Unix users are based on LDAP."""
option_list = BaseCommand.option_list + (
make_option('--erase-all',
......@@ -54,11 +53,14 @@ class Command(BaseCommand):
login = m.username
if options['verbosity'] >= 2:
self.stdout.write("Regenerating user {login}...".format(login=login))
# Try deleting the LDAP user first, so that we can recreate it
# The user might not exist in LDAP (maybe it was deleted or something)
try:
LdapUser.objects.get(pk=login).delete()
LdapUser.objects.get(pk=login)
m.sync_to_ldap(creation=False, update_fields=None)
except LdapUser.DoesNotExist:
pass
# Create the LDAP user
m.sync_to_ldap(creation=True, update_fields=None)
# Create the LDAP user
self.stderr.write("WARNING: user {login} not found in LDAP, "
"creating it (look at the resulting Unix "
"uidNumber to see if it's ok).".format(login=login))
m.sync_to_ldap(creation=True, update_fields=None)
self.stdout.write("Done")
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment