0001-ldap-add-method-to-deactivate-orphaned-users-6379.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
1345 | 1345 |
data['dn'] = dn |
1346 | 1346 |
yield backend._return_user(dn, None, conn, block, data) |
1347 | 1347 | |
1348 |
@classmethod |
|
1349 |
def deactivate_orphaned_users(cls): |
|
1350 |
for block in cls.get_config(): |
|
1351 |
conn = cls.get_connection(block) |
|
1352 |
if conn is None: |
|
1353 |
continue |
|
1354 |
for eid in UserExternalId.objects.filter(user__is_active=True, |
|
1355 |
source=block['realm']): |
|
1356 |
inactive = True |
|
1357 |
for external_id_tuple in map_text(block['external_id_tuples']): |
|
1358 |
ldap_filter = cls.external_id_to_filter(eid.external_id, external_id_tuple) |
|
1359 |
results = conn.search_s(block['basedn'], |
|
1360 |
ldap.SCOPE_SUBTREE, ldap_filter) |
|
1361 |
results = cls.normalize_ldap_results(results) |
|
1362 |
if results: |
|
1363 |
inactive = False |
|
1364 |
break |
|
1365 |
if inactive: |
|
1366 |
eid.user.mark_as_inactive() |
|
1367 | ||
1348 | 1368 |
@classmethod |
1349 | 1369 |
def ad_encoding(cls, s): |
1350 | 1370 |
'''Encode a string for AD consumption as a password''' |
tests/test_ldap.py | ||
---|---|---|
218 | 218 |
assert 'password' not in client.session['ldap-data'] |
219 | 219 | |
220 | 220 | |
221 |
def test_deactivate_orphaned_users(slapd, settings, client, db): |
|
222 |
settings.LDAP_AUTH_SETTINGS = [{ |
|
223 |
'url': [slapd.ldap_url], |
|
224 |
'basedn': u'o=ôrga', |
|
225 |
'use_tls': False, |
|
226 |
}] |
|
227 | ||
228 |
# create users as a side effect |
|
229 |
list(ldap_backend.LDAPBackend.get_users()) |
|
230 | ||
231 |
block = settings.LDAP_AUTH_SETTINGS[0] |
|
232 |
assert ldap_backend.UserExternalId.objects.filter( |
|
233 |
user__is_active=False, source=block['realm']).count() == 0 |
|
234 | ||
235 |
conn = slapd.get_connection_admin() |
|
236 |
ldif = [(ldap.MOD_DELETE, 'uid', force_bytes(UID.upper()))] |
|
237 |
conn.modify_s(DN, ldif) |
|
238 | ||
239 |
ldap_backend.LDAPBackend.deactivate_orphaned_users() |
|
240 | ||
241 |
assert ldap_backend.UserExternalId.objects.filter( |
|
242 |
user__is_active=False, source=block['realm']).count() == 1 |
|
243 | ||
244 | ||
221 | 245 |
@pytest.mark.django_db |
222 | 246 |
def test_simple_with_binddn(slapd, settings, client): |
223 | 247 |
settings.LDAP_AUTH_SETTINGS = [{ |
224 |
- |