Produits Entr'ouvert » Authentic 2

30 5 * * * authentic-multitenant authentic2-multitenant-manage tenant_command deactivate-orphaned-ldap-users --all-tenants

30 5 * * * authentic2 authentic2-manage deactivate-orphaned-ldap-users

    @classmethod

    def get_sync_ldap_user_filter(cls, block):

        user_filter = force_text(block['sync_ldap_users_filter'] or block['user_filter'])

        user_filter = user_filter.replace('%s', '*')

        return user_filter

            user_filter = cls.get_sync_ldap_user_filter(block)

    @classmethod

    def deactivate_orphaned_users(cls):

        for block in cls.get_config():

            conn = cls.get_connection(block)

            if conn is None:

                continue

            eids = list(UserExternalId.objects.filter(user__is_active=True,

                                                      source=block['realm']).values_list('external_id', flat=True))

            basedn = force_text(block.get('user_basedn') or block['basedn'])

            attribute_names = [a[0] for a in cls.attribute_name_from_external_id_tuple(block['external_id_tuples'])]

            user_filter = cls.get_sync_ldap_user_filter(block)

            results = cls.paged_search(conn, basedn, ldap.SCOPE_SUBTREE,

                                       user_filter,

                                       attrlist=attribute_names)

            for dn, attrs in results:

                data = attrs.copy()

                data['dn'] = dn

                for eid_tuple in map_text(block['external_id_tuples']):

                    backend = cls()

                    external_id = backend.build_external_id(eid_tuple, data)

                    if external_id:

                        try:

                            eids.remove(external_id)

                        except ValueError:

                            pass

            for eid in UserExternalId.objects.filter(external_id__in=eids):

                eid.user.mark_as_inactive()

# authentic2 - versatile identity manager

# Copyright (C) 2010-2021 Entr'ouvert

#

# This program is free software: you can redistribute it and/or modify it

# under the terms of the GNU Affero General Public License as published

# by the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU Affero General Public License for more details.

#

# You should have received a copy of the GNU Affero General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from django.core.management.base import BaseCommand

from authentic2.backends.ldap_backend import LDAPBackend

class Command(BaseCommand):

    def handle(self, *args, **kwargs):

        LDAPBackend.deactivate_orphaned_users()

def test_deactivate_orphaned_users(slapd, settings, client, db):

    settings.LDAP_AUTH_SETTINGS = [{

        'url': [slapd.ldap_url],

        'basedn': u'o=ôrga',

        'use_tls': False,

    }]

    # create users as a side effect

    list(ldap_backend.LDAPBackend.get_users())

    block = settings.LDAP_AUTH_SETTINGS[0]

    assert ldap_backend.UserExternalId.objects.filter(

        user__is_active=False, source=block['realm']).count() == 0

    conn = slapd.get_connection_admin()

    conn.delete_s(DN)

    ldap_backend.LDAPBackend.deactivate_orphaned_users()

    assert ldap_backend.UserExternalId.objects.filter(

        user__is_active=False, source=block['realm']).count() == 1