0001-ldap-allow-passing-realm-to-sync-ldap-users-command-.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
1545 | 1545 |
yield from cls.normalize_ldap_results(data) |
1546 | 1546 | |
1547 | 1547 |
@classmethod |
1548 |
def get_users(cls): |
|
1548 |
def get_users(cls, realm=None):
|
|
1549 | 1549 |
blocks = cls.get_config() |
1550 | 1550 |
if not blocks: |
1551 | 1551 |
log.info('No LDAP server configured.') |
1552 | 1552 |
return |
1553 | 1553 |
for block in blocks: |
1554 |
if realm and realm != block['realm']: |
|
1555 |
continue |
|
1556 | ||
1554 | 1557 |
log.info('Synchronising users from realm "%s"', block['realm']) |
1555 | 1558 |
conn = cls.get_connection(block) |
1556 | 1559 |
if conn is None: |
src/authentic2/management/commands/sync-ldap-users.py | ||
---|---|---|
29 | 29 | |
30 | 30 | |
31 | 31 |
class Command(BaseCommand): |
32 |
def add_arguments(self, parser): |
|
33 |
parser.add_argument('--realm', help='Limit sync to this realm') |
|
34 | ||
32 | 35 |
def handle(self, *args, **kwargs): |
33 | 36 |
root_logger = logging.getLogger() |
34 | 37 |
ldap_logger = logging.getLogger('authentic2.backends.ldap_backend') |
... | ... | |
55 | 58 |
elif verbosity == 3: |
56 | 59 |
ldap_logger.setLevel(logging.DEBUG) |
57 | 60 | |
58 |
for user in LDAPBackend.get_users(): |
|
61 |
for user in LDAPBackend.get_users(realm=kwargs['realm']):
|
|
59 | 62 |
continue |
tests/test_ldap.py | ||
---|---|---|
1803 | 1803 |
assert len(caplog.records) == 42 |
1804 | 1804 | |
1805 | 1805 | |
1806 |
def test_get_users_select_realm(slapd, settings, db, caplog): |
|
1807 |
settings.LDAP_AUTH_SETTINGS = [ |
|
1808 |
{ |
|
1809 |
'url': [slapd.ldap_url], |
|
1810 |
'realm': 'first', |
|
1811 |
'basedn': 'o=ôrga', |
|
1812 |
'use_tls': False, |
|
1813 |
}, |
|
1814 |
{ |
|
1815 |
'url': [slapd.ldap_url], |
|
1816 |
'realm': 'second', |
|
1817 |
'basedn': 'o=ôrga', |
|
1818 |
'use_tls': False, |
|
1819 |
}, |
|
1820 |
] |
|
1821 |
management.call_command('sync-ldap-users', verbosity=2) |
|
1822 |
assert 'Synchronising users from realm "first"' in caplog.messages |
|
1823 |
assert 'Synchronising users from realm "second"' in caplog.messages |
|
1824 | ||
1825 |
caplog.clear() |
|
1826 |
management.call_command('sync-ldap-users', verbosity=2, realm='second') |
|
1827 |
assert 'Synchronising users from realm "first"' not in caplog.messages |
|
1828 |
assert 'Synchronising users from realm "second"' in caplog.messages |
|
1829 | ||
1830 | ||
1806 | 1831 |
def test_alert_on_wrong_user_filter(slapd, settings, client, db, caplog): |
1807 | 1832 |
settings.LDAP_AUTH_SETTINGS = [ |
1808 | 1833 |
{ |
1809 |
- |