From d967dcef33d4a25763875e9ebf5dd230e11c4564 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Thu, 27 Jan 2022 11:35:19 +0100 Subject: [PATCH 1/3] ldap: factorize get_users per block actions (#61128) --- src/authentic2/backends/ldap_backend.py | 65 +++++++++++++------------ 1 file changed, 34 insertions(+), 31 deletions(-) diff --git a/src/authentic2/backends/ldap_backend.py b/src/authentic2/backends/ldap_backend.py index a4b19b29..95245bb2 100644 --- a/src/authentic2/backends/ldap_backend.py +++ b/src/authentic2/backends/ldap_backend.py @@ -1457,6 +1457,39 @@ class LDAPBackend: pg_ctrl.cookie = serverctrls[0].cookie yield from cls.normalize_ldap_results(data) + @classmethod + def get_users_for_block(cls, block): + log.info('Synchronising users from realm "%s"', block['realm']) + conn = cls.get_connection(block) + if conn is None: + log.warning('unable to synchronize with LDAP servers %s', force_text(block['url'])) + return + cls.check_group_to_role_mappings(block) + user_basedn = force_text(block.get('user_basedn') or block['basedn']) + user_filter = cls.get_sync_ldap_user_filter(block) + attribute_names = cls.get_ldap_attributes_names(block) + results = cls.paged_search( + conn, user_basedn, ldap.SCOPE_SUBTREE, user_filter, attrlist=attribute_names + ) + backend = cls() + count = 0 + for dn, attrs in results: + count += 1 + user = backend._return_user(dn, None, conn, block, attrs) + if not user: + log.warning('unable to retrieve user for dn %s', dn) + continue + if user._changed or user._created: + log.info( + '%s user %s (uuid %s) from %s', + 'Created' if user._created else 'Updated', + user.get_username(), + user.uuid, + ', '.join('%s=%s' % (k, v) for k, v in attrs.items()), + ) + yield user + log.info('Search for %s returned %s users.', user_filter, count) + @classmethod def get_users(cls, realm=None): blocks = cls.get_config() @@ -1466,37 +1499,7 @@ class LDAPBackend: for block in blocks: if realm and realm != block['realm']: continue - - log.info('Synchronising users from realm "%s"', block['realm']) - conn = cls.get_connection(block) - if conn is None: - log.warning('unable to synchronize with LDAP servers %s', force_text(block['url'])) - continue - cls.check_group_to_role_mappings(block) - user_basedn = force_text(block.get('user_basedn') or block['basedn']) - user_filter = cls.get_sync_ldap_user_filter(block) - attribute_names = cls.get_ldap_attributes_names(block) - results = cls.paged_search( - conn, user_basedn, ldap.SCOPE_SUBTREE, user_filter, attrlist=attribute_names - ) - backend = cls() - count = 0 - for dn, attrs in results: - count += 1 - user = backend._return_user(dn, None, conn, block, attrs) - if not user: - log.warning('unable to retrieve user for dn %s', dn) - continue - if user._changed or user._created: - log.info( - '%s user %s (uuid %s) from %s', - 'Created' if user._created else 'Updated', - user.get_username(), - user.uuid, - ', '.join('%s=%s' % (k, v) for k, v in attrs.items()), - ) - yield user - log.info('Search for %s returned %s users.', user_filter, count) + yield from cls.get_users_for_block(block) @classmethod def deactivate_orphaned_users(cls): -- 2.34.1