From 6744f28f5c86c97dd0291786c4e3fc64043d23cd Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 27 Jan 2022 12:20:22 +0100
Subject: [PATCH 3/3] ldap: always report count of synchronized users (#61128)

---
 src/authentic2/backends/ldap_backend.py | 11 ++++++-----
 tests/test_ldap.py                      |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/authentic2/backends/ldap_backend.py b/src/authentic2/backends/ldap_backend.py
index 751552d6..159a5f27 100644
--- a/src/authentic2/backends/ldap_backend.py
+++ b/src/authentic2/backends/ldap_backend.py
@@ -896,7 +896,6 @@ class LDAPBackend:
         """Retrieve group DNs from the LDAP by attributes (memberOf) or by
         filter.
         """
-        ldap_uri = conn.get_option(ldap.OPT_URI)
         group_base_dn = block['group_basedn'] or block['basedn']
         member_of_attribute = block['member_of_attribute']
         group_filter = block['group_filter']
@@ -1470,9 +1469,7 @@ class LDAPBackend:
             conn, user_basedn, ldap.SCOPE_SUBTREE, user_filter, attrlist=attribute_names
         )
         backend = cls()
-        count = 0
         for dn, attrs in results:
-            count += 1
             user = backend._return_user(dn, None, conn, block, attrs)
             if not user:
                 log.warning('unable to retrieve user for dn %s', dn)
@@ -1486,7 +1483,6 @@ class LDAPBackend:
                     ', '.join('%s=%s' % (k, v) for k, v in attrs.items()),
                 )
             yield user
-        log.info('Search for %s returned %s users.', user_filter, count)
 
     @classmethod
     def get_users(cls, realm=None):
@@ -1497,10 +1493,15 @@ class LDAPBackend:
         for block in blocks:
             if realm and realm != block['realm']:
                 continue
+            count = 0
             try:
-                yield from cls.get_users_for_block(block)
+                for user in cls.get_users_for_block(block):
+                    count += 1
+                    yield user
             except ldap.LDAPError as e:
                 log.error('synchronization failed on an LDAP error: "%s"', e)
+            user_filter = cls.get_sync_ldap_user_filter(block)
+            log.info('Search for %s returned %s users.', user_filter, count)
 
     @classmethod
     def deactivate_orphaned_users(cls):
diff --git a/tests/test_ldap.py b/tests/test_ldap.py
index 2a3eefed..75f13342 100644
--- a/tests/test_ldap.py
+++ b/tests/test_ldap.py
@@ -1806,7 +1806,7 @@ def test_sync_ldap_users(slapd, settings, app, db, caplog):
         )
         % User.objects.first().uuid
     )
-    assert caplog.messages[-1] == 'Search for (|(mail=*)(uid=*)) returned 7 users.'
+    assert caplog.messages[-1] == 'Search for (|(mail=*)(uid=*)) returned 6 users.'
 
     assert User.objects.count() == 6
     assert all(user.first_name == 'Étienne' for user in User.objects.all())
-- 
2.34.1