Produits Entr'ouvert » Authentic 2

user_attribute_mapping seems superfluous as there are already fields email_field, fname_field et lname_field for that. As for username, I think that using what has been inputted by the user as is actually possible and default, is dangerous and should be removed. So I would remove the username parameter of create_username() and I would change default value of username_template by '{uid}{realm}. It would help simplify things as you will not have to find a default value for the @username parameter of create_username().

Could you move most of the code back into the ldap_backend.py file ? I think the command should only contain something like:

   for user in LDAPBackend.get_users():
       user.save()

and most implementation details should stay in the backend file.

Also the removal of the username parameter should be in a separate preliminary patch.

You added a way to build a uid by taking the first RDN value of the DN but it's not necessary and will rarely do what we want. The uid is just the an attribute named uid from the attributes in the LDAP, if there is none it will fail, it's ok, in this case the username template must be customized (using samaccountname for example with AD). This:

        uid = dn.split(',')[0]
        uid = uid.split('=')[1]
        return username_template.format(uid=uid, uri=uri,

should be replaced by that:

        return username_template.format(uri=uri,

create_username should only use the parameters block and attributes other parameters can be removed.

Yep uid should be added to the default value for the attributes setting. To prevent misconfigurations we could also try to list attributes from the template, it will wait for another ticket.