Development #6183
Commande de synchronisation des utilisateurs LDAP dans la base postgres
100%
Description
En utilisant le backend ldap.
Fichiers
Révisions associées
Historique
Mis à jour par Serghei Mihai il y a plus de 9 ans
- Fichier 0001-ldap-to-database-users-synchronization-command.patch ajouté
- Patch proposed changé de Non à Oui
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
user_attribute_mapping
seems superfluous as there are already fields email_field
, fname_field
et lname_field
for that. As for username
, I think that using what has been inputted by the user as is actually possible and default, is dangerous and should be removed. So I would remove the username
parameter of create_username()
and I would change default value of username_template
by '{uid}
{realm}. It would help simplify things as you will not have to find a default value for the @username
parameter of create_username()
.
Mis à jour par Serghei Mihai il y a plus de 9 ans
- Fichier 0001-ldap-to-database-users-synchronization-command.patch 0001-ldap-to-database-users-synchronization-command.patch ajouté
Suggestions taken in account.uid
computed from obtained user dn.
Mis à jour par Serghei Mihai il y a plus de 9 ans
- Fichier
0001-ldap-to-database-users-synchronization-command.patchsupprimé
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
Could you move most of the code back into the ldap_backend.py file ? I think the command should only contain something like:
for user in LDAPBackend.get_users(): user.save()
and most implementation details should stay in the backend file.
Also the removal of the username parameter should be in a separate preliminary patch.
Mis à jour par Serghei Mihai il y a plus de 9 ans
- Fichier 0001-ldap_backend-username-computed-from-user-dn.patch 0001-ldap_backend-username-computed-from-user-dn.patch ajouté
- Fichier 0002-ldap-to-database-users-synchronization-command.patch 0002-ldap-to-database-users-synchronization-command.patch ajouté
Done
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
You added a way to build a uid
by taking the first RDN value of the DN but it's not necessary and will rarely do what we want. The uid
is just the an attribute named uid
from the attributes in the LDAP, if there is none it will fail, it's ok, in this case the username template must be customized (using samaccountname
for example with AD). This:
uid = dn.split(',')[0] uid = uid.split('=')[1] return username_template.format(uid=uid, uri=uri,
should be replaced by that:
return username_template.format(uri=uri,
create_username
should only use the parameters block
and attributes
other parameters can be removed.
Mis à jour par Serghei Mihai il y a plus de 9 ans
- Fichier 0001-ldap_backend-username-computed-from-uid-by-default.patch 0001-ldap_backend-username-computed-from-uid-by-default.patch ajouté
- Fichier 0002-ldap-to-database-users-synchronization-command.patch 0002-ldap-to-database-users-synchronization-command.patch ajouté
Ok, I see: If the uid
attribute is present in ldap schema and needs to be used in username_template
, it should be specified in attributes
parameters of the config. Right?
Here are updated patches
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
Yep uid
should be added to the default value for the attributes
setting. To prevent misconfigurations we could also try to list attributes from the template, it will wait for another ticket.
Mis à jour par Serghei Mihai il y a plus de 9 ans
- Statut changé de Nouveau à Résolu (à déployer)
- % réalisé changé de 0 à 100
Appliqué par commit 717c7ee65daef95805a8a99e79a1cb86dd6509a7.
Mis à jour par Benjamin Dauvergne il y a environ 9 ans
- Statut changé de Résolu (à déployer) à Fermé
ldap to database users synchronization command.
ldap backend's methods refactored
Closes #6183