ldap: allow passing realm to sync-ldap-users command (#57038)
This commit is contained in:
parent
3bfe24a4b6
commit
24a4c4a12f
|
@ -1553,12 +1553,15 @@ class LDAPBackend:
|
|||
yield from cls.normalize_ldap_results(data)
|
||||
|
||||
@classmethod
|
||||
def get_users(cls):
|
||||
def get_users(cls, realm=None):
|
||||
blocks = cls.get_config()
|
||||
if not blocks:
|
||||
log.info('No LDAP server configured.')
|
||||
return
|
||||
for block in blocks:
|
||||
if realm and realm != block['realm']:
|
||||
continue
|
||||
|
||||
log.info('Synchronising users from realm "%s"', block['realm'])
|
||||
conn = cls.get_connection(block)
|
||||
if conn is None:
|
||||
|
|
|
@ -29,6 +29,9 @@ from authentic2.backends.ldap_backend import LDAPBackend
|
|||
|
||||
|
||||
class Command(BaseCommand):
|
||||
def add_arguments(self, parser):
|
||||
parser.add_argument('--realm', help='Limit sync to this realm')
|
||||
|
||||
def handle(self, *args, **kwargs):
|
||||
root_logger = logging.getLogger()
|
||||
ldap_logger = logging.getLogger('authentic2.backends.ldap_backend')
|
||||
|
@ -55,5 +58,5 @@ class Command(BaseCommand):
|
|||
elif verbosity == 3:
|
||||
ldap_logger.setLevel(logging.DEBUG)
|
||||
|
||||
for dummy in LDAPBackend.get_users():
|
||||
for dummy in LDAPBackend.get_users(realm=kwargs['realm']):
|
||||
continue
|
||||
|
|
|
@ -1798,6 +1798,31 @@ def test_sync_ldap_users(slapd, settings, app, db, caplog):
|
|||
assert len(caplog.records) == 42
|
||||
|
||||
|
||||
def test_get_users_select_realm(slapd, settings, db, caplog):
|
||||
settings.LDAP_AUTH_SETTINGS = [
|
||||
{
|
||||
'url': [slapd.ldap_url],
|
||||
'realm': 'first',
|
||||
'basedn': 'o=ôrga',
|
||||
'use_tls': False,
|
||||
},
|
||||
{
|
||||
'url': [slapd.ldap_url],
|
||||
'realm': 'second',
|
||||
'basedn': 'o=ôrga',
|
||||
'use_tls': False,
|
||||
},
|
||||
]
|
||||
management.call_command('sync-ldap-users', verbosity=2)
|
||||
assert 'Synchronising users from realm "first"' in caplog.messages
|
||||
assert 'Synchronising users from realm "second"' in caplog.messages
|
||||
|
||||
caplog.clear()
|
||||
management.call_command('sync-ldap-users', verbosity=2, realm='second')
|
||||
assert 'Synchronising users from realm "first"' not in caplog.messages
|
||||
assert 'Synchronising users from realm "second"' in caplog.messages
|
||||
|
||||
|
||||
def test_alert_on_wrong_user_filter(slapd, settings, client, db, caplog):
|
||||
settings.LDAP_AUTH_SETTINGS = [
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue