ldap: allow passing realm to sync-ldap-users command (#57038)

2021-09-23 15:44:53 +02:00 · 2021-09-23 15:44:53 +02:00 · 24a4c4a12f
parent 3bfe24a4b6
commit 24a4c4a12f
3 changed files with 33 additions and 2 deletions
--- a/src/authentic2/backends/ldap_backend.py
+++ b/src/authentic2/backends/ldap_backend.py
@ -1553,12 +1553,15 @@ class LDAPBackend:
            yield from cls.normalize_ldap_results(data)

    @classmethod
-    def get_users(cls):
+    def get_users(cls, realm=None):
        blocks = cls.get_config()
        if not blocks:
            log.info('No LDAP server configured.')
            return
        for block in blocks:
+            if realm and realm != block['realm']:
+                continue
+
            log.info('Synchronising users from realm "%s"', block['realm'])
            conn = cls.get_connection(block)
            if conn is None:
--- a/src/authentic2/management/commands/sync-ldap-users.py
+++ b/src/authentic2/management/commands/sync-ldap-users.py
@ -29,6 +29,9 @@ from authentic2.backends.ldap_backend import LDAPBackend


 class Command(BaseCommand):
+    def add_arguments(self, parser):
+        parser.add_argument('--realm', help='Limit sync to this realm')
+
    def handle(self, *args, **kwargs):
        root_logger = logging.getLogger()
        ldap_logger = logging.getLogger('authentic2.backends.ldap_backend')
@ -55,5 +58,5 @@ class Command(BaseCommand):
        elif verbosity == 3:
            ldap_logger.setLevel(logging.DEBUG)

-        for dummy in LDAPBackend.get_users():
+        for dummy in LDAPBackend.get_users(realm=kwargs['realm']):
            continue
--- a/tests/test_ldap.py
+++ b/tests/test_ldap.py
@ -1798,6 +1798,31 @@ def test_sync_ldap_users(slapd, settings, app, db, caplog):
    assert len(caplog.records) == 42


+def test_get_users_select_realm(slapd, settings, db, caplog):
+    settings.LDAP_AUTH_SETTINGS = [
+        {
+            'url': [slapd.ldap_url],
+            'realm': 'first',
+            'basedn': 'o=ôrga',
+            'use_tls': False,
+        },
+        {
+            'url': [slapd.ldap_url],
+            'realm': 'second',
+            'basedn': 'o=ôrga',
+            'use_tls': False,
+        },
+    ]
+    management.call_command('sync-ldap-users', verbosity=2)
+    assert 'Synchronising users from realm "first"' in caplog.messages
+    assert 'Synchronising users from realm "second"' in caplog.messages
+
+    caplog.clear()
+    management.call_command('sync-ldap-users', verbosity=2, realm='second')
+    assert 'Synchronising users from realm "first"' not in caplog.messages
+    assert 'Synchronising users from realm "second"' in caplog.messages
+
+
 def test_alert_on_wrong_user_filter(slapd, settings, client, db, caplog):
    settings.LDAP_AUTH_SETTINGS = [
        {