ldap: allow option to deactivate synchrozination for a realm (#6380) #26
|
@ -549,6 +549,7 @@ class LDAPBackend:
|
|||
'page_size': 100,
|
||||
'authentication': True,
|
||||
'provisionning': True,
|
||||
'synchronisation': True,
|
||||
}
|
||||
_REQUIRED = ('url', 'basedn')
|
||||
_TO_ITERABLE = ('url', 'groupsu', 'groupstaff', 'groupactive')
|
||||
|
@ -1645,6 +1646,9 @@ class LDAPBackend:
|
|||
|
||||
@classmethod
|
||||
def get_users_for_block(cls, block):
|
||||
if not block['synchronisation']:
|
||||
log.info('Synchronization deactivated for realm "%s"', block['realm'])
|
||||
return
|
||||
log.info('Synchronising users from realm "%s"', block['realm'])
|
||||
conn = cls.get_connection(block, synchronization=True)
|
||||
if conn is None:
|
||||
|
|
|
@ -317,6 +317,31 @@ def test_connection_timeout_options(slapd, wraps_ldap_set_option, db, settings):
|
|||
assert network_timeout_set
|
||||
|
||||
|
||||
def test_connection_get_users_with_deactivated_sync(slapd, db, settings, caplog):
|
||||
settings.LDAP_AUTH_SETTINGS = [
|
||||
{
|
||||
'url': [slapd.ldap_url],
|
||||
'basedn': 'o=ôrga',
|
||||
'bindsasl': (),
|
||||
'binddn': force_str(DN),
|
||||
'bindpw': PASS,
|
||||
'global_ldap_options': {},
|
||||
'require_cert': 'demand',
|
||||
'cacertfile': '',
|
||||
'cacertdir': '',
|
||||
'certfile': cert_file,
|
||||
'keyfile': key_file,
|
||||
'use_tls': False,
|
||||
'referrals': False,
|
||||
'ldap_options': {},
|
||||
'connect_with_user_credentials': True,
|
||||
'synchronisation': False,
|
||||
}
|
||||
]
|
||||
assert len(list(ldap_backend.LDAPBackend.get_users())) == 0
|
||||
assert 'Synchronization deactivated for realm "ldap"' in caplog.text
|
||||
|
||||
|
||||
def test_simple(slapd, settings, client, db):
|
||||
settings.LDAP_AUTH_SETTINGS = [
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue