From 7325e9821abb97c850b4a431b6870628f77556d8 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Mon, 23 May 2016 15:56:26 +0200
Subject: [PATCH] limit synchronization to records of targeted objectclasses

---
 README.rst                   | 6 ++++++
 src/ldaptools/synchronize.py | 7 ++++++-
 tests/test_synchronize.py    | 2 ++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index 351d922..c9e62ed 100644
--- a/README.rst
+++ b/README.rst
@@ -91,6 +91,12 @@ Synchronize tree of organizational units and people between two LDAP directories
 Changelog
 =========
 
+0.13
+----
+
+* in ldapsync, do not delete records not pertaining to one of the objectclass listed in
+  --object-class-pivot
+
 0.12
 ----
 
diff --git a/src/ldaptools/synchronize.py b/src/ldaptools/synchronize.py
index eb1f9ec..492a836 100644
--- a/src/ldaptools/synchronize.py
+++ b/src/ldaptools/synchronize.py
@@ -233,12 +233,17 @@ class Synchronize(object):
         for batch in batch_generator(entries, self.BATCH_SIZE):
             self.build_actions_for_entries(batch)
         # Then delete
-        for dn, entry in self.get_target_entries():
+        for dn, entry in self.get_target_entries(filterstr=self.get_pivot_filter()):
             if dn not in self.seen_dn:
                 self.delete(dn)
         # Now sort actions by their special order
         self.actions.sort()
 
+    def get_pivot_filter(self):
+        filter_tpl = '(objectclass=%s)'
+        filters = [filter_format(filter_tpl, (objc,)) for objc, attr in self.pivot_attributes]
+        return '(|%s)' % ''.join(filters)
+
     def create(self, dn, entry):
         self.actions.append(Create(dn=dn, entry=entry))
 
diff --git a/tests/test_synchronize.py b/tests/test_synchronize.py
index a75bf7f..ef5e949 100644
--- a/tests/test_synchronize.py
+++ b/tests/test_synchronize.py
@@ -11,6 +11,7 @@ def test_synchronize_ldif(slapd):
     pivot_attributes = (
         ('organization', 'o'),
         ('inetOrgPerson', 'uid'),
+        ('organizationalUnit', 'ou'),
     )
     attributes = ['o', 'objectClass', 'uid', 'sn', 'givenName', 'mail', 'dc', 'cn']
     conn = slapd.get_connection_admin()
@@ -78,6 +79,7 @@ def test_synchronize_ldap(slapd):
     pivot_attributes = (
         ('organization', 'o'),
         ('inetOrgPerson', 'uid'),
+        ('organizationalUnit', 'ou'),
     )
     attributes = ['o', 'objectClass', 'uid', 'sn', 'givenName', 'mail', 'dc', 'cn']
     conn = slapd.get_connection_admin()