limit synchronization to records of targeted objectclasses

README.rst

@@ -91,6 +91,12 @@ Synchronize tree of organizational units and people between two LDAP directories
 Changelog
 =========
 
+0.13
+----
+
+* in ldapsync, do not delete records not pertaining to one of the objectclass listed in
+  --object-class-pivot
+
 0.12
 ----
 

src/ldaptools/synchronize.py

@@ -233,12 +233,17 @@ class Synchronize(object):
         for batch in batch_generator(entries, self.BATCH_SIZE):
             self.build_actions_for_entries(batch)
         # Then delete
-        for dn, entry in self.get_target_entries():
+        for dn, entry in self.get_target_entries(filterstr=self.get_pivot_filter()):
             if dn not in self.seen_dn:
                 self.delete(dn)
         # Now sort actions by their special order
         self.actions.sort()
 
+    def get_pivot_filter(self):
+        filter_tpl = '(objectclass=%s)'
+        filters = [filter_format(filter_tpl, (objc,)) for objc, attr in self.pivot_attributes]
+        return '(|%s)' % ''.join(filters)
+
     def create(self, dn, entry):
         self.actions.append(Create(dn=dn, entry=entry))
 

tests/test_synchronize.py

@@ -11,6 +11,7 @@ def test_synchronize_ldif(slapd):
     pivot_attributes = (
         ('organization', 'o'),
         ('inetOrgPerson', 'uid'),
+        ('organizationalUnit', 'ou'),
     )
     attributes = ['o', 'objectClass', 'uid', 'sn', 'givenName', 'mail', 'dc', 'cn']
     conn = slapd.get_connection_admin()
@@ -78,6 +79,7 @@ def test_synchronize_ldap(slapd):
     pivot_attributes = (
         ('organization', 'o'),
         ('inetOrgPerson', 'uid'),
+        ('organizationalUnit', 'ou'),
     )
     attributes = ['o', 'objectClass', 'uid', 'sn', 'givenName', 'mail', 'dc', 'cn']
     conn = slapd.get_connection_admin()