sources/ldap: fix count for membership, fix wrong attribute being searched

This commit is contained in:
Jens Langhammer 2021-02-04 20:22:28 +01:00
parent 14dc420747
commit 7d107991a2
2 changed files with 8 additions and 3 deletions

View File

@ -30,6 +30,6 @@ class BaseLDAPSynchronizer:
return f"{self._source.additional_group_dn},{self._source.base_dn}" return f"{self._source.additional_group_dn},{self._source.base_dn}"
return self._source.base_dn return self._source.base_dn
def sync(self): def sync(self) -> int:
"""Sync function, implemented in subclass""" """Sync function, implemented in subclass"""
raise NotImplementedError() raise NotImplementedError()

View File

@ -19,7 +19,7 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer):
super().__init__(source) super().__init__(source)
self.group_cache: dict[str, Group] = {} self.group_cache: dict[str, Group] = {}
def sync(self): def sync(self) -> int:
"""Iterate over all Users and assign Groups using memberOf Field""" """Iterate over all Users and assign Groups using memberOf Field"""
groups = self._source.connection.extend.standard.paged_search( groups = self._source.connection.extend.standard.paged_search(
search_base=self.base_dn_groups, search_base=self.base_dn_groups,
@ -28,8 +28,10 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer):
attributes=[ attributes=[
self._source.group_membership_field, self._source.group_membership_field,
self._source.object_uniqueness_field, self._source.object_uniqueness_field,
LDAP_DISTINGUISHED_NAME,
], ],
) )
membership_count = 0
for group in groups: for group in groups:
members = group.get("attributes", {}).get( members = group.get("attributes", {}).get(
self._source.group_membership_field, [] self._source.group_membership_field, []
@ -41,13 +43,16 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer):
ak_group = self.get_group(group) ak_group = self.get_group(group)
if not ak_group: if not ak_group:
continue continue
membership_count += 1
membership_count += users.count()
ak_group.users.set(users) ak_group.users.set(users)
ak_group.save() ak_group.save()
self._logger.debug("Successfully updated group membership") self._logger.debug("Successfully updated group membership")
return membership_count
def get_group(self, group_dict: dict[str, Any]) -> Optional[Group]: def get_group(self, group_dict: dict[str, Any]) -> Optional[Group]:
"""Check if we fetched the group already, and if not cache it for later""" """Check if we fetched the group already, and if not cache it for later"""
group_uniq = group_dict.get("attributes", {}).get(LDAP_UNIQUENESS, "") group_uniq = group_dict.get("attributes", {}).get(self._source.object_uniqueness_field, "")
group_dn = group_dict.get("attributes", {}).get(LDAP_DISTINGUISHED_NAME, "") group_dn = group_dict.get("attributes", {}).get(LDAP_DISTINGUISHED_NAME, "")
if group_uniq not in self.group_cache: if group_uniq not in self.group_cache:
groups = Group.objects.filter( groups = Group.objects.filter(