Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ldap sync id_in_org #326

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

ldap sync id_in_org #326

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions ldap_syncer/ldap_settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,7 @@ def read_base_config(self, ldap_config, is_test, enable_multi_ldap=False):
ldap_config.user_filter = self.get_option('LDAP_FILTER'.replace('LDAP', setting_prefix, 1), '')
ldap_config.use_page_result = self.get_option('LDAP_USE_PAGED_RESULT'.replace('LDAP', setting_prefix, 1), False)
ldap_config.follow_referrals = self.get_option('LDAP_FOLLOW_REFERRALS'.replace('LDAP', setting_prefix, 1), True)
ldap_config.id_in_org_attr = self.get_option('LDAP_EMPLOYEE_ID_ATTR'.replace('LDAP', setting_prefix, 1), '')

if ldap_config.host == '' or ldap_config.user_dn == '' or ldap_config.passwd == '' or ldap_config.base_dn == '':
if is_test:
Expand Down
70 changes: 66 additions & 4 deletions ldap_syncer/ldap_user_sync.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,19 +27,20 @@ def gen_user_virtual_id():


class UserObj(object):
def __init__(self, user_id, email, ctime, is_staff, is_active, role, is_manual_set):
def __init__(self, user_id, email, ctime, is_staff, is_active, role, is_manual_set, id_in_org=''):
self.id = user_id
self.email = email
self.ctime = ctime
self.is_staff = is_staff
self.is_active = is_active
self.role = role
self.is_manual_set = is_manual_set
self.id_in_org = id_in_org


class LdapUser(object):
def __init__(self, user_id, name, dept, uid, cemail,
is_staff=0, is_active=1, role='', is_manual_set=False):
is_staff=0, is_active=1, role='', is_manual_set=False, id_in_org=''):
self.id = user_id
self.name = name
self.dept = dept
Expand All @@ -49,6 +50,7 @@ def __init__(self, user_id, name, dept, uid, cemail,
self.is_active = is_active
self.role = role
self.is_manual_set = is_manual_set
self.id_in_org = id_in_org


class LdapUserSync(LdapSync):
Expand Down Expand Up @@ -105,6 +107,21 @@ def add_profile(self, email, ldap_user):
logger.warning('Failed to add profile %s to user %s: %s.' %
(val, email, e))

def add_id_in_org(self, email, ldap_user):
if ldap_user.id_in_org:
field = 'virtual_id, id_in_org, org_id'
qmark = '%s, %s, %s'
val = [email, ldap_user.id_in_org, -1]
sql = 'insert into id_in_org_tuple (%s) values (%s)' % (field, qmark)
try:
self.cursor.execute(sql, val)
if self.cursor.rowcount == 1:
logger.debug('Add id_in_org %s to user %s successs.' %
(val, email))
except Exception as e:
logger.warning('Failed to add id_in_org %s to user %s: %s.' %
(val, email, e))

def add_dept(self, email, dept):
try:
self.cursor.execute('insert into profile_detailedprofile (user,department,telephone) '
Expand Down Expand Up @@ -155,6 +172,31 @@ def update_profile(self, email, db_user, ldap_user):
logger.warning('Failed to update user %s profile: %s.' %
(email, e))

def update_id_in_org(self, email, db_user, ldap_user):
try:
self.cursor.execute('select 1 from id_in_org_tuple where user=%s', [email])
if self.cursor.rowcount == 0:
self.add_id_in_org(email, ldap_user)
return
else:
field = ''
val = []
if db_user.id_in_org != ldap_user.id_in_org:
field += 'id_in_org=%s'
val.append(ldap_user.id_in_org)
if field == '':
# no change
return
val.append(email)
sql = 'update id_in_org_tuple set %s where virtual_id=%%s' % field
self.cursor.execute(sql, val)
if self.cursor.rowcount == 1:
logger.debug('Update user %s id_in_org to %s success.' %
(email, val))
except Exception as e:
logger.warning('Failed to update user %s id_in_org: %s.' %
(email, e))

def update_dept(self, email, dept):
try:
self.cursor.execute('select 1 from profile_detailedprofile where user=%s', [email])
Expand Down Expand Up @@ -253,6 +295,17 @@ def get_data_from_db(self):
email_list = list()
for user in ldap_users:
email_list.append(user[0])

id_in_org_dict = {}
if email_list:
try:
self.cursor.execute("SELECT virtual_id,id_in_org FROM id_in_org_tuple WHERE `virtual_id` IN %s",
[email_list])
id_in_org_res = self.cursor.fetchall()
id_in_org_dict = {row[0]: row[1] for row in id_in_org_res}
except Exception as e:
logger.error('get id_in_org from db failed: %s' % e)

users = list()
res = list()
if email_list:
Expand All @@ -265,7 +318,8 @@ def get_data_from_db(self):
logger.error('get users from ccnet failed: %s' % e)
return user_data_db
for user in res:
users.append(UserObj(user[0], user[1], user[2], user[3], user[4], user[5], user[6]))
id_in_org = id_in_org_dict.get(user[1], '')
users.append(UserObj(user[0], user[1], user[2], user[3], user[4], user[5], user[6], id_in_org))

# select all users attrs from profile_profile and profile_detailedprofile in one query
email2attrs = {} # is like: { 'some_one@seafile': {'name': 'leo', 'dept': 'dev', ...} ...}
Expand Down Expand Up @@ -428,6 +482,12 @@ def get_data_by_base_dn(self, config, ldap_conn, base_dn, search_filter):
else:
uid = attrs[config.uid_attr][0]

if config.id_in_org_attr != '':
if config.id_in_org_attr not in attrs:
id_in_org = ''
else:
id_in_org = attrs[config.id_in_org_attr][0]

if config.cemail_attr != '':
if config.cemail_attr not in attrs:
cemail = ''
Expand All @@ -436,7 +496,7 @@ def get_data_by_base_dn(self, config, ldap_conn, base_dn, search_filter):

email = attrs[config.login_attr][0].lower()
user_name = None if user_name is None else user_name.strip()
user_data_ldap[email] = LdapUser(None, user_name, dept, uid, cemail, role=role)
user_data_ldap[email] = LdapUser(None, user_name, dept, uid, cemail, role=role, id_in_org=id_in_org)

return user_data_ldap

Expand Down Expand Up @@ -469,6 +529,7 @@ def sync_add_user(self, ldap_user, login_attr):

if ldap_user.config.enable_extra_user_info_sync:
self.add_profile(virtual_id, ldap_user)
self.add_id_in_org(virtual_id, ldap_user)
self.add_dept(virtual_id, ldap_user.dept)

def sync_update_user(self, ldap_user, db_user, email):
Expand All @@ -486,6 +547,7 @@ def sync_update_user(self, ldap_user, db_user, email):

if ldap_user.config.enable_extra_user_info_sync:
self.update_profile(email, db_user, ldap_user)
self.update_id_in_org(email, db_user, ldap_user)
if ldap_user.dept != db_user.dept:
self.update_dept(email, ldap_user.dept)

Expand Down
Loading