def sync_ldap_info(cls, session):
"""
Resynchronize ldap information in database, for changes in role/units
"""
ldap = LdapCache()
managers = ldap.list_manager()
admins = ldap.list_admin()
for user in User.find(session, order_by=[User.dn]):
group = u'user'
# if it's a manager members should have him associated as such
if user.dn in managers:
group = u'manager'
# if it's an admin he should be in admin group
if user.dn in admins:
group = u'admin'
user.role = group
# handle update of groups if it has changed
exists = []
group_ids = [Group.by_name(session, group).id]
for ugroup in user.groups:
exists.append(ugroup.id)
if ugroup.id not in group_ids:
# keep sudoer group info
if ugroup.name != 'sudoer':
user.groups.remove(ugroup)
for group_id in group_ids:
if group_id not in exists:
user.groups.append(Group.by_id(session, group_id))
