def ldap_sync(add_to_changelog, only_username):
# Store time of the last sync. Don't store after sync since parallel
# requests to e.g. the page hook would cause duplicate calculations
file(g_ldap_sync_time_file, 'w').write('%s\n' % time.time())
# Flush ldap related before each sync to have a caching only for the
# current sync process
global g_ldap_user_cache, g_ldap_group_cache
g_ldap_user_cache = {}
g_ldap_group_cache = {}
start_time = time.time()
ldap_connect()
# Unused at the moment, always sync all users
#filt = None
#if only_username:
# filt = '(%s=%s)' % (ldap_user_id_attr(), only_username)
import wato
users = load_users()
ldap_users = ldap_get_users()
# Remove users which are controlled by this connector but can not be found in
# LDAP anymore
for user_id, user in users.items():
if user.get('connector') == 'ldap' and user_id not in ldap_users:
del users[user_id] # remove the user
wato.log_pending(wato.SYNCRESTART, None, "edit-users", _("LDAP Connector: Removed user %s" % user_id))
for user_id, ldap_user in ldap_users.items():
if user_id in users:
user = copy.deepcopy(users[user_id])
mode_create = False
else:
user = new_user_template('ldap')
mode_create = True
# Skip all users not controlled by this connector
if user.get('connector') != 'ldap':
continue
# Gather config from convert functions of plugins
for key, params in config.ldap_active_plugins.items():
user.update(ldap_attribute_plugins[key]['convert'](params, user_id, ldap_user, user))
if not mode_create and user == users[user_id]:
continue # no modification. Skip this user.
# Gather changed attributes for easier debugging
if not mode_create:
set_new, set_old = set(user.keys()), set(users[user_id].keys())
intersect = set_new.intersection(set_old)
added = set_new - intersect
removed = set_old - intersect
changed = set(o for o in intersect if users[user_id][o] != user[o])
users[user_id] = user # Update the user record
if mode_create:
wato.log_pending(wato.SYNCRESTART, None, "edit-users",
_("LDAP Connector: Created user %s" % user_id))
else:
wato.log_pending(wato.SYNCRESTART, None, "edit-users",
_("LDAP Connector: Modified user %s (Added: %s, Removed: %s, Changed: %s)" %
(user_id, ', '.join(added), ', '.join(removed), ', '.join(changed))))
duration = time.time() - start_time
ldap_log('SYNC FINISHED - Duration: %0.3f sec' % duration)
save_users(users)
def ldap_sync(add_to_changelog, only_username):
# Store time of the last sync. Don't store after sync since parallel
# requests to e.g. the page hook would cause duplicate calculations
file(g_ldap_sync_time_file, 'w').write('%s\n' % time.time())
if not config.ldap_connection or not ldap_user_base_dn_configured():
return # silently skip sync without configuration
# Flush ldap related before each sync to have a caching only for the
# current sync process
global g_ldap_user_cache, g_ldap_group_cache
g_ldap_user_cache = {}
g_ldap_group_cache = {}
start_time = time.time()
ldap_log(' SYNC PLUGINS: %s' % ', '.join(config.ldap_active_plugins.keys()))
# Unused at the moment, always sync all users
#filt = None
#if only_username:
# filt = '(%s=%s)' % (ldap_user_id_attr(), only_username)
ldap_users = ldap_get_users()
import wato
users = load_users(lock = True)
# Remove users which are controlled by this connector but can not be found in
# LDAP anymore
for user_id, user in users.items():
if user.get('connector') == 'ldap' and user_id not in ldap_users:
del users[user_id] # remove the user
wato.log_pending(wato.SYNCRESTART, None, "edit-users",
_("LDAP Connector: Removed user %s" % user_id), user_id = '')
for user_id, ldap_user in ldap_users.items():
if user_id in users:
user = copy.deepcopy(users[user_id])
mode_create = False
else:
user = new_user_template('ldap')
mode_create = True
# Skip all users not controlled by this connector
if user.get('connector') != 'ldap':
continue
# Gather config from convert functions of plugins
for key, params in config.ldap_active_plugins.items():
user.update(ldap_attribute_plugins[key]['convert'](key, params or {}, user_id, ldap_user, user))
if not mode_create and user == users[user_id]:
continue # no modification. Skip this user.
# Gather changed attributes for easier debugging
if not mode_create:
set_new, set_old = set(user.keys()), set(users[user_id].keys())
intersect = set_new.intersection(set_old)
added = set_new - intersect
removed = set_old - intersect
changed = set(o for o in intersect if users[user_id][o] != user[o])
users[user_id] = user # Update the user record
if mode_create:
wato.log_pending(wato.SYNCRESTART, None, "edit-users",
_("LDAP Connector: Created user %s" % user_id), user_id = '')
else:
details = []
if added:
details.append(_('Added: %s') % ', '.join(added))
if removed:
details.append(_('Removed: %s') % ', '.join(removed))
# Ignore password changes from ldap - do not log them. For now.
if 'ldap_pw_last_changed' in changed:
changed.remove('ldap_pw_last_changed')
if 'serial' in changed:
changed.remove('serial')
if changed:
details.append(('Changed: %s') % ', '.join(changed))
if details:
wato.log_pending(wato.SYNCRESTART, None, "edit-users",
_("LDAP Connector: Modified user %s (%s)") % (user_id, ', '.join(details)),
user_id = '')
duration = time.time() - start_time
ldap_log('SYNC FINISHED - Duration: %0.3f sec' % duration)
# delete the fail flag file after successful sync
try:
os.unlink(g_ldap_sync_fail_file)
except OSError:
pass
save_users(users)
def ldap_sync(add_to_changelog, only_username):
# Store time of the last sync. Don't store after sync since parallel
# requests to e.g. the page hook would cause duplicate calculations
file(g_ldap_sync_time_file, 'w').write('%s\n' % time.time())
# Flush ldap related before each sync to have a caching only for the
# current sync process
global g_ldap_user_cache, g_ldap_group_cache
g_ldap_user_cache = {}
g_ldap_group_cache = {}
start_time = time.time()
ldap_connect()
# Unused at the moment, always sync all users
#filt = None
#if only_username:
# filt = '(%s=%s)' % (ldap_user_id_attr(), only_username)
import wato
users = load_users()
ldap_users = ldap_get_users()
# Remove users which are controlled by this connector but can not be found in
# LDAP anymore
for user_id, user in users.items():
if user.get('connector') == 'ldap' and user_id not in ldap_users:
del users[user_id] # remove the user
wato.log_pending(wato.SYNCRESTART, None, "edit-users",
_("LDAP Connector: Removed user %s" % user_id))
for user_id, ldap_user in ldap_users.items():
if user_id in users:
user = copy.deepcopy(users[user_id])
mode_create = False
else:
user = new_user_template('ldap')
mode_create = True
# Skip all users not controlled by this connector
if user.get('connector') != 'ldap':
continue
# Gather config from convert functions of plugins
for key, params in config.ldap_active_plugins.items():
user.update(ldap_attribute_plugins[key]['convert'](params, user_id,
ldap_user,
user))
if not mode_create and user == users[user_id]:
continue # no modification. Skip this user.
# Gather changed attributes for easier debugging
if not mode_create:
set_new, set_old = set(user.keys()), set(users[user_id].keys())
intersect = set_new.intersection(set_old)
added = set_new - intersect
removed = set_old - intersect
changed = set(o for o in intersect if users[user_id][o] != user[o])
users[user_id] = user # Update the user record
if mode_create:
wato.log_pending(wato.SYNCRESTART, None, "edit-users",
_("LDAP Connector: Created user %s" % user_id))
else:
wato.log_pending(
wato.SYNCRESTART, None, "edit-users",
_("LDAP Connector: Modified user %s (Added: %s, Removed: %s, Changed: %s)"
% (user_id, ', '.join(added), ', '.join(removed),
', '.join(changed))))
duration = time.time() - start_time
ldap_log('SYNC FINISHED - Duration: %0.3f sec' % duration)
save_users(users)