Module: check_mk
Branch: master
Commit: 95356aa17f635c50082bdd54f8729bd19e24c5c3
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=95356aa17f635c…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Thu Dec 13 12:04:37 2018 +0100
WK6700: LDAP synchronization no longer syncs user profiles repeatedly to remote sites on password changes
Change-Id: I7c84b2f8a535ceb206dc96d2a8a01f679b893c7d
---
.werks/6700 | 12 ++++++++++++
cmk/gui/plugins/userdb/ldap_connector.py | 6 +++++-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/.werks/6700 b/.werks/6700
new file mode 100644
index 0000000..1aab705
--- /dev/null
+++ b/.werks/6700
@@ -0,0 +1,12 @@
+Title: LDAP synchronization no longer syncs user profiles repeatedly to remote sites on password changes
+Level: 1
+Component: multisite
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.6.0i1
+Date: 1544696760
+
+LDAP password changes were not correctly applied to the master site.
+This could also trigger needless updates to the slave sites.
diff --git a/cmk/gui/plugins/userdb/ldap_connector.py b/cmk/gui/plugins/userdb/ldap_connector.py
index 8773ddd..f425d79 100644
--- a/cmk/gui/plugins/userdb/ldap_connector.py
+++ b/cmk/gui/plugins/userdb/ldap_connector.py
@@ -1162,6 +1162,7 @@ class LDAPUserConnector(UserConnector):
del users[user_id] # remove the user
changes.append(_("LDAP [%s]: Removed user %s") % (connection_id, user_id))
+ has_changed_passwords = False
profiles_to_synchronize = {}
for user_id, ldap_user in ldap_users.items():
mode_create, user = load_user(user_id)
@@ -1231,6 +1232,9 @@ class LDAPUserConnector(UserConnector):
del changed['serial']
pw_changed = True
+ if pw_changed:
+ has_changed_passwords = True
+
# Synchronize new user profile to remote sites if needed
if pw_changed and not changed and config.has_wato_slave_sites():
profiles_to_synchronize[user_id] = user
@@ -1254,7 +1258,7 @@ class LDAPUserConnector(UserConnector):
if changes and config.wato_enabled and not config.is_wato_slave_site():
watolib.add_change("edit-users", "<br>\n".join(changes), add_user=False)
- if changes:
+ if changes or has_changed_passwords:
userdb.save_users(users)
else:
userdb.release_users_lock()