Module: check_mk
Branch: master
Commit: 1137097a6a7a7270d324975ee3abf7b9655a4c82
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=1137097a6a7a72…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jan 14 16:48:56 2013 +0100
LDAP: Using roles defined in default user profile in role sync plugin processing
---
web/plugins/userdb/ldap.py | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 0742ee2..180b7bd 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -497,10 +497,12 @@ def ldap_convert_groups_to_roles(params, user_id, ldap_user, user):
# 1. Fetch DNs of all LDAP groups of the user
ldap_groups = [ g.lower() for g in ldap_user_groups(user_id, 'dn') ]
- # 2. Loop all roles mentioned in params (configured to be synchronized)
- roles = []
+ # 2. Load default roles from default user profile
+ roles = config.default_user_profile['roles'][:]
+
+ # 3. Loop all roles mentioned in params (configured to be synchronized)
for role_id, dn in params.items():
- if dn.lower() in ldap_groups:
+ if dn.lower() in ldap_groups and role_id not in roles:
roles.append(role_id)
return {'roles': roles}