[checkmk-commits] Check_MK Git: check_mk: LDAP: Using roles defined in default user profile in role sync plugin processing

Module: check_mk Branch: master Commit: 1137097a6a7a7270d324975ee3abf7b9655a4c82 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=1137097a6a7a72… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Jan 14 16:48:56 2013 +0100 LDAP: Using roles defined in default user profile in role sync plugin processing --- web/plugins/userdb/ldap.py | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py index 0742ee2..180b7bd 100644 --- a/web/plugins/userdb/ldap.py +++ b/web/plugins/userdb/ldap.py @@ -497,10 +497,12 @@ def ldap_convert_groups_to_roles(params, user_id, ldap_user, user): # 1. Fetch DNs of all LDAP groups of the user ldap_groups = [ g.lower() for g in ldap_user_groups(user_id, 'dn') ] - # 2. Loop all roles mentioned in params (configured to be synchronized) - roles = [] + # 2. Load default roles from default user profile + roles = config.default_user_profile['roles'][:] + + # 3. Loop all roles mentioned in params (configured to be synchronized) for role_id, dn in params.items(): - if dn.lower() in ldap_groups: + if dn.lower() in ldap_groups and role_id not in roles: roles.append(role_id) return {'roles': roles}