[checkmk-commits] #2946 FIX LDAP: User created during login does not trigger full user synchronisation anymore

Module: check_mk Branch: master Commit: 643525cdb88233f87e21e4a07c850d6087c140a3 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=643525cdb88233… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Jan 22 15:47:08 2016 +0100 #2946 FIX LDAP: User created during login does not trigger full user synchronisation anymore Previously, when a LDAP user logged in for the first time and the user was not created by an LDAP sync before, it triggered a full LDAP sync which might have created a lot of other users. This has been changed now to only synchronize this single user based on the sync configuration. --- .werks/2946 | 12 ++++++++++++ ChangeLog | 1 + web/plugins/userdb/ldap.py | 8 +++----- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/.werks/2946 b/.werks/2946 new file mode 100644 index 0000000..62ba8ed --- /dev/null +++ b/.werks/2946 @@ -0,0 +1,12 @@ +Title: LDAP: User created during login does not trigger full user synchronisation anymore +Level: 1 +Component: multisite +Compatible: compat +Version: 1.2.7i4 +Date: 1453473922 +Class: fix + +Previously, when a LDAP user logged in for the first time and the user was not created +by an LDAP sync before, it triggered a full LDAP sync which might have created a lot +of other users. This has been changed now to only synchronize this single user based +on the sync configuration. diff --git a/ChangeLog b/ChangeLog index eb42ac9..c11edbe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -240,6 +240,7 @@ * 2904 FIX: Improved error handling when custom url dashlets raise an exception... * 2830 FIX: Improved sorting in view column "Services colored according to state"... * 2945 FIX: LDAP: Fixed broken sync for LDAP connections named "ldap"... + * 2946 FIX: LDAP: User created during login does not trigger full user synchronisation anymore... WATO: * 2442 WATO remove host: improved cleanup of obsolete host files... diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py index f2ce5a0..8423536 100644 --- a/web/plugins/userdb/ldap.py +++ b/web/plugins/userdb/ldap.py @@ -906,11 +906,6 @@ class LDAPUserConnector(UserConnector): self.log('SYNC STARTED') self.log(' SYNC PLUGINS: %s' % ', '.join(self._config['active_plugins'].keys())) - # Unused at the moment, always sync all users - #filt = None - #if only_username: - # filt = '(%s=%s)' % (self.user_id_attr(), only_username) - ldap_users = self.get_users() import wato @@ -939,6 +934,9 @@ class LDAPUserConnector(UserConnector): mode_create, user = load_user(user_id) user_connection_id = cleanup_connection_id(user.get('connector')) + if only_username and user_id != only_username: + continue # Only one user should be synced, skip others. + # Name conflict: Found a user that has an equal name, but is not controlled # by this connector. Don't sync it. When an LDAP connection suffix is configured # use this for constructing a unique username. If not or if the name+suffix is