Module: check_mk
Branch: master
Commit: 643525cdb88233f87e21e4a07c850d6087c140a3
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=643525cdb88233…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Jan 22 15:47:08 2016 +0100
#2946 FIX LDAP: User created during login does not trigger full user synchronisation
anymore
Previously, when a LDAP user logged in for the first time and the user was not created
by an LDAP sync before, it triggered a full LDAP sync which might have created a lot
of other users. This has been changed now to only synchronize this single user based
on the sync configuration.
---
.werks/2946 | 12 ++++++++++++
ChangeLog | 1 +
web/plugins/userdb/ldap.py | 8 +++-----
3 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/.werks/2946 b/.werks/2946
new file mode 100644
index 0000000..62ba8ed
--- /dev/null
+++ b/.werks/2946
@@ -0,0 +1,12 @@
+Title: LDAP: User created during login does not trigger full user synchronisation
anymore
+Level: 1
+Component: multisite
+Compatible: compat
+Version: 1.2.7i4
+Date: 1453473922
+Class: fix
+
+Previously, when a LDAP user logged in for the first time and the user was not created
+by an LDAP sync before, it triggered a full LDAP sync which might have created a lot
+of other users. This has been changed now to only synchronize this single user based
+on the sync configuration.
diff --git a/ChangeLog b/ChangeLog
index eb42ac9..c11edbe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -240,6 +240,7 @@
* 2904 FIX: Improved error handling when custom url dashlets raise an exception...
* 2830 FIX: Improved sorting in view column "Services colored according to
state"...
* 2945 FIX: LDAP: Fixed broken sync for LDAP connections named "ldap"...
+ * 2946 FIX: LDAP: User created during login does not trigger full user
synchronisation anymore...
WATO:
* 2442 WATO remove host: improved cleanup of obsolete host files...
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index f2ce5a0..8423536 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -906,11 +906,6 @@ class LDAPUserConnector(UserConnector):
self.log('SYNC STARTED')
self.log(' SYNC PLUGINS: %s' % ',
'.join(self._config['active_plugins'].keys()))
- # Unused at the moment, always sync all users
- #filt = None
- #if only_username:
- # filt = '(%s=%s)' % (self.user_id_attr(), only_username)
-
ldap_users = self.get_users()
import wato
@@ -939,6 +934,9 @@ class LDAPUserConnector(UserConnector):
mode_create, user = load_user(user_id)
user_connection_id = cleanup_connection_id(user.get('connector'))
+ if only_username and user_id != only_username:
+ continue # Only one user should be synced, skip others.
+
# Name conflict: Found a user that has an equal name, but is not controlled
# by this connector. Don't sync it. When an LDAP connection suffix is
configured
# use this for constructing a unique username. If not or if the name+suffix
is