Module: check_mk
Branch: master
Commit: db9307d52ed735a03f507a6b4f83c57493b660e8
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=db9307d52ed735…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Mar 9 13:38:15 2016 +0100
3279 FIX LDAP: Fixed default values of attribute selections
For several LDAP sync plugins it is possible to configure the LDAP attribute
for syncing. For example for the mail sync plugin you can configure which LDAP
attribute to use as source for the mail address.
The default values of these attributes depend on the selected LDAP type. This
special case was not working in 1.2.8x and has beend fixed now.
---
.werks/3279 | 15 +++++++++++++++
ChangeLog | 1 +
web/htdocs/wato.py | 6 +++---
web/plugins/userdb/ldap.py | 35 +++++++++++++++++++++++++++++------
4 files changed, 48 insertions(+), 9 deletions(-)
diff --git a/.werks/3279 b/.werks/3279
new file mode 100644
index 0000000..09fe275
--- /dev/null
+++ b/.werks/3279
@@ -0,0 +1,15 @@
+Title: LDAP: Fixed default values of attribute selections
+Level: 1
+Component: multisite
+Class: fix
+Compatible: compat
+State: unknown
+Version: 1.2.9i1
+Date: 1457526988
+
+For several LDAP sync plugins it is possible to configure the LDAP attribute
+for syncing. For example for the mail sync plugin you can configure which LDAP
+attribute to use as source for the mail address.
+
+The default values of these attributes depend on the selected LDAP type. This
+special case was not working in 1.2.8x and has beend fixed now.
diff --git a/ChangeLog b/ChangeLog
index 80e5052..aa12e38 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -87,6 +87,7 @@
* 3273 FIX: Dashboard: The dashboard is now preserving edit/view state during page
reloads
* 3090 FIX: fixed perf-o-meter link leading to old graph page even when new graphs
are being used
* 3260 FIX: Availability: ignores completely unmonitored objects in summary
calculation
+ * 3279 FIX: LDAP: Fixed default values of attribute selections...
WATO:
* 3244 WATO BI Module: swap order of aggregation function and child node
selection...
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 5af65de..8ad268c 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -5612,7 +5612,7 @@ def validate_ldap_connection_id(value, varprefix):
raise MKUserError(varprefix, _("This ID is already user by another
connection. Please choose another one."))
-def vs_ldap_connection(new):
+def vs_ldap_connection(new, connection_id):
if new:
general_elements = [
("id", TextAscii(
@@ -5880,7 +5880,7 @@ def vs_ldap_connection(new):
'or disabled. When enabling a plugin, it is used upon the next
synchonisation of '
'user accounts for gathering their attributes. The user options
which get imported '
'into Check_MK from LDAP will be locked in WATO.'),
- elements = userdb.ldap_attribute_plugins_elements,
+ elements = lambda: userdb.ldap_attribute_plugins_elements(connection_id),
default_keys = ['email', 'alias', 'auth_expire' ],
)),
("cache_livetime", Age(
@@ -5956,7 +5956,7 @@ def mode_edit_ldap_connection(phase):
html.context_button(_("Back"),
folder_preserving_link([("mode", "ldap_config")]), "back")
return
- vs = vs_ldap_connection(new)
+ vs = vs_ldap_connection(new, connection_id)
if phase == 'action':
if not html.check_transaction():
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 5b57b9d..db86eba 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -24,6 +24,10 @@
# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
# Boston, MA 02110-1301 USA.
+# TODO FIXME: Change attribute sync plugins to classes. The current dict
+# based approach is not very readable. Classes/objects make it a lot
+# easier to understand the mechanics.
+
# .--Declarations--------------------------------------------------------.
# | ____ _ _ _ |
# | | _ \ ___ ___| | __ _ _ __ __ _| |_(_) ___ _ __ ___ |
@@ -46,9 +50,11 @@ try:
# be compatible to both python-ldap below 2.4 and above
try:
+ # pylint: disable=no-member
LDAP_CONTROL_PAGED_RESULTS = ldap.LDAP_CONTROL_PAGE_OID
ldap_compat = False
except:
+ # pylint: disable=no-member
LDAP_CONTROL_PAGED_RESULTS = ldap.CONTROL_PAGEDRESULTS
ldap_compat = True
except:
@@ -1134,7 +1140,10 @@ def ldap_list_attribute_plugins():
return plugins
# Returns a list of pairs (key, parameters) of all available attribute plugins
-def ldap_attribute_plugins_elements():
+def ldap_attribute_plugins_elements(connection_id):
+ global g_editing_connection_id
+ g_editing_connection_id = connection_id
+
register_user_attribute_sync_plugins()
elements = []
@@ -1185,11 +1194,25 @@ def register_user_attribute_sync_plugins():
('attr', TextAscii(
title = _("LDAP attribute to sync"),
help = _("The LDAP attribute whose contents shall be synced
into this custom attribute."),
- default_value = lambda: ldap_attr(attr),
+ default_value = lambda:
ldap_attr_of_connection(g_editing_connection_id, attr),
)),
],
}
+# This hack is needed to make the connection_id of the connection currently
+# being edited (or None if being created) available in the "default_value"
+# handler functions of the valuespec. There is no other standard way to
+# transport this info to these functions.
+g_editing_connection_id = None
+
+# Helper function for gathering the default LDAP attribute names of a connection.
+def ldap_attr_of_connection(connection_id, attr):
+ connection = get_connection(connection_id)
+ if not connection:
+ return None
+
+ return connection.ldap_attr(attr)
+
def ldap_sync_simple(user_id, ldap_user, user, user_attr, attr):
if attr in ldap_user:
@@ -1304,7 +1327,7 @@ ldap_attribute_plugins['email'] = {
("attr", TextAscii(
title = _("LDAP attribute to sync"),
help = _("The LDAP attribute containing the mail address of the
user."),
- default_value = lambda: ldap_attr('mail'),
+ default_value = lambda: ldap_attr_of_connection(g_editing_connection_id,
'mail'),
)),
],
}
@@ -1340,7 +1363,7 @@ ldap_attribute_plugins['alias'] = {
("attr", TextAscii(
title = _("LDAP attribute to sync"),
help = _("The LDAP attribute containing the alias of the user."),
- default_value = lambda: ldap_attr('cn'),
+ default_value = lambda: ldap_attr_of_connection(g_editing_connection_id,
'cn'),
)),
],
}
@@ -1421,7 +1444,7 @@ ldap_attribute_plugins['auth_expire'] = {
"current authenticated sessions of the user are invalidated
and the "
"user must login again. By default this field uses the fields
which "
"hold the time of the last password change of the
user."),
- default_value = lambda: ldap_attr('pw_changed'),
+ default_value = lambda: ldap_attr_of_connection(g_editing_connection_id,
'pw_changed'),
)),
],
}
@@ -1457,7 +1480,7 @@ ldap_attribute_plugins['pager'] = {
('attr', TextAscii(
title = _("LDAP attribute to sync"),
help = _("The LDAP attribute containing the pager number of the
user."),
- default_value = lambda: ldap_attr('mobile'),
+ default_value = lambda: ldap_attr_of_connection(g_editing_connection_id,
'mobile'),
)),
],
}