Browse Source

[FIX] auth_ldap_populate

would not always archive users, esp. when run from a cron

on the way:

* add some logs to help check what's going on
* use sets to remove duplicates
* don't query all ldap configurations if one has said the user must be archived
pull/1520/head
Alexandre Fayolle 6 years ago
parent
commit
14559ab3f3
  1. 2
      users_ldap_populate/__manifest__.py
  2. 48
      users_ldap_populate/models/users_ldap.py

2
users_ldap_populate/__manifest__.py

@ -3,7 +3,7 @@
# License AGPL-3.0 or later (http://www.gnu.org/licenses/gpl.html). # License AGPL-3.0 or later (http://www.gnu.org/licenses/gpl.html).
{ {
"name": "LDAP Populate", "name": "LDAP Populate",
"version": "10.0.1.0.2",
"version": "10.0.1.0.3",
"author": "Therp BV, Odoo Community Association (OCA)", "author": "Therp BV, Odoo Community Association (OCA)",
"license": "AGPL-3", "license": "AGPL-3",
"category": 'Tools', "category": 'Tools',

48
users_ldap_populate/models/users_ldap.py

@ -8,7 +8,7 @@ from odoo import models, fields, api, _, SUPERUSER_ID
from odoo.exceptions import UserError from odoo.exceptions import UserError
import logging import logging
_logger = logging.getLogger(__name__)
_logger = logging.getLogger('orm.ldap')
try: try:
import ldap import ldap
@ -45,16 +45,13 @@ class CompanyLDAP(models.Model):
Return the number of users created (as far as we can tell). Return the number of users created (as far as we can tell).
""" """
logger = logging.getLogger('orm.ldap')
logger.debug(
_logger.debug(
"action_populate called on res.company.ldap ids %s", self.ids) "action_populate called on res.company.ldap ids %s", self.ids)
users_model = self.env['res.users'] users_model = self.env['res.users']
users_count_before = users_model.search_count([]) users_count_before = users_model.search_count([])
deactivate_unknown, known_user_ids = self._check_users() deactivate_unknown, known_user_ids = self._check_users()
if deactivate_unknown: if deactivate_unknown:
logger.debug("will deactivate unknown users")
_logger.debug("will deactivate unknown users")
for conf in self.get_ldap_dicts(): for conf in self.get_ldap_dicts():
if not conf['create_user']: if not conf['create_user']:
continue continue
@ -81,18 +78,19 @@ class CompanyLDAP(models.Model):
"WHERE lower(login)=%s", "WHERE lower(login)=%s",
(login,)) (login,))
res = self.env.cr.fetchone() res = self.env.cr.fetchone()
_logger.debug('unarchiving user %s', login)
if res: if res:
self.env['res.users'].sudo().browse( self.env['res.users'].sudo().browse(
res[0] res[0]
).write( ).write(
{'active': True} {'active': True}
) )
user_id = res[0]
else: else:
raise UserError( raise UserError(
'Unable to process user with login %s' % login 'Unable to process user with login %s' % login
) )
known_user_ids.append(user_id) known_user_ids.append(user_id)
users_created = users_model.search_count([]) - users_count_before users_created = users_model.search_count([]) - users_count_before
deactivated_users_count = 0 deactivated_users_count = 0
@ -100,23 +98,25 @@ class CompanyLDAP(models.Model):
deactivated_users_count = \ deactivated_users_count = \
self.do_deactivate_unknown_users(known_user_ids) self.do_deactivate_unknown_users(known_user_ids)
logger.debug("%d users created", users_created)
logger.debug("%d users deactivated", deactivated_users_count)
_logger.debug("%d users created", users_created)
_logger.debug("%d users deactivated", deactivated_users_count)
return users_created, deactivated_users_count return users_created, deactivated_users_count
def _check_users(self): def _check_users(self):
ldap_config = self.search([])
deactivate_unknown = None deactivate_unknown = None
known_user_ids = [self.env.user.id] known_user_ids = [self.env.user.id]
for item in self.read(['no_deactivate_user_ids',
'deactivate_unknown_users'],
load='_classic_write'):
for item in ldap_config.read(
['no_deactivate_user_ids',
'deactivate_unknown_users'],
load='_classic_write'):
if deactivate_unknown is None: if deactivate_unknown is None:
deactivate_unknown = True deactivate_unknown = True
known_user_ids.extend(item['no_deactivate_user_ids']) known_user_ids.extend(item['no_deactivate_user_ids'])
deactivate_unknown &= item['deactivate_unknown_users'] deactivate_unknown &= item['deactivate_unknown_users']
return deactivate_unknown, known_user_ids return deactivate_unknown, known_user_ids
def get_ldap_entry_dicts(self, conf, user_name='*'):
def get_ldap_entry_dicts(self, conf, user_name='*', timeout=60):
"""Execute ldap query as defined in conf. """Execute ldap query as defined in conf.
Don't call self.query because it supresses possible exceptions Don't call self.query because it supresses possible exceptions
@ -127,21 +127,29 @@ class CompanyLDAP(models.Model):
conf['ldap_password'] or '') conf['ldap_password'] or '')
results = conn.search_st(conf['ldap_base'], ldap.SCOPE_SUBTREE, results = conn.search_st(conf['ldap_base'], ldap.SCOPE_SUBTREE,
ldap_filter.encode('utf8'), None, ldap_filter.encode('utf8'), None,
timeout=60)
timeout=timeout)
conn.unbind() conn.unbind()
return results return results
def do_deactivate_unknown_users(self, known_user_ids): def do_deactivate_unknown_users(self, known_user_ids):
"""Deactivate users not found in last populate run.""" """Deactivate users not found in last populate run."""
unknown_user_ids = [] unknown_user_ids = []
users = self.env['res.users'].search(
[('id', 'not in', known_user_ids)])
known_user_ids = list(set(known_user_ids))
users = self.env['res.users'].sudo().search(
[('id', 'not in', known_user_ids)], order='login')
ldap_confs = self.get_ldap_dicts()
for unknown_user in users: for unknown_user in users:
present_in_ldap = False
for conf in self.get_ldap_dicts():
present_in_ldap |= bool(self.get_ldap_entry_dicts(
conf, user_name=unknown_user.login))
_logger.debug('checking user %s', unknown_user.login)
present_in_ldap = any(
bool(
self.get_ldap_entry_dicts(
conf,
user_name=unknown_user.login,
))
for conf in ldap_confs
)
if not present_in_ldap: if not present_in_ldap:
_logger.debug('archiving user %s', unknown_user.login)
unknown_user.active = False unknown_user.active = False
unknown_user_ids.append(unknown_user.id) unknown_user_ids.append(unknown_user.id)
return len(unknown_user_ids) return len(unknown_user_ids)

Loading…
Cancel
Save