[Bps-public-commit] RT-Extension-LDAPImport branch, master, updated. 0.20_01-29-g86d4875
Kevin Falcone
falcone at bestpractical.com
Wed Jul 28 19:10:58 EDT 2010
The branch, master has been updated
via 86d4875988177bdab697f0f41ae8f95fe0001c42 (commit)
via 64c8216b1bdf254d0e41014ec17210e8c45d19dd (commit)
via 5680b7b073defd592f75c948c10356112c8026ce (commit)
via 1bc66c3ce4c269dee54aa215e613d051c0236944 (commit)
via 27ca135083325aaed68eb04733f875224631a667 (commit)
from 229e26538d68f813fd378d159789010b5664c5d0 (commit)
Summary of changes:
lib/RT/Extension/LDAPImport.pm | 86 ++++++++++++++++++++++++++++++++++++----
1 files changed, 78 insertions(+), 8 deletions(-)
- Log -----------------------------------------------------------------
commit 27ca135083325aaed68eb04733f875224631a667
Author: Kevin Falcone <falcone at bestpractical.com>
Date: Wed Jul 28 18:56:20 2010 -0400
Be better about saying these are objects
diff --git a/lib/RT/Extension/LDAPImport.pm b/lib/RT/Extension/LDAPImport.pm
index b6536ba..5375f40 100644
--- a/lib/RT/Extension/LDAPImport.pm
+++ b/lib/RT/Extension/LDAPImport.pm
@@ -286,7 +286,7 @@ sub _build_object {
my %args = @_;
my $mapping = $args{mapping};
- my $user = {};
+ my $object = {};
foreach my $rtfield ( keys %{$mapping} ) {
next if $rtfield =~ $args{skip};
my $ldap_attribute = $mapping->{$rtfield};
@@ -303,10 +303,10 @@ sub _build_object {
# this may want to be configurable
push @values, scalar $args{ldap_entry}->get_value($attribute);
}
- $user->{$rtfield} = join(' ',grep {defined} @values);
+ $object->{$rtfield} = join(' ',grep {defined} @values);
}
- return $user;
+ return $object;
}
=head3 _parse_ldap_map
commit 1bc66c3ce4c269dee54aa215e613d051c0236944
Author: Kevin Falcone <falcone at bestpractical.com>
Date: Wed Jul 28 19:01:17 2010 -0400
regex fail
diff --git a/lib/RT/Extension/LDAPImport.pm b/lib/RT/Extension/LDAPImport.pm
index 5375f40..366bb31 100644
--- a/lib/RT/Extension/LDAPImport.pm
+++ b/lib/RT/Extension/LDAPImport.pm
@@ -563,7 +563,7 @@ sub import_groups {
return unless $self->_check_ldap_mapping( mapping => $mapping );
while (my $entry = $results->shift_entry) {
- my $group = $self->_build_object( ldap_entry => $entry, skip => qr/(i)^Member_Attr/, mapping => $mapping );
+ my $group = $self->_build_object( ldap_entry => $entry, skip => qr/(?i)^Member_Attr/, mapping => $mapping );
$group->{Description} ||= 'Imported from LDAP';
unless ( $group->{Name} ) {
$self->_warn("No Name for group, skipping ".Dumper $group);
commit 5680b7b073defd592f75c948c10356112c8026ce
Author: Kevin Falcone <falcone at bestpractical.com>
Date: Wed Jul 28 19:02:02 2010 -0400
Refactoring so I can use this code in calculating the group dry run
diff --git a/lib/RT/Extension/LDAPImport.pm b/lib/RT/Extension/LDAPImport.pm
index 366bb31..457fe47 100644
--- a/lib/RT/Extension/LDAPImport.pm
+++ b/lib/RT/Extension/LDAPImport.pm
@@ -687,9 +687,7 @@ sub add_group_members {
my $groupname = $group->Name;
my $ldap_entry = $args{ldap_entry};
- my $mapping = $RT::LDAPGroupMapping;
-
- my $members = $ldap_entry->get_value($mapping->{Member_Attr}, asref => 1);
+ my $members = $self->_get_group_members_from_ldap(%args);
unless (defined $members) {
$self->_warn("No members found for $groupname in Member_Attr");
@@ -722,6 +720,17 @@ sub add_group_members {
}
+sub _get_group_members_from_ldap {
+ my $self = shift;
+ my %args = @_;
+ my $ldap_entry = $args{ldap_entry};
+
+ my $mapping = $RT::LDAPGroupMapping;
+
+ my $members = $ldap_entry->get_value($mapping->{Member_Attr}, asref => 1);
+}
+
+
=head2 _show_group
Show debugging information about the group record we're going to import
commit 64c8216b1bdf254d0e41014ec17210e8c45d19dd
Author: Kevin Falcone <falcone at bestpractical.com>
Date: Wed Jul 28 19:02:33 2010 -0400
When not importing, show what will happen to group users
diff --git a/lib/RT/Extension/LDAPImport.pm b/lib/RT/Extension/LDAPImport.pm
index 457fe47..dd9fc43 100644
--- a/lib/RT/Extension/LDAPImport.pm
+++ b/lib/RT/Extension/LDAPImport.pm
@@ -572,7 +572,7 @@ sub import_groups {
if ($args{import}) {
$self->_import_group( group => $group, ldap_entry => $entry );
} else {
- $self->_show_group( group => $group );
+ $self->_show_group( group => $group, ldap_entry => $entry );
}
}
return 1;
@@ -715,7 +715,7 @@ sub add_group_members {
unless ($res) {
$self->_warn("Failed to add $username to $groupname: $msg");
}
-
+ $self->_debug("Added $username to $groupname");
}
}
@@ -775,7 +775,42 @@ sub _show_group_info {
$old_value ||= 'unset';
print "\t$key\t$old_value => $group->{$key}\n";
}
- #$self->_debug(Dumper($group));
+
+ my $members = $self->_get_group_members_from_ldap(%args);
+
+ my $ldap_members;
+ foreach my $member (@$members) {
+ my $ldap_users = $self->_run_search(
+ base => $member,
+ filter => $RT::LDAPFilter,
+ );
+ unless ( $ldap_users && $ldap_users->count ) {
+ $self->_error("No user found for $member who should be a member of $group->{Name}");
+ next;
+ }
+ my $ldap_user = $ldap_users->shift_entry;
+ my $username = $ldap_user->get_value($RT::LDAPMapping->{Name});
+ $ldap_members->{$username}++;
+ }
+ my $rt_members;
+ if ($rt_group) {
+ my $user_members = $rt_group->UserMembersObj;
+ while ( my $member = $user_members->Next ) {
+ $rt_members->{$member->Name}++;
+ }
+ print "Comparing members in LDAP and RT\n";
+ foreach my $username (sort keys %$ldap_members) {
+ if ( delete $rt_members->{$username} ) {
+ print "\t$username\t in RT and LDAP\n";
+ } else {
+ print "\t$username\t in LDAP, will add to RT\n";
+ }
+ }
+ map { print "\t$_\t In RT, not LDAP, will remove from RT\n" } sort keys %$rt_members;
+ } else {
+ print "No existing group, adding the following members\n";
+ map { print "$_\n" } sort keys %$ldap_members;
+ }
}
commit 86d4875988177bdab697f0f41ae8f95fe0001c42
Author: Kevin Falcone <falcone at bestpractical.com>
Date: Wed Jul 28 19:11:23 2010 -0400
Handle removing dead users who were removed from a group in LDAP
Also improve the debugging about what work is happening
diff --git a/lib/RT/Extension/LDAPImport.pm b/lib/RT/Extension/LDAPImport.pm
index dd9fc43..017e406 100644
--- a/lib/RT/Extension/LDAPImport.pm
+++ b/lib/RT/Extension/LDAPImport.pm
@@ -687,6 +687,8 @@ sub add_group_members {
my $groupname = $group->Name;
my $ldap_entry = $args{ldap_entry};
+ $self->_debug("Processing group membership for $groupname");
+
my $members = $self->_get_group_members_from_ldap(%args);
unless (defined $members) {
@@ -694,6 +696,12 @@ sub add_group_members {
return;
}
+ my $rt_group_members;
+ my $user_members = $group->UserMembersObj;
+ while ( my $member = $user_members->Next ) {
+ $rt_group_members->{$member->Name}++;
+ }
+
foreach my $member (@$members) {
my $ldap_users = $self->_run_search(
base => $member,
@@ -705,6 +713,10 @@ sub add_group_members {
}
my $ldap_user = $ldap_users->shift_entry;
my $username = $ldap_user->get_value($RT::LDAPMapping->{Name});
+ if ( delete $rt_group_members->{$username} ) {
+ $self->_debug("$username is already a member of $groupname skipping");
+ next;
+ }
my $rt_user = RT::User->new($RT::SystemUser);
my ($res,$msg) = $rt_user->Load( $username );
unless ($res) {
@@ -718,6 +730,20 @@ sub add_group_members {
$self->_debug("Added $username to $groupname");
}
+ for my $username (sort keys %$rt_group_members) {
+ my $rt_user = RT::User->new($RT::SystemUser);
+ my ($res,$msg) = $rt_user->Load( $username );
+ unless ($res) {
+ $self->_warn("Unable to load $username: $msg");
+ next;
+ }
+ $self->_debug("Removing $username from $groupname because they are not a member in LDAP");
+ ($res,$msg) = $group->DeleteMember($rt_user->PrincipalObj->Id);
+ unless ($res) {
+ $self->_warn("Failed to remove $username to $groupname: $msg");
+ }
+
+ }
}
sub _get_group_members_from_ldap {
-----------------------------------------------------------------------
More information about the Bps-public-commit
mailing list