[Bps-public-commit] RT-Extension-LDAPImport branch, master, updated. 0.20_01-29-g86d4875

Kevin Falcone falcone at bestpractical.com
Wed Jul 28 19:10:58 EDT 2010


The branch, master has been updated
       via  86d4875988177bdab697f0f41ae8f95fe0001c42 (commit)
       via  64c8216b1bdf254d0e41014ec17210e8c45d19dd (commit)
       via  5680b7b073defd592f75c948c10356112c8026ce (commit)
       via  1bc66c3ce4c269dee54aa215e613d051c0236944 (commit)
       via  27ca135083325aaed68eb04733f875224631a667 (commit)
      from  229e26538d68f813fd378d159789010b5664c5d0 (commit)

Summary of changes:
 lib/RT/Extension/LDAPImport.pm |   86 ++++++++++++++++++++++++++++++++++++----
 1 files changed, 78 insertions(+), 8 deletions(-)

- Log -----------------------------------------------------------------
commit 27ca135083325aaed68eb04733f875224631a667
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Wed Jul 28 18:56:20 2010 -0400

    Be better about saying these are objects

diff --git a/lib/RT/Extension/LDAPImport.pm b/lib/RT/Extension/LDAPImport.pm
index b6536ba..5375f40 100644
--- a/lib/RT/Extension/LDAPImport.pm
+++ b/lib/RT/Extension/LDAPImport.pm
@@ -286,7 +286,7 @@ sub _build_object {
     my %args = @_;
     my $mapping = $args{mapping};
 
-    my $user = {};
+    my $object = {};
     foreach my $rtfield ( keys %{$mapping} ) {
         next if $rtfield =~ $args{skip};
         my $ldap_attribute = $mapping->{$rtfield};
@@ -303,10 +303,10 @@ sub _build_object {
             # this may want to be configurable
             push @values, scalar $args{ldap_entry}->get_value($attribute);
         }
-        $user->{$rtfield} = join(' ',grep {defined} @values);
+        $object->{$rtfield} = join(' ',grep {defined} @values);
     }
 
-    return $user;
+    return $object;
 }
 
 =head3 _parse_ldap_map

commit 1bc66c3ce4c269dee54aa215e613d051c0236944
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Wed Jul 28 19:01:17 2010 -0400

    regex fail

diff --git a/lib/RT/Extension/LDAPImport.pm b/lib/RT/Extension/LDAPImport.pm
index 5375f40..366bb31 100644
--- a/lib/RT/Extension/LDAPImport.pm
+++ b/lib/RT/Extension/LDAPImport.pm
@@ -563,7 +563,7 @@ sub import_groups {
     return unless $self->_check_ldap_mapping( mapping => $mapping );
 
     while (my $entry = $results->shift_entry) {
-        my $group = $self->_build_object( ldap_entry => $entry, skip => qr/(i)^Member_Attr/, mapping => $mapping );
+        my $group = $self->_build_object( ldap_entry => $entry, skip => qr/(?i)^Member_Attr/, mapping => $mapping );
         $group->{Description} ||= 'Imported from LDAP';
         unless ( $group->{Name} ) {
             $self->_warn("No Name for group, skipping ".Dumper $group);

commit 5680b7b073defd592f75c948c10356112c8026ce
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Wed Jul 28 19:02:02 2010 -0400

    Refactoring so I can use this code in calculating the group dry run

diff --git a/lib/RT/Extension/LDAPImport.pm b/lib/RT/Extension/LDAPImport.pm
index 366bb31..457fe47 100644
--- a/lib/RT/Extension/LDAPImport.pm
+++ b/lib/RT/Extension/LDAPImport.pm
@@ -687,9 +687,7 @@ sub add_group_members {
     my $groupname = $group->Name;
     my $ldap_entry = $args{ldap_entry};
 
-    my $mapping = $RT::LDAPGroupMapping;
-
-    my $members = $ldap_entry->get_value($mapping->{Member_Attr}, asref => 1);
+    my $members = $self->_get_group_members_from_ldap(%args);
 
     unless (defined $members) {
         $self->_warn("No members found for $groupname in Member_Attr");
@@ -722,6 +720,17 @@ sub add_group_members {
 
 }
 
+sub _get_group_members_from_ldap {
+    my $self = shift;
+    my %args = @_;
+    my $ldap_entry = $args{ldap_entry};
+
+    my $mapping = $RT::LDAPGroupMapping;
+
+    my $members = $ldap_entry->get_value($mapping->{Member_Attr}, asref => 1);
+}
+
+
 =head2 _show_group
 
 Show debugging information about the group record we're going to import

commit 64c8216b1bdf254d0e41014ec17210e8c45d19dd
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Wed Jul 28 19:02:33 2010 -0400

    When not importing, show what will happen to group users

diff --git a/lib/RT/Extension/LDAPImport.pm b/lib/RT/Extension/LDAPImport.pm
index 457fe47..dd9fc43 100644
--- a/lib/RT/Extension/LDAPImport.pm
+++ b/lib/RT/Extension/LDAPImport.pm
@@ -572,7 +572,7 @@ sub import_groups {
         if ($args{import}) {
             $self->_import_group( group => $group, ldap_entry => $entry );
         } else {
-            $self->_show_group( group => $group );
+            $self->_show_group( group => $group, ldap_entry => $entry );
         }
     }
     return 1;
@@ -715,7 +715,7 @@ sub add_group_members {
         unless ($res) {
             $self->_warn("Failed to add $username to $groupname: $msg");
         }
-
+        $self->_debug("Added $username to $groupname");
     }
 
 }
@@ -775,7 +775,42 @@ sub _show_group_info {
         $old_value ||= 'unset';
         print "\t$key\t$old_value => $group->{$key}\n";
     }
-    #$self->_debug(Dumper($group));
+
+    my $members = $self->_get_group_members_from_ldap(%args);
+
+    my $ldap_members;
+    foreach my $member (@$members) {
+        my $ldap_users = $self->_run_search(
+            base   => $member,
+            filter => $RT::LDAPFilter,
+        );
+        unless ( $ldap_users && $ldap_users->count ) {
+            $self->_error("No user found for $member who should be a member of $group->{Name}");
+            next;
+        }
+        my $ldap_user = $ldap_users->shift_entry;
+        my $username = $ldap_user->get_value($RT::LDAPMapping->{Name});
+        $ldap_members->{$username}++;
+    }
+    my $rt_members;
+    if ($rt_group) {
+        my $user_members = $rt_group->UserMembersObj;
+        while ( my $member = $user_members->Next ) {
+            $rt_members->{$member->Name}++;
+        }
+        print "Comparing members in LDAP and RT\n";
+        foreach my $username (sort keys %$ldap_members) {
+            if ( delete $rt_members->{$username} ) {
+                print "\t$username\t in RT and LDAP\n";
+            } else {
+                print "\t$username\t in LDAP, will add to RT\n";
+            }
+        }
+        map { print "\t$_\t In RT, not LDAP, will remove from RT\n" } sort keys %$rt_members;
+    } else {
+        print "No existing group, adding the following members\n";
+        map { print "$_\n" } sort keys %$ldap_members;
+    }
 }
 
 

commit 86d4875988177bdab697f0f41ae8f95fe0001c42
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Wed Jul 28 19:11:23 2010 -0400

    Handle removing dead users who were removed from a group in LDAP
    
    Also improve the debugging about what work is happening

diff --git a/lib/RT/Extension/LDAPImport.pm b/lib/RT/Extension/LDAPImport.pm
index dd9fc43..017e406 100644
--- a/lib/RT/Extension/LDAPImport.pm
+++ b/lib/RT/Extension/LDAPImport.pm
@@ -687,6 +687,8 @@ sub add_group_members {
     my $groupname = $group->Name;
     my $ldap_entry = $args{ldap_entry};
 
+    $self->_debug("Processing group membership for $groupname");
+
     my $members = $self->_get_group_members_from_ldap(%args);
 
     unless (defined $members) {
@@ -694,6 +696,12 @@ sub add_group_members {
         return;
     }
 
+    my $rt_group_members;
+    my $user_members = $group->UserMembersObj;
+    while ( my $member = $user_members->Next ) {
+        $rt_group_members->{$member->Name}++;
+    }
+
     foreach my $member (@$members) {
         my $ldap_users = $self->_run_search(
             base   => $member,
@@ -705,6 +713,10 @@ sub add_group_members {
         }
         my $ldap_user = $ldap_users->shift_entry;
         my $username = $ldap_user->get_value($RT::LDAPMapping->{Name});
+        if ( delete $rt_group_members->{$username} ) {
+            $self->_debug("$username is already a member of $groupname skipping");
+            next;
+        }
         my $rt_user = RT::User->new($RT::SystemUser);
         my ($res,$msg) = $rt_user->Load( $username );
         unless ($res) {
@@ -718,6 +730,20 @@ sub add_group_members {
         $self->_debug("Added $username to $groupname");
     }
 
+    for my $username (sort keys %$rt_group_members) {
+        my $rt_user = RT::User->new($RT::SystemUser);
+        my ($res,$msg) = $rt_user->Load( $username );
+        unless ($res) {
+            $self->_warn("Unable to load $username: $msg");
+            next;
+        }
+        $self->_debug("Removing $username from $groupname because they are not a member in LDAP");
+        ($res,$msg) = $group->DeleteMember($rt_user->PrincipalObj->Id);
+        unless ($res) {
+            $self->_warn("Failed to remove $username to $groupname: $msg");
+        }
+
+    }
 }
 
 sub _get_group_members_from_ldap {

-----------------------------------------------------------------------



More information about the Bps-public-commit mailing list