[Rt-commit] rt branch 4.4/ldap-import-group-disabled-field created. rt-4.4.5-34-gaa257b5ab4

BPS Git Server git at git.bestpractical.com
Mon May 2 19:48:21 UTC 2022 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".

The branch, 4.4/ldap-import-group-disabled-field has been created
        at  aa257b5ab4832c1a4060ecf4bcb3cee0d470cfdb (commit)

- Log -----------------------------------------------------------------
commit aa257b5ab4832c1a4060ecf4bcb3cee0d470cfdb
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Sat Apr 30 03:48:29 2022 +0800

    Document the "Disabled" field mapping for ldap-import

diff --git a/lib/RT/LDAPImport.pm b/lib/RT/LDAPImport.pm
index e041784352..f173917592 100644
--- a/lib/RT/LDAPImport.pm
+++ b/lib/RT/LDAPImport.pm
@@ -228,6 +228,15 @@ B<not> set a CF value on any RT object (User, Ticket, Queue, etc).  You might
 use this to populate a ticket Location CF with all the locations of your users
 so that tickets can be associated with the locations in use.
 
+You can also provide C<Disabled> key to disable or enable users accordingly
+(1 to disable, 0 to enable). By default, users are created as enabled. E.g.
+
+    Disabled => sub {
+        my %args = @_;
+        my $disabled = $args{ldap_entry}->get_value('disabled') // '';
+        return $disabled =~ /yes/i ? 1 : 0;
+    },
+
 =item C<< Set($LDAPCreatePrivileged, 1); >>
 
 By default users are created as Unprivileged, but you can change this by
@@ -301,6 +310,15 @@ up with two groups in RT.
 You can provide a C<Description> key which will be added as the group
 description in RT. The default description is 'Imported from LDAP'.
 
+You can also provide C<Disabled> key to disable or enable groups accordingly
+(1 to disable, 0 to enable). By default, groups are created as enabled. E.g.
+
+    Disabled => sub {
+        my %args = @_;
+        my $disabled = $args{ldap_entry}->get_value('disabled') // '';
+        return $disabled =~ /yes/i ? 1 : 0;
+    },
+
 =item C<< Set($LDAPImportGroupMembers, 1); >>
 
 When disabled, the default, LDAP group import expects that all LDAP members

commit deb679070e44788fc9010bbaffedb6d9b46a81bd
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Tue Mar 22 23:51:51 2022 +0800

    Test user/group Disabled field in LDAP import

diff --git a/t/ldapimport/group-import.t b/t/ldapimport/group-import.t
index b87bc97c0d..fc3f97bd92 100644
--- a/t/ldapimport/group-import.t
+++ b/t/ldapimport/group-import.t
@@ -54,6 +54,16 @@ $ldap->add(
     ],
 );
 
+my $entry = {
+    cn          => "testdisabled",
+    members     => ["uid=testuser1,ou=foo,dc=bestpractical,dc=com"],
+    objectClass => 'Group',
+    disabled    => 1,
+};
+$ldap->add( "cn=testdisabled,ou=groups,dc=bestpractical,dc=com", attr => [ %$entry ] );
+push @ldap_group_entries, $entry;
+
+
 RT->Config->Set('LDAPHost',"ldap://localhost:$ldap_port");
 RT->Config->Set('LDAPMapping',
                    {Name         => 'uid',
@@ -74,10 +84,17 @@ for my $entry (@ldap_user_entries) {
 
 RT->Config->Set('LDAPGroupBase','dc=bestpractical,dc=com');
 RT->Config->Set('LDAPGroupFilter','(objectClass=Group)');
-RT->Config->Set('LDAPGroupMapping',
-                   {Name         => 'cn',
-                    Member_Attr  => 'members',
-                   });
+RT->Config->Set(
+    'LDAPGroupMapping',
+    {
+        Name        => 'cn',
+        Member_Attr => 'members',
+        Disabled    => sub {
+            my %args = @_;
+            return $args{ldap_entry}->get_value('disabled') ? 1 : 0;
+        },
+    }
+);
 
 # confirm that we skip the import
 ok( $importer->import_groups() );
@@ -89,6 +106,15 @@ ok( $importer->import_groups() );
 
 import_group_members_ok( members => 'dn' );
 
+my $group = RT::Group->new($RT::SystemUser);
+$group->LoadUserDefinedGroup('testdisabled');
+ok( $group->Disabled, 'Group testdisabled is disabled' );
+
+$ldap->modify( "cn=testdisabled,ou=groups,dc=bestpractical,dc=com", replace => { disabled => 0 } );
+ok( $importer->import_groups( import => 1 ), "imported groups" );
+$group->LoadUserDefinedGroup('testdisabled');
+ok( !$group->Disabled, 'Group testdisabled is enabled' );
+
 RT->Config->Set('LDAPGroupMapping',
                    {Name                => 'cn',
                     Member_Attr         => 'memberUid',
diff --git a/t/ldapimport/user-import.t b/t/ldapimport/user-import.t
index 4092a1c1cb..c4f6a5934c 100644
--- a/t/ldapimport/user-import.t
+++ b/t/ldapimport/user-import.t
@@ -41,15 +41,34 @@ $ldap->add(
     ],
 );
 
+$ldap->add(
+    "uid=testdisabled,ou=foo,dc=bestpractical,dc=com",
+    attr => [
+        cn          => "Disabled user",
+        mail        => "testdisabled\@invalid.tld",
+        uid         => 'testdisabled',
+        objectclass => 'User',
+        disabled    => 1,
+    ],
+);
 
 RT->Config->Set('LDAPHost',"ldap://localhost:$ldap_port");
 RT->Config->Set('LDAPOptions', [ port => $ldap_port ]);
-RT->Config->Set('LDAPMapping',
-                   {Name         => 'uid',
-                    EmailAddress => 'mail',
-                    RealName     => 'cn'});
+RT->Config->Set(
+    'LDAPMapping',
+    {
+        Name         => 'uid',
+        EmailAddress => 'mail',
+        RealName     => 'cn',
+        Disabled     => sub {
+            my %args   = @_;
+            return $args{ldap_entry}->get_value('disabled') ? 1 : 0;
+        },
+    }
+);
 RT->Config->Set('LDAPBase','ou=foo,dc=bestpractical,dc=com');
 RT->Config->Set('LDAPFilter','(objectClass=User)');
+RT->Config->Set('LDAPUpdateUsers', 1);
 
 # check that we don't import
 ok($importer->import_users());
@@ -81,6 +100,13 @@ ok(!$user->Id);
 $user->Load( 9000 );
 ok(!$user->Id);
 
+$user->Load('testdisabled');
+ok( $user->Disabled, 'User testdisabled is disabled' );
+$ldap->modify( "uid=testdisabled,ou=foo,dc=bestpractical,dc=com", replace => { disabled => 0 } );
+ok( $importer->import_users( import => 1 ) );
+$user->Load('testdisabled');
+ok( !$user->Disabled, 'User testdisabled is enabled' );
+
 # can't unbind earlier or the server will die
 $ldap->unbind;
 

commit db80eeb350da0a8240ecb19887265c1dfc4bd2a9
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Tue Mar 22 23:45:36 2022 +0800

    Support to sync Disabled field for groups in LDAP import
    
    Like creating disabled users, now we can create disabled groups directly.

diff --git a/lib/RT/Group.pm b/lib/RT/Group.pm
index 627293653d..540d38c83d 100644
--- a/lib/RT/Group.pm
+++ b/lib/RT/Group.pm
@@ -300,6 +300,7 @@ sub _Create {
         Description => undef,
         Domain      => undef,
         Instance    => '0',
+        Disabled    => 0,
         InsideTransaction => undef,
         _RecordTransaction => 1,
         @_
@@ -317,6 +318,7 @@ sub _Create {
     my $principal    = RT::Principal->new( $self->CurrentUser );
     my $principal_id = $principal->Create(
         PrincipalType => 'Group',
+        Disabled      => $args{'Disabled'} // 0,
     );
 
     $self->SUPER::Create(
diff --git a/lib/RT/LDAPImport.pm b/lib/RT/LDAPImport.pm
index 6536485f92..e041784352 100644
--- a/lib/RT/LDAPImport.pm
+++ b/lib/RT/LDAPImport.pm
@@ -1222,7 +1222,7 @@ sub create_rt_group {
     my $group_obj = $self->find_rt_group(%args);
     return unless defined $group_obj;
 
-    $group = { map { $_ => $group->{$_} } qw(id Name Description) };
+    $group = { map { $_ => $group->{$_} } qw(id Name Description Disabled) };
 
     my $id = delete $group->{'id'};
 

-----------------------------------------------------------------------


hooks/post-receive
-- 
rt

More information about the rt-commit mailing list