LDAP Team sync improvements
- Add a large amount of additional logging - Handle NO_SUCH_OBJECT in AD searches - Only check if *a* record exists when adding syncing, as opposed to loading the entire search set
This commit is contained in:
parent
a9337ff484
commit
dd1addee29
1 changed files with 42 additions and 16 deletions
|
@ -274,7 +274,7 @@ class LDAPUsers(FederatedUsers):
|
|||
if err is not None:
|
||||
return (False, err)
|
||||
|
||||
if not list(it):
|
||||
if not next(it, False):
|
||||
return (False, 'Group does not exist or is empty')
|
||||
|
||||
return (True, None)
|
||||
|
@ -301,24 +301,48 @@ class LDAPUsers(FederatedUsers):
|
|||
|
||||
for user_search_dn in self._user_dns:
|
||||
# Conduct the initial search for users that are a member of the group.
|
||||
if has_pagination:
|
||||
msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, serverctrls=[lc],
|
||||
attrlist=attributes)
|
||||
else:
|
||||
msgid = conn.search(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, attrlist=attributes)
|
||||
logger.debug('Conducting LDAP search of DN: %s and filter %s', user_search_dn, search_flt)
|
||||
try:
|
||||
if has_pagination:
|
||||
msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt,
|
||||
serverctrls=[lc], attrlist=attributes)
|
||||
else:
|
||||
msgid = conn.search(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, attrlist=attributes)
|
||||
except ldap.LDAPError as lde:
|
||||
logger.exception('Got error when trying to search %s with filter %s: %s',
|
||||
user_search_dn, search_flt, lde.message)
|
||||
break
|
||||
|
||||
while True:
|
||||
if has_pagination:
|
||||
_, rdata, _, serverctrls = conn.result3(msgid)
|
||||
else:
|
||||
_, rdata = conn.result(msgid)
|
||||
try:
|
||||
if has_pagination:
|
||||
_, rdata, _, serverctrls = conn.result3(msgid)
|
||||
else:
|
||||
_, rdata = conn.result(msgid)
|
||||
|
||||
# Yield any users found.
|
||||
for userdata in rdata:
|
||||
yield self._build_user_information(userdata[1])
|
||||
# Yield any users found.
|
||||
found_results = 0
|
||||
for userdata in rdata:
|
||||
found_results = found_results + 1
|
||||
yield self._build_user_information(userdata[1])
|
||||
|
||||
logger.debug('Found %s users in group %s; %s', found_results, user_search_dn,
|
||||
search_flt)
|
||||
except ldap.NO_SUCH_OBJECT as nsoe:
|
||||
logger.debug('NSO when trying to lookup results of search %s with filter %s: %s',
|
||||
user_search_dn, search_flt, nsoe.message)
|
||||
except ldap.LDAPError as lde:
|
||||
logger.exception('Error when trying to lookup results of search %s with filter %s: %s',
|
||||
user_search_dn, search_flt, lde.message)
|
||||
break
|
||||
|
||||
# If no additional results, nothing more to do.
|
||||
if not found_results:
|
||||
break
|
||||
|
||||
# If pagination is disabled, nothing more to do.
|
||||
if not has_pagination:
|
||||
logger.debug('Pagination is disabled, no further queries')
|
||||
break
|
||||
|
||||
# Filter down the controls with which the server responded, looking for the paging
|
||||
|
@ -332,11 +356,13 @@ class LDAPUsers(FederatedUsers):
|
|||
# then conduct the next search.
|
||||
cookie = lc.cookie = pctrls[0].cookie
|
||||
if cookie:
|
||||
msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt,
|
||||
serverctrls=[lc], attrlist=attributes)
|
||||
continue
|
||||
logger.debug('Pagination is supported for this LDAP server; trying next page')
|
||||
msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt,
|
||||
serverctrls=[lc], attrlist=attributes)
|
||||
continue
|
||||
else:
|
||||
# No additional results.
|
||||
logger.debug('Pagination is supported for this LDAP server but on last page')
|
||||
break
|
||||
else:
|
||||
# Pagination is not supported.
|
||||
|
|
Reference in a new issue