LDAP Team sync improvements
- Add a large amount of additional logging - Handle NO_SUCH_OBJECT in AD searches - Only check if *a* record exists when adding syncing, as opposed to loading the entire search set
This commit is contained in:
parent
a9337ff484
commit
dd1addee29
1 changed files with 42 additions and 16 deletions
|
@ -274,7 +274,7 @@ class LDAPUsers(FederatedUsers):
|
||||||
if err is not None:
|
if err is not None:
|
||||||
return (False, err)
|
return (False, err)
|
||||||
|
|
||||||
if not list(it):
|
if not next(it, False):
|
||||||
return (False, 'Group does not exist or is empty')
|
return (False, 'Group does not exist or is empty')
|
||||||
|
|
||||||
return (True, None)
|
return (True, None)
|
||||||
|
@ -301,24 +301,48 @@ class LDAPUsers(FederatedUsers):
|
||||||
|
|
||||||
for user_search_dn in self._user_dns:
|
for user_search_dn in self._user_dns:
|
||||||
# Conduct the initial search for users that are a member of the group.
|
# Conduct the initial search for users that are a member of the group.
|
||||||
if has_pagination:
|
logger.debug('Conducting LDAP search of DN: %s and filter %s', user_search_dn, search_flt)
|
||||||
msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, serverctrls=[lc],
|
try:
|
||||||
attrlist=attributes)
|
if has_pagination:
|
||||||
else:
|
msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt,
|
||||||
msgid = conn.search(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, attrlist=attributes)
|
serverctrls=[lc], attrlist=attributes)
|
||||||
|
else:
|
||||||
|
msgid = conn.search(user_search_dn, ldap.SCOPE_SUBTREE, search_flt, attrlist=attributes)
|
||||||
|
except ldap.LDAPError as lde:
|
||||||
|
logger.exception('Got error when trying to search %s with filter %s: %s',
|
||||||
|
user_search_dn, search_flt, lde.message)
|
||||||
|
break
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
if has_pagination:
|
try:
|
||||||
_, rdata, _, serverctrls = conn.result3(msgid)
|
if has_pagination:
|
||||||
else:
|
_, rdata, _, serverctrls = conn.result3(msgid)
|
||||||
_, rdata = conn.result(msgid)
|
else:
|
||||||
|
_, rdata = conn.result(msgid)
|
||||||
|
|
||||||
# Yield any users found.
|
# Yield any users found.
|
||||||
for userdata in rdata:
|
found_results = 0
|
||||||
yield self._build_user_information(userdata[1])
|
for userdata in rdata:
|
||||||
|
found_results = found_results + 1
|
||||||
|
yield self._build_user_information(userdata[1])
|
||||||
|
|
||||||
|
logger.debug('Found %s users in group %s; %s', found_results, user_search_dn,
|
||||||
|
search_flt)
|
||||||
|
except ldap.NO_SUCH_OBJECT as nsoe:
|
||||||
|
logger.debug('NSO when trying to lookup results of search %s with filter %s: %s',
|
||||||
|
user_search_dn, search_flt, nsoe.message)
|
||||||
|
except ldap.LDAPError as lde:
|
||||||
|
logger.exception('Error when trying to lookup results of search %s with filter %s: %s',
|
||||||
|
user_search_dn, search_flt, lde.message)
|
||||||
|
break
|
||||||
|
|
||||||
|
# If no additional results, nothing more to do.
|
||||||
|
if not found_results:
|
||||||
|
break
|
||||||
|
|
||||||
# If pagination is disabled, nothing more to do.
|
# If pagination is disabled, nothing more to do.
|
||||||
if not has_pagination:
|
if not has_pagination:
|
||||||
|
logger.debug('Pagination is disabled, no further queries')
|
||||||
break
|
break
|
||||||
|
|
||||||
# Filter down the controls with which the server responded, looking for the paging
|
# Filter down the controls with which the server responded, looking for the paging
|
||||||
|
@ -332,11 +356,13 @@ class LDAPUsers(FederatedUsers):
|
||||||
# then conduct the next search.
|
# then conduct the next search.
|
||||||
cookie = lc.cookie = pctrls[0].cookie
|
cookie = lc.cookie = pctrls[0].cookie
|
||||||
if cookie:
|
if cookie:
|
||||||
msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt,
|
logger.debug('Pagination is supported for this LDAP server; trying next page')
|
||||||
serverctrls=[lc], attrlist=attributes)
|
msgid = conn.search_ext(user_search_dn, ldap.SCOPE_SUBTREE, search_flt,
|
||||||
continue
|
serverctrls=[lc], attrlist=attributes)
|
||||||
|
continue
|
||||||
else:
|
else:
|
||||||
# No additional results.
|
# No additional results.
|
||||||
|
logger.debug('Pagination is supported for this LDAP server but on last page')
|
||||||
break
|
break
|
||||||
else:
|
else:
|
||||||
# Pagination is not supported.
|
# Pagination is not supported.
|
||||||
|
|
Reference in a new issue