Skip to content

Commit

Permalink
Implement configurable actions for removed users
Browse files Browse the repository at this point in the history
  • Loading branch information
@jbittel
jbittel committed May 6, 2016
1 parent 48d9154 commit 2efd308
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions ldap_sync/management/commands/syncldap.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,10 @@ def sync_ldap_users(self, ldap_users):
username_field = getattr(settings, 'LDAP_SYNC_USERNAME_FIELD', None)
if username_field is None:
username_field = getattr(model, 'USERNAME_FIELD', 'username')
removed_user_action = getattr(settings, 'LDAP_SYNC_REMOVED_USER_ACTION', 'KEEP')
if removed_user_action not in ['KEEP', 'DEACTIVATE', 'DELETE']:
raise ImproperlyConfigured('Invalid option specified for LDAP_SYNC_REMOVED_USER_ACTION')
ldap_usernames = set()

if not model._meta.get_field(username_field).unique:
raise ImproperlyConfigured("Field '%s' must be unique" % username_field)
Expand Down Expand Up @@ -94,8 +98,26 @@ def sync_ldap_users(self, ldap_users):
if current_attr and current_attr != attr:
setattr(user, name, attr)
updated = True
if updated:
logger.debug("Updated user %s" % username)
user.save()

if removed_user_action in ['DEACTIVATE', 'DELETE']:
ldap_usernames.add(username)

if removed_user_action in ['DEACTIVATE', 'DELETE']:
django_usernames = set(model.objects.values_list(username_field, flat=True))

for username in django_usernames - ldap_usernames:
user = model.objects.get(**{username_field: username})
if removed_user_action == 'DEACTIVATE':
user.is_active = False
user.save()
logger.debug("Deactivated user %s" % username)
elif removed_user_action == 'DELETE':
user.delete()
logger.debug("Deleted user %s" % username)

logger.info("Users are synchronized")

def get_ldap_groups(self):
Expand Down

0 comments on commit 2efd308

Please sign in to comment.