aboutsummaryrefslogtreecommitdiff
path: root/scripts/ldap_sync.py
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/ldap_sync.py')
-rw-r--r--scripts/ldap_sync.py45
1 files changed, 30 insertions, 15 deletions
diff --git a/scripts/ldap_sync.py b/scripts/ldap_sync.py
index 32309b7..01772b1 100644
--- a/scripts/ldap_sync.py
+++ b/scripts/ldap_sync.py
@@ -21,21 +21,24 @@ import json
from ConfigParser import ConfigParser
config = ConfigParser()
-config.read('ldap_sync.conf')
+config.read('ldap_sync.conf.tmp')
-logging.config.fileConfig('ldap_sync.conf')
+logging.config.fileConfig('ldap_sync.conf.tmp')
logger = logging.getLogger()
class InvalidResponseIDError(Exception):
''' Request and response don't have the same UUID. '''
+
class RhodecodeResponseError(Exception):
''' Response has an error, something went wrong with request execution. '''
+
class UserAlreadyInGroupError(Exception):
''' User is already a member of the target group. '''
+
class UserNotInGroupError(Exception):
''' User is not a member of the target group. '''
@@ -177,6 +180,7 @@ class LdapClient():
member = member.split(",")[0]
return member.split('=')
+
class LdapSync():
def __init__(self):
@@ -189,16 +193,20 @@ class LdapSync():
def update_groups_from_ldap(self):
"""Add all the groups from LDAP to Rhodecode."""
+ logger.info("Start importing groups to Rhodecode.")
added = existing = 0
groups = self.ldap_client.get_groups()
for group in groups:
try:
self.rhodecode_api.create_group(group)
+ logger.debug("Added group: %s" % group)
added += 1
- except:
+ except Exception as e:
+ logger.warn("Skip group %s. Reason: %s" % (group, e))
existing += 1
- return added, existing
+ logger.info("End importing groups to Rhodecode. "
+ "Added: %s, Existing: %s." % (added, existing))
def update_memberships_from_ldap(self, group):
"""Update memberships in rhodecode based on the LDAP groups."""
@@ -207,36 +215,43 @@ class LdapSync():
# Delete memberships first from each group which are not part
# of the group any more.
- rhodecode_members = self.rhodecode_api.get_group_members(group)
+ logger.debug("Remove memberships for users not in LDAP group.")
+ try:
+ rhodecode_members = self.rhodecode_api.get_group_members(group)
+ except Exception as e:
+ logger.warn("Could not get members for group %s. Reason: %s" %
+ (group, e))
+
for rhodecode_member in rhodecode_members:
if rhodecode_member not in group_users:
try:
self.rhodocode_api.remove_membership(group,
rhodecode_member)
except UserNotInGroupError:
- pass
+ # This should not actually happen but log it if it does.
+ logger.debug("User not in Rhodecode group.")
+ except RhodecodeResponseError as e:
+ logger.warn("Membership for user %s could not be "
+ "removed from group %s. Reason" % (rhodecode_member,
+ group, e))
# Add memberships.
for member in group_users:
try:
self.rhodecode_api.add_membership(group, member)
except UserAlreadyInGroupError:
- # TODO: handle somehow maybe..
- pass
+ logger.debug("User already in Rhodecode group.")
+ except RhodecodeResponseError as e:
+ logger.warn("Membership for user %s could not be "
+ "added to the group %s. Reason: %s" % (member, group, e))
if __name__ == '__main__':
sync = LdapSync()
- print sync.update_groups_from_ldap()
+ sync.update_groups_from_ldap()
groups = sync.ldap_client.get_groups()
for group in groups:
- # TODO: exception when user does not exist during add membership...
- # How should we handle this.. Either sync users as well at this step,
- # or just ignore those who don't exist. If we want the second case,
- # we need to find a way to recognize the right exception (we always get
- # RhodecodeResponseError with no error code so maybe by return msg (?)
sync.update_memberships_from_ldap(group)
-