[repository] ldap-feed source. Closes #2086984 datafeed based source which copy a subtree of the ldap directory into the system database. Authentication still go through ldap though. Pros: * don't need temporary tables and such for multi-sources RQL queries execution * much more flexible to enhance / configure behaviour (you simply have to replace the parser) * run better when ldap isn't reachable Cons: * no more 'on the fly' discovery of users (though a user authenticating itself will be automatically added if it doesn't exist in the db yet) * synchronization may be heavy if there are a lot of users A new cw.server.ldaputils containing code in common between former ldapuser and new ldapfeed sources has been introduced. Also ldapuser source now uses url instead of custom host/protocol option so it looks like a datafeed source (could be improved).

     1

from base64 import b64decode, b64encode

     2

try:

     3

    uri, newdn = __args__

     4

except ValueError:

     5

    print 'USAGE: cubicweb-ctl shell <instance> ldap_change_base_dn.py -- <ldap source uri> <new dn>'

     6

    print

     7

    print 'you should not have updated your sources file yet'

     8

     9

olddn = repo.config.sources()[uri]['user-base-dn']

    10

    11

assert olddn != newdn

    12

    13

raw_input("Ensure you've stopped the instance, type enter when done.")

    14

    15

for eid, extid in sql("SELECT eid, extid FROM entities WHERE source='%s'" % uri):

    16

    olduserdn = b64decode(extid)

    17

    newuserdn = olduserdn.replace(olddn, newdn)

    18

    if newuserdn != olduserdn:

    19

        print olduserdn, '->', newuserdn

    20

        sql("UPDATE entities SET extid='%s' WHERE eid=%s" % (b64encode(newuserdn), eid))

    21

    22

commit()

    23

    24

print 'you can now update the sources file to the new dn and restart the instance'